HTTPS / SSL Video Surveillance Usage Statistics

By: IPVM Team, Published on Apr 01, 2019

HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying communications between a website and a user.

And such technology has readily been available for many years in video surveillance products with the potential to improve the security of connections between cameras and recorders.

As such, 148 integrators answered the question:

HTTPS: In the past year, what percentage of cameras did you deploy that used HTTPS / SSL for connecting cameras to recorder / VMS? Why?

Usage was very low, with the most common meaningful response was that cameras and servers were installed on isolated networks. Moreover, many integrators clearly misunderstood what HTTPS was or how it works, or does not work, with video surveillance systems.

Inside this post, we examine these themes, explain how HTTPS / SSL / TLS is applicable to video surveillance, and share dozens of integrator comments.

***** / *** / TLS ***** *** ****** *********** for ******** ** ******* security ***, ** **********, to **** ******** ********* reading ** ********* ************** between * ******* *** a ****.

*** **** ********** *** readily **** ********* *** many ***** ** ***** surveillance ******** **** *** potential ** ******* *** security ** *********** ******* cameras *** *********.

** ****, *** *********** answered *** ********:

*****: ** *** **** year, **** ********** ** cameras *** *** ****** that **** ***** / SSL *** ********** ******* to ******** / ***? Why?

***** *** **** ***, with *** **** ****** meaningful ******** *** **** cameras *** ******* **** installed ** ******** ********. Moreover, **** *********** ******* misunderstood **** ***** *** or *** ** *****, or **** *** ****, with ***** ************ *******.

****** **** ****, ** examine ***** ******, ******* how ***** / *** / *** ** ********** to ***** ************, *** share ****** ** ********** comments.

[***************]

Key ******

*** ********* *** ****** emerged:

  • * *********** ******** ** Integrator ********* ********* ****** to ** *** ** HTTPS
  • * ****** ** *********** did *** ********** *** question ** ************* ******** communications ******* *** ****** and ******, ** ******* to ****** ****** ******
  • **** *** ********** ********* reported *** ******* **** using *****
  • ********* ********* ***** *** the **** ****** ******** to *** *********** ********* them. ***** **** * integrators ********* ** *** their ****** ** ******* policy.

*** ***** - ******** Cameras *** *******

*** **** ****** ****** for *** ***** ***** was ******* *** ******* being ******** **** *** customer's ******* ******* *** the ********. ***** **** is ** ********* *** to ******** ********* ************* risks, *** *********** ******* for ** ******* ****** on *** ****** ******* to ******* ***** ***********, commands, *** ***** *******:

  • "**** *** ** *** systems ** ****** *** on **** ********, ** HTTPS ****'* **** ********* as *********."
  • "****. ******* *** ****** behind ********* ********'* ** no **** **** *** https. ** ** *** easier ** ***** ** would ********** ****** **. "
  • ****. *** ** *** systems *** ***** ** an ******** *** *** cameras ****. **** ** through *** ********* *** for *** ****** *** do *** ***** *** outside ****** ******* **. We *** ********* ** control *** ****** *******."
  • "**-**%. ** **** ** our ***********, *** ****** aggregation *******, ** **** physically ********* *** ********."
  • "****** *** *** ****** networks *** ** * secure *******, ******** **** clients (***** ********) *** isolated **** *** ******** (in *** *****)."
  • "** ****'* *** ***** as *** ******* ** deploy *** ******** *******, no ****** **** *******. If **'* ********* *** them ** ** ******** from ******* **** ** deploy *** ****** ** some ***** **** ** secure ******."
  • "*% * ****** *** a ********* **** *******, and *** *** ******* switches *** *********, ** there's ** **** ** secure *** ************* ******* the ******* *** ***'*"
  • "*...*** ******* *** ****** networks *** ****** ********** via * ******** *** card"
  • "**** - *** ** the ******* ** ******* are **** ** *** LAN ** ** ***'* bother **** *****/***."
  • "****. *** ******** *** completely ********** **** *** outside ********** ** **** point. **** *** ****** in *** ******."
  • "*** **** ** ** automatically ****. ******* ** they ** ** ************* it **** **** *** better ********. ** ********* don't ***** *** ***** because ** ** **** consuming *** *** **** are ****'* ******."

