HTTPS / SSL Video Surveillance Usage Statistics

By IPVM Team, Published on Apr 01, 2019

HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying communications between a website and a user.

And such technology has readily been available for many years in video surveillance products with the potential to improve the security of connections between cameras and recorders.

As such, 148 integrators answered the question:

HTTPS: In the past year, what percentage of cameras did you deploy that used HTTPS / SSL for connecting cameras to recorder / VMS? Why?

Usage was very low, with the most common meaningful response was that cameras and servers were installed on isolated networks. Moreover, many integrators clearly misunderstood what HTTPS was or how it works, or does not work, with video surveillance systems.

Inside this post, we examine these themes, explain how HTTPS / SSL / TLS is applicable to video surveillance, and share dozens of integrator comments.

Key ******

*** ********* *** ****** emerged:

  • * *********** ******** ** Integrator ********* ********* ****** to ** *** ** HTTPS
  • * ****** ** *********** did *** ********** *** question ** ************* ******** communications ******* *** ****** and ******, ** ******* to ****** ****** ******
  • **** *** ********** ********* reported *** ******* **** using *****
  • ********* ********* ***** *** the **** ****** ******** to *** *********** ********* them. ***** **** * integrators ********* ** *** their ****** ** ******* policy.

*** ***** - ******** Cameras *** *******

*** **** ****** ****** for *** ***** ***** was ******* *** ******* being ******** **** *** customer's ******* ******* *** the ********. ***** **** is ** ********* *** to ******** ********* ************* risks, *** *********** ******* for ** ******* ****** on *** ****** ******* to ******* ***** ***********, commands, *** ***** *******:

  • "**** *** ** *** systems ** ****** *** on **** ********, ** HTTPS ****'* **** ********* as *********."
  • "****. ******* *** ****** behind ********* ********'* ** no **** **** *** https. ** ** *** easier ** ***** ** would ********** ****** **. "
  • ****. *** ** *** systems *** ***** ** an ******** *** *** cameras ****. **** ** through *** ********* *** for *** ****** *** do *** ***** *** outside ****** ******* **. We *** ********* ** control *** ****** *******."
  • "**-**%. ** **** ** our ***********, *** ****** aggregation *******, ** **** physically ********* *** ********."
  • "****** *** *** ****** networks *** ** * secure *******, ******** **** clients (***** ********) *** isolated **** *** ******** (in *** *****)."
  • "** ****'* *** ***** as *** ******* ** deploy *** ******** *******, no ****** **** *******. If **'* ********* *** them ** ** ******** from ******* **** ** deploy *** ****** ** some ***** **** ** secure ******."
  • "*% * ****** *** a ********* **** *******, and *** *** ******* switches *** *********, ** there's ** **** ** secure *** ************* ******* the ******* *** ***'*"
  • "*...*** ******* *** ****** networks *** ****** ********** via * ******** *** card"
  • "**** - *** ** the ******* ** ******* are **** ** *** LAN ** ** ***'* bother **** *****/***."
  • "****. *** ******** *** completely ********** **** *** outside ********** ** **** point. **** *** ****** in *** ******."
  • "*** **** ** ** automatically ****. ******* ** they ** ** ************* it **** **** *** better ********. ** ********* don't ***** *** ***** because ** ** **** consuming *** *** **** are ****'* ******."

Customer ** ******* ************ ******* ***

*** **** ****** ******** related ** *** ***** is ** ** *** used *** ** *** customer ** ******* ******** it (** ***). **** of *** ******** ******* why ** *** **** were *** ******** ******, PCI ********** *** ** policy ***********:

  • "**% **** ** **** our ********* *** ********* now."
  • "*. **** *** *** been ********* ** *** customer *** ***** *******."
  • "**%. ********** ******** ***********."
  • "****. ** **** *** had **** *********** ********* for *** ********."
  • "** ***'* *** ** since ********* ***'* *** for ****. ** *** we ****'* *** *** security ********."
  • "**-**%. ** ******** ***** this ****** **** **** required ** ******** ******* policy"
  • "*** ******** ** *** industry / ******"
  • "**** ** ******* ** this ****. ********* ** are ******** ** **** on ***** ** ** able ** **** ******** audits *** *** **********."
  • "***. ** **** ** a ********* ******** ************** environment, ** **'* ******* to **** ** **** security ****** *** *****"
  • "*** ********** **-**% ** commercial ************ **** ********* by ***** ** ***** for ********* ********."
  • "** *** * ****** method ** ******* *** cameras. ***** ** *** easiest. ***** ********* **** a ****** ********** * standard ***********."
  • "**** **** ********* ** customer"
  • "*%. *** ********* ** customers (****** ** ***** local ***) *** ******** in ***** *** ********** is **** ******* ** benefit"
  • "***%. ****** ********. **** customers *** *** *****/*** they **** **** *** safer **** *********."
  • "**% ***** ********* **** dedicated ** *******....*** ****** security ****** ***** **** to *** *****"
  • "** *** ***** *********** it ***-***** ******** *********"
  • "** **** ***** **** it ***. *** ******* customer *** **** ****** concern *** ******** ** the ***** ****** ***** we ******* * ******** network *** *** *****. The **** **** ** see ** *** **** access ** *** ***."

Not ***** - *** ****** *** *******

*** ****** **** ****** reason *** *** ***** HTTPS *** *** **** and ********** ** ************ it ** *******.

***** *** ************ **** a ***** *********** ********* can **** ~$*** *** domain/customer, ***** ***** ********* only ** ******** *** client *********** ******* ** the ********. ******* *** Servers *** ******* ****-****** certificates ** *********** ********, however, ****-****** ***** *** be **** ****** **** certificates ********* **** * Certificate *********, *** *** potentially **** ******* ** create *** *****.

*****, **** ** ***** responses **** ***** **** the ******* ****** ** installed ** ** ******** network, **** ** ******** access:

  • "**** - *** ****** and **** ** * SSL. *** ******* ****** be ** * ******* network *** *** ******* to *** ***."
  • "**** ****** ******* **** ssl **** ** *****. We ******* *** ******* onto * ******** **** and *** *** ***** to ******* ****. *** cameras **** **** ** see *** ****** