PSI June2017
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
PANEL<br />
“The reality is that any<br />
IT network is only as<br />
secure as the least<br />
secure single device<br />
that is connected to it”<br />
(from previous page)<br />
antivirus software, opens an infected<br />
attachment to an email. In April, Microsoft<br />
issued a security update that eliminates the<br />
vulnerability.<br />
Many security devices are vulnerable to this<br />
ransomware, and to other similar attacks, if the<br />
operating system in the device is a version of<br />
Windows. It is very common for NVRs and DVRs<br />
to use a Windows operating system. Neither the<br />
installer nor the IT administrator for the network<br />
can update these operating systems without the<br />
provision of an update to the device by the<br />
manufacturer. Most security product<br />
manufacturers are now issuing such updates,<br />
but typically do this infrequently on their own<br />
schedule and not triggered by Microsoft’s<br />
releasing of an update.<br />
Thus, most installers could not have<br />
prevented the attack affecting NVRs and DVRs<br />
on a client’s network except by working with the<br />
IT administrator to pre-empt the initial<br />
triggering of such an attack. The IT admin<br />
should be urged to:<br />
• Ensure that any other Windows machine on<br />
the same LAN as the security devices is always<br />
fully updated and patched. Also, insure that<br />
effective antivirus software is installed on all<br />
such machines.<br />
• Teach any users of Windows machines on<br />
the same LAN to exercise caution with<br />
attachments to email.<br />
• Close all unused ports through the<br />
configuration of all routers on the network and<br />
through configuration of the firewalls on the<br />
PCs. Even if an initial triggering of Wannacry<br />
occurs, it cannot propagate if port 445 is closed.<br />
Mike Reddington - Videcon<br />
As technology continues to develop and the use<br />
of the WEB and IT networks expands across<br />
many different product platforms it is inevitable<br />
that the security of these product platforms<br />
grow in importance.<br />
The reality is that any IT network is only as<br />
secure as the least secure single device that is<br />
connected to it. With the increase of usage of IP<br />
products (NVRs and cameras) that are<br />
connected on to these type of networks then<br />
they are exposed to potential cyber-attacks and<br />
used as a gateway on to a company's IT<br />
network.<br />
This has been a growing risk that we at<br />
Videcon recognised many months ago and we<br />
took the decision to further invest in our product<br />
development to increase the cyber security of<br />
our products. As a result of this investment we<br />
have introduced Sequrinet with Enhanced<br />
Password Control (EPC) across all our IP and<br />
AHD NVRs and DVRs.<br />
Sequrinet with EPC prohibits the use of<br />
simplistic, easily infiltrated passwords and only<br />
allows the use of passwords that feature a<br />
combination of numbers, lower case letters,<br />
upper case letters and symbols that are over five<br />
characters long. Enhanced Password Control<br />
(EPC) will also remove the use of drop down<br />
user name profiles. Upon selection, EPC will<br />
remove any backdoor user capability and will<br />
disable P2P and DDNS options by default. The<br />
result of this is a significant increase in the<br />
cyber security of the CCTV system connected to<br />
a network. This significantly mitigates the risk of<br />
a company's IT network being hacked via the<br />
CCTV system. This makes Videcon's products<br />
one of the most secure network products<br />
available in the market today and is ideal for<br />
organisations requiring a stringent level of<br />
password protection in sectors such as<br />
Government, Banks and NHS.<br />
So our advice to installers is to seriously<br />
consider the cyber security risk for your<br />
customer and only select a CCTV network<br />
product platform that provides protection<br />
against this potential risk like the Videcon<br />
'Concept Pro' range of products.<br />
72<br />
www.psimagazine.co.uk