In our last post, we got you thinking about the Security-of-Security. Specifically, we raised questions about the kind of information contained in your IP physical security system, how that data is protected, and what that information allows people to do. You may have started looking at what could happen if the data in your system ended up in the wrong hands, and maybe you're now wondering how it might get there and what you can do to prevent that from happening. This week, we're going to look at some of the ways that hackers can access unprotected or inadequately protected security systems.
With greater connectivity over the Internet and multi-organizational access to security systems stemming from increased public-private cooperation, IP physical security systems can be just as vulnerable to attacks as other business systems.
As with any software solution that resides on a network, IP security systems and edge devices alike are susceptible to a variety of attacks. Hacking an IP security system can take any number of forms. Some are quite basic; for example, in a brute-force attack, a hacker simply "guesses" at passwords. Given that most users choose easy to remember passwords, many of them can be deduced or cracked by a simple algorithm. But choosing more complex passwords isn't always the best solution as they can be easily forgotten. The result can lead to the ideal conditions for a successful brute-force attack.
In addition, even while you mitigate such attacks by implementing safeguards against what is essentially basic human nature, there are other types of cyber attacks against security systems that focus on communications and stored data.
With a packet-sniffer, a hacker can capture data packets that can be used to obtain passwords or other sensitive data, like video content, in-transit over a network. A man-in-the-middle attack can happen when a user gets between a sender and a receiver and sniffs information. Often times, the hacker "listens" until the client sends a user name and password to the server, which gives the hacker the credentials necessary to access the system.
In addition, after reading and potentially altering the data, the man-in-the-middle attacker can then send it along without the receiver having any knowledge that the exchange is not secure. Since neither the sender nor the receiver is aware that this has occurred, they have no way of knowing that their data has been tampered with or corrupted.
So what can you do?
Up next, we're going to look at encryption, a key component in keeping your data and your whole system private and secure.