Customer ** ******* ************ ******* ***

*** **** ****** ******** related ** *** ***** is ** ** *** used *** ** *** customer ** ******* ******** it (** ***). **** of *** ******** ******* why ** *** **** were *** ******** ******, PCI ********** *** ** policy ***********:

  • "**% **** ** **** our ********* *** ********* now."
  • "*. **** *** *** been ********* ** *** customer *** ***** *******."
  • "**%. ********** ******** ***********."
  • "****. ** **** *** had **** *********** ********* for *** ********."
  • "** ***'* *** ** since ********* ***'* *** for ****. ** *** we ****'* *** *** security ********."
  • "**-**%. ** ******** ***** this ****** **** **** required ** ******** ******* policy"
  • "*** ******** ** *** industry / ******"
  • "**** ** ******* ** this ****. ********* ** are ******** ** **** on ***** ** ** able ** **** ******** audits *** *** **********."
  • "***. ** **** ** a ********* ******** ************** environment, ** **'* ******* to **** ** **** security ****** *** *****"
  • "*** ********** **-**% ** commercial ************ **** ********* by ***** ** ***** for ********* ********."
  • "** *** * ****** method ** ******* *** cameras. ***** ** *** easiest. ***** ********* **** a ****** ********** * standard ***********."
  • "**** **** ********* ** customer"
  • "*%. *** ********* ** customers (****** ** ***** local ***) *** ******** in ***** *** ********** is **** ******* ** benefit"
  • "***%. ****** ********. **** customers *** *** *****/*** they **** **** *** safer **** *********."
  • "**% ***** ********* **** dedicated ** *******....*** ****** security ****** ***** **** to *** *****"
  • "** *** ***** *********** it ***-***** ******** *********"
  • "** **** ***** **** it ***. *** ******* customer *** **** ****** concern *** ******** ** the ***** ****** ***** we ******* * ******** network *** *** *****. The **** **** ** see ** *** **** access ** *** ***."

Not ***** - *** ****** *** *******

*** ****** **** ****** reason *** *** ***** HTTPS *** *** **** and ********** ** ************ it ** *******.

***** *** ************ **** a ***** *********** ********* can **** ~$*** *** domain/customer, ***** ***** ********* only ** ******** *** client *********** ******* ** the ********. ******* *** Servers *** ******* ****-****** certificates ** *********** ********, however, ****-****** ***** *** be **** ****** **** certificates ********* **** * Certificate *********, *** *** potentially **** ******* ** create *** *****.

*****, **** ** ***** responses **** ***** **** the ******* ****** ** installed ** ** ******** network, **** ** ******** access:

  • "**** - *** ****** and **** ** * SSL. *** ******* ****** be ** * ******* network *** *** ******* to *** ***."
  • "**** ****** ******* **** ssl **** ** *****. We ******* *** ******* onto * ******** **** and *** *** ***** to ******* ****. *** cameras **** **** ** see *** ****** ** they ****** ** ********* off *** ********. *** server **** *** ** protected ** ******** ******** access *** ****** ****** to **** *** ******* needed ** ****** ** all."
  • "****, ******* ** *** way ****** *** ***** on ****. *******, ** is * *** **** for **** ** **** the ******."
  • "**% **** *** ** those ***** **** ** slower ** ***** **** it ******** ****** **. Haven't **** **** ** the **** ******** **** of ***** **** ***** is ****** ** *********."
  • "*. ******* *********** ***** does *** ******* ************, and ********/*************** ******* *** be *******."
  • "*% ******* ** ****** all ****** ** ****. Because ***** **** *********** that **** ***** ****."
  • "****. ** *** *** been ** ***** ** our ******** *** ****** captive ****** ********* *** VPN's. *****/*** **** ********** and *** **** ****** that ** ***** ****** not **** **** ****** absolutely *********."

********** ******* ****** *********** Limited

**** *** ********* ***** company ****** **** ******** the *** ** *****:

  • "*** ********* ** ****** have *****/*** ************ ****** and ****** **** *** the ************ ** *** security ******* ******."
  • "***% - * ***'* mention ** ** *** customer. ** ** **** it ***** ** **."
  • "*** ********, ***** **%. An ***** ***** ** security **** ******* ******, why ***?"

Comments (3)

* ***% ***** **** SSL/TLS ** *** *** to ** *** ******** ****, ******* ** should **** ** ***** that **** *** ***'* support ******* ********* ** this ***.  

** ********, ** **** increase *** ****** ****, possibly ********** *** ****** of ******* *** ******.

**** ******* ** *** encrypt *** ***** ******, rather ********** **** *** API & *** **** data.  *****, ****** **** encrypted ** ** **********.  Check **** **** ****** manufacture *** *** ** find *** *** *** combination ** *********.  

****, **** **** ** test *** *** *********** of * ****** **** HTTPS *******.  **** **** that ** ******** ** it ******** **** - webpages ***'* **** ****, video ***** **** *****'* drop, *** ***** ********, such ** *** ****'* limited.  * **** **** cameras **** **** ***** as * **** ** win * ***, *** it ****'* ******** ** ******** be ****.  *** *** page ****** **** ** slower **** *** **** enabled.

*******, *** *** ****** NOT ***** **********, ** is ******* ********* **** usernames *** ********* *** always **** ***** ****** authentication (* ***** **** of **********, **** **** HTTPS ***), *** *** clear ****.  **** ******* default ** ***** ****, which ****** ******* ** sniff *** ******* *** easily *** *** ********.   I **** **** **** cameras **** **** * selection ** *****, ******, or ****.  *** **** option ** **** ** weak ** *****.  ** attacker ******** ** *** authentication ******* **** **** only ******* ***** **************, and **** ** ****** them ** ******* ****** authentication.

***** ** ***** ** you *** *** ***** support ** * ****** option ****** *** ****** finder. ** ** ********* for **** ****** ********** clients. 

** *** *** ***** HTTP ** *** ********** network **** ** ** is ******* - ******** well, **** *** ***** as **** *** ******. GG.

**** **** *** *** has *** ****, **** network/their ******* *** **** own **** *******. ** is *** **** **** to ****** ******* **** a ******** ***. * have **** ** ******* more ****** *** ****** than * ****** ******* over ****** ******** ***** everything ********* *** **** expired *** ****** **** techs ******* **** * low **** *** ****** crying ***** ***** ***** and *********, *** ******* to *** ******.

*** **** *** ** by ************* ************** **** managing *** ****** ************ as * *******. ******** Integrators **** ** **** up ** **** ** the ** *** ***** rather **** *** ****** with * **** **** and **** ***** **.

**** ****** ** **** will **** **** ***** reverse ***** *****!

Read this IPVM report for free.

This article is part of IPVM's 6,426 reports, 865 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Video Analytics 101 on Mar 16, 2020
This guide teaches the fundamentals of video surveillance...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
Camio Presents Coronavirus Social Distancing Analytics on Apr 20, 2020
Camio presented its social distancing analytics for responding to coronavirus...
Video Surveillance History on May 06, 2020
The video surveillance market has changed significantly since 2000, going...
Surveillance Storage 101 on Mar 23, 2020
This guide teaches the fundamentals of video surveillance...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
VSaaS 101 on Mar 25, 2020
Video Surveillance as a Service (VSaaS) is the common industry term for cloud...
Avigilon ACC Cloud Tested on Jul 08, 2020
Avigilon merged Blue and ACC, adding VSaaS features to its on-premise VMS,...
New Axis M30 Cameras Tested on Mar 26, 2020
Axis has released a new generation of, for them, relatively low cost M30...
ZKTeco Presents SpeedFace Recognition + Body Temperature Detection on Apr 21, 2020
ZKTeco presented its SF1008+ reader with body temperature and face mask...
Startup Solink $17 Million USD Fund Raise Expands To Mass Market on Jun 24, 2020
Solink has raised ~$17 million USD, a sizeable round for the company that...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
NetApp Video Surveillance Profile on Mar 09, 2020
NetApp is increasing its efforts in video surveillance and told IPVM...
30 Million Criminal Face Database Tested (Captis Intelligence) on Apr 27, 2020
30 million criminal mugshots are now available for facial recognition...

Recent Reports

False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
Ink Labs Relabels China YCX Fever Camera And Steals Dahua's Marketing on Jul 30, 2020
A US company marketed a 'thermal temperature scanner' as its own, selling...
Genetec and Dahua-Backed Intelbras Split Examined on Jul 29, 2020
China is the cause of the breakup between Canada's and Brazil's largest video...
This YouTuber is Now Selling ThermoHealth Temperature Screening on Jul 29, 2020
An enterprising 20-year old is mass marketing medical devices on Facebook and...
Hikvision Returns To Growth Driven By Overseas Fever Cameras on Jul 29, 2020
While Hikvision's revenue fell in Q1 2020, it rebounded in Q2 attributed to...
Brazil's Biggest Domestic Surveillance Company Intelbras Profile on Jul 29, 2020
While Intelbras is not widely known outside of Latin America, Intelbras is a...
The Kiosk Market Pivots To Temperature Screening (Interviewed) on Jul 28, 2020
Video surveillance is not the only market that has pivoted to medical device...
Integrator Acquisitions 'A Good Market' During COVID-19, Says Greybeards on Jul 28, 2020
Industry broker Ron Davis of the "Greybeards" says that the integrator and...
Keypads For Access Control Tutorial on Jul 28, 2020
Keypad readers present huge risks to even the best access systems. If...
US Surgeon General Unwittingly Showcases Sanctioned Dahua Temperature System on Jul 28, 2020
The US' top public health spokesperson, the Surgeon General, posted a photo...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...