I've got a client site where I'm that rude person in IT Security who runs the network scans that knock over the old cameras. Fortunately, I'm also empowered to go to the CFO and fight for funding for Physical Security to do their job. They want to re-deploy an old Axis 216 camera. I've had to write the "dude, please stop using that antique" memo already. Suggestions on how to recommend alternate cameras? Yeah, they find Axis' prices a bit steep so alternate vendor recommendations are most definitely in order. If we had a big bucket of money I'd just suggest getting whatever Q-series replaced it (Q1604?) (I'm assuming "alternate camera vendor" is an apropos question here, appologies if I failed to notice this has already been covered with IPVM material I shoulda just studied.)
Alternates To Old Cameras?
I'm fairly sure the Axis 216 was replaced by the P33 series.
Either way, what specific requirements does a camera need to meet your network security requirements? (ie: so it cannot be 'knocked over' by your network scan?)
The P3301 is only about $500 or so. Cheaper than that?
Thank you for the input.
The camera has to have a tcp/ip protocol stack that works. In the IT world this got worked out last century. You have to actually bother to engineer the network stack. Amazingly that message only barely has made it to the physical security world. The concept this is consider something special is the really really bad. It implies issues in the engineering of the device, or issues in the manufacturer's priorities.
"The camera has to have a tcp/ip protocol stack that works. In the IT world this got worked out last century. You have to actually bother to engineer the network stack."
So are there brands that you would discount outright for offending this?
Or would you evaluate each potential model individually?
I suspect some brands are better and more organized at this level of design than others. I'd guess many premium brands like Sony, Bosch, Avigilon have 'a protocol stack that works', but I also know this is what you do every day, so your insights are appreciated.
Its your lucky day, because the network stack is most oft part of the firmware and
the last issued firmware for the 216 was 4.47.5 on 7/05/12, 21st Century, AD that is.
Though time's a wastin', online support runs out in about a week!
What is specific to your scan that "knocks over" the camera?
Is something about the camera going offline due to the scan considered a security risk?
I hope this pastes easily. This is a doc my InfoSec team and I use the review devices. I1, I2, I3 (I now work with my InfoSec team and ask them to scan the device to see how it performs... review test results and review how it withstood the scan... does it still work like it is supposed to?) I9 & I10 are important.
Category |
IoT Security Consideration |
I1: Insecure Web Interface |
|
I2: Insufficient Authentication/Authorization |
|
I3: Insecure Network Services |
|
I4: Lack of Transport Encryption |
|
I5: Privacy Concerns |
|
I6: Insecure Cloud Interface |
|
I7: Insecure Mobile Interface |
|
I8: Insufficient Security Configurability |
|
I9: Insecure Software/Firmware |
|
I10: Poor Physical Security |
|
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.