Security Bytes - MAY 2016 - Personal Surveillance
This month I wish to talk more about the Internet Of Things (IOT) as it pertains to video surveillance. In my previous articles I talked about segregating and securing your personal networks from the devices that tend to have connections outside vendors. In the past year there have been an explosion of new devices that can be placed in your home to automate just about anything. Many home security vendors are empowering users with remote cameras that can enable one to see who is at the door or help to monitor the home while you are away.
All of these devices are great tools however we need to understand how these devices impact one’s network from both a bandwidth and security perspective. Some of the more interesting products are video surveillance that can assist in knowing what is going on at your house while you are way and some of the products are more secure than others and therefore need to be treated differently. Some vendors like Ring and Dropcam (Nest Cam) all offer a form of could recording and notification when activity is present, which is a wonderful thing to many people. We need to understand that these cameras DO communicate back to their respective vendors for software updates and to the cloud recording site when they send messages and video to your mobile devices.
Essentially they DO have a 2-way communication for these services which in some cases should be treated the same way we treat any Internet communications to a potentially untrusted website. I would recommend placing these devices on their OWN segregated network away from any other home computers that are considered valuable. I am NOT saying that all these devices are insecure but rather that one should take care to ALWAYS place ANY device that you cannot quantify all communications from on a non-essential network. There are other ways to use more elaborate IP based video surveillance cameras on your TRUSTED home network more like a CCTV network, but in that case, YOU are in charge of all software updates and access to the cameras.
I also wish to differentiate low end cameras from more expensive, feature rich high end devices. Many of the devices that are in the $100 - $250-dollar range are cameras that record to online cloud based services and are passable for basic home recording purposes. They are VERY good at recording at HD quality in normal lighting conditions and in many cases offer recording sounds as well. They tend to need Infrared illumination to record in low light conditions and are limited to the nearest 30 – 50 feet when doing so. There are other higher end cameras that are usually start around $350 - $2000 per camera that are business class or high consumer grade that can give one SUPERB image quality BOTH day and night and in many cases DO NOT need IR illumination to record at night. Some high end vendors I have used are Axis Networks and Mobotix. These cameras are better suited to large estates or business locations and have the ability to record very high resolutions and even in the Infrared spectrum in some cases.
High quality video surveillance was once only affordable by big business and Govt. but today prices have come down and options are available for ANY budget. I will be expanding on this topic in future articles to come.
-Paul Mavrovic, CISSP