HTTPS / SSL Video Surveillance Usage Statistics
HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying communications between a website and a user.
And such technology has readily been available for many years in video surveillance products with the potential to improve the security of connections between cameras and recorders.
As such, 148 integrators answered the question:
HTTPS: In the past year, what percentage of cameras did you deploy that used HTTPS / SSL for connecting cameras to recorder / VMS? Why?
Usage was very low, with the most common meaningful response was that cameras and servers were installed on isolated networks. Moreover, many integrators clearly misunderstood what HTTPS was or how it works, or does not work, with video surveillance systems.
Inside this post, we examine these themes, explain how HTTPS / SSL / TLS is applicable to video surveillance, and share dozens of integrator comments.
Key ******
*** ********* *** ****** *******:
- * *********** ******** ** ********** ********* indicated ****** ** ** *** ** HTTPS
- * ****** ** *********** *** *** understand *** ******** ** ************* ******** communications ******* *** ****** *** ******, as ******* ** ****** ****** ******
- **** *** ********** ********* ******** *** cameras **** ***** *****
- ********* ********* ***** *** *** **** common ******** ** *** *********** ********* them. ***** **** * *********** ********* it *** ***** ****** ** ******* policy.
*** ***** - ******** ******* *** Servers
*** **** ****** ****** *** *** using ***** *** ******* *** ******* being ******** **** *** ********'* ******* network *** *** ********. ***** **** is ** ********* *** ** ******** potential ************* *****, *** *********** ******* for ** ******* ****** ** *** camera ******* ** ******* ***** ***********, commands, *** ***** *******:
- "**** *** ** *** ******* ** deploy *** ** **** ********, ** HTTPS ****'* **** ********* ** *********."
- "****. ******* *** ****** ****** ********* firewall's ** ** **** **** *** https. ** ** *** ****** ** setup ** ***** ********** ****** **. "
- ****. *** ** *** ******* *** built ** ** ******** *** *** cameras ****. **** ** ******* *** secondary *** *** *** ****** *** do *** ***** *** ******* ****** through **. ** *** ********* ** control *** ****** *******."
- "**-**%. ** **** ** *** ***********, the ****** *********** *******, ** **** physically ********* *** ********."
- "****** *** *** ****** ******** *** on * ****** *******, ******** **** clients (***** ********) *** ******** **** the ******** (** *** *****)."
- "** ****'* *** ***** ** *** systems ** ****** *** ******** *******, no ****** **** *******. ** **'* necessary *** **** ** ** ******** from ******* **** ** ****** *** access ** **** ***** **** ** secure ******."
- "*% * ****** *** * ********* CCTV *******, *** *** *** ******* switches *** *********, ** *****'* ** need ** ****** *** ************* ******* the ******* *** ***'*"
- "*...*** ******* *** ****** ******** *** direct ********** *** * ******** *** card"
- "**** - *** ** *** ******* we ******* *** **** ** *** LAN ** ** ***'* ****** **** HTTPS/SSL."
- "****. *** ******** *** ********** ********** from *** ******* ********** ** **** point. **** *** ****** ** *** future."
- "*** **** ** ** ************* ****. Because ** **** ** ** ************* it **** **** *** ****** ********. We ********* ***'* ***** *** ***** because ** ** **** ********* *** all **** *** ****'* ******."
Customer ** ******* ************ ******* ***
*** **** ****** ******** ******* ** why ***** ** ** ** *** used *** ** *** ******** ** project ******** ** (** ***). **** of *** ******** ******* *** ** was **** **** *** ******** ******, PCI ********** *** ** ****** ***********:
- "**% **** ** **** *** ********* are ********* ***."
- "*. **** *** *** **** ********* by *** ******** *** ***** *******."
- "**%. ********** ******** ***********."
- "****. ** **** *** *** **** requirement ********* *** *** ********."
- "** ***'* *** ** ***** ********* don't *** *** ****. ** *** we ****'* *** *** ******** ********."
- "**-**%. ** ******** ***** **** ****** only **** ******** ** ******** ******* policy"
- "*** ******** ** *** ******** / region"
- "**** ** ******* ** **** ****. Recorders ** *** ******** ** **** on ***** ** ** **** ** pass ******** ****** *** *** **********."
- "***. ** **** ** * ********* critical ************** ***********, ** **'* ******* to **** ** **** ******** ****** the *****"
- "*** ********** **-**% ** ********** ************ when ********* ** ***** ** ***** for ********* ********."
- "** *** * ****** ****** ** connect *** *******. ***** ** *** easiest. ***** ********* **** * ****** connection * ******** ***********."
- "**** **** ********* ** ********"
- "*%. *** ********* ** ********* (****** on ***** ***** ***) *** ******** in ***** *** ********** ** **** respect ** *******"
- "***%. ****** ********. **** ********* *** the *****/*** **** **** **** *** safer **** *********."
- "**% ***** ********* **** ********* ** address....For ****** ******** ****** ***** **** to *** *****"
- "** *** ***** *********** ** ***-***** customer *********"
- "** **** ***** **** ** ***. Our ******* ******** *** **** ****** concern *** ******** ** *** ***** system ***** ** ******* * ******** network *** *** *****. *** **** link ** *** ** *** **** access ** *** ***."
Not ***** - *** ****** *** *******
*** ****** **** ****** ****** *** not ***** ***** *** *** **** and ********** ** ************ ** ** cameras.
***** *** ************ **** * ***** Certificate ********* *** **** ~$*** *** domain/customer, ***** ***** ********* **** ** required *** ****** *********** ******* ** the ********. ******* *** ******* *** utilize ****-****** ************ ** *********** ********, however, ****-****** ***** *** ** **** secure **** ************ ********* **** * Certificate *********, *** *** *********** **** complex ** ****** *** *****.
*****, **** ** ***** ********* **** noted **** *** ******* ****** ** installed ** ** ******** *******, **** no ******** ******:
- "**** - *** ****** *** **** of * ***. *** ******* ****** be ** * ******* ******* *** not ******* ** *** ***."
- "**** ****** ******* **** *** **** we *****. ** ******* *** ******* onto * ******** **** *** *** acl ***** ** ******* ****. *** cameras **** **** ** *** *** server ** **** ****** ** ********* off *** ********. *** ****** **** can ** ********* ** ******** ******** access *** ****** ****** ** **** the ******* ****** ** ****** ** all."
- "****, ******* ** *** *** ****** the ***** ** ****. *******, ** is * *** **** *** **** to **** *** ******."
- "**% **** *** ** ***** ***** that ** ****** ** ***** **** it ******** ****** **. *****'* **** sold ** *** **** ******** **** of ***** **** ***** ** ****** to *********."
- "*. ******* *********** ***** **** *** approve ************, *** ********/*************** ******* *** be *******."
- "*% ******* ** ****** *** ****** in ****. ******* ***** **** *********** that **** ***** ****."
- "****. ** *** *** **** ** issue ** *** ******** *** ****** captive ****** ********* *** ***'*. *****/*** adds ********** *** *** **** ****** that ** ***** ****** *** **** with ****** ********** *********."
********** ******* ****** *********** *******
**** *** ********* ***** ******* ****** that ******** *** *** ** *****:
- "*** ********* ** ****** **** *****/*** certificates ****** *** ****** **** *** the ************ ** *** ******** ******* policy."
- "***% - * ***'* ******* ** to *** ********. ** ** **** it ***** ** **."
- "*** ********, ***** **%. ** ***** layer ** ******** **** ******* ******, why ***?"
***** ** ***** ** *** *** add ***** ******* ** * ****** option ****** *** ****** ******. ** is ********* *** **** ****** ********** clients.
** *** *** ***** **** ** any ********** ******* **** ** ** is ******* - ******** ****, **** you ***** ** **** *** ******. GG.
**** **** *** *** *** *** NICs, **** *******/***** ******* *** **** own **** *******. ** ** *** that **** ** ****** ******* **** a ******** ***. * **** **** my ******* **** ****** *** ****** than * ****** ******* **** ****** customer ***** ********** ********* *** **** expired *** ****** **** ***** ******* onto * *** **** *** ****** crying ***** ***** ***** *** *********, you ******* ** *** ******.
*** **** *** ** ** ************* implementation **** ******** *** ****** ************ as * *******. ******** *********** **** to **** ** ** **** ** the ** *** ***** ****** **** sit ****** **** * **** **** and **** ***** **.
**** ****** ** **** **** **** some ***** ******* ***** *****!
* ***% ***** **** ***/*** ** the *** ** ** *** ******** ****, ******* ** ****** **** be ***** **** **** *** ***'* support ******* ********* ** **** ***.
** ********, ** **** ******** *** server ****, ******** ********** *** ****** of ******* *** ******.
**** ******* ** *** ******* *** video ******, ****** ********** **** *** API & *** **** ****. *****, having **** ********* ** ** **********. Check **** **** ****** *********** *** VMS ** **** *** *** *** combination ** *********.
****, **** **** ** **** *** the *********** ** * ****** **** HTTPS *******. **** **** **** ** performs ** ** ******** **** - webpages ***'* **** ****, ***** ***** rate *****'* ****, *** ***** ********, such ** *** ****'* *******. * have **** ******* **** **** ***** as * **** ** *** * job, *** ** ****'* ******** ** ******** be ****. *** *** **** ****** down ** ****** **** *** **** enabled.
*******, *** *** ****** *** ***** encryption, ** ** ******* ********* **** usernames *** ********* *** ****** **** using ****** ************** (* ***** **** of **********, **** **** ***** ***), and *** ***** ****. **** ******* default ** ***** ****, ***** ****** someone ** ***** *** ******* *** easily *** *** ********. * **** seen **** ******* **** **** * selection ** *****, ******, ** ****. The **** ****** ** **** ** weak ** *****. ** ******** ******** to *** ************** ******* **** **** only ******* ***** **************, *** **** it ****** **** ** ******* ****** authentication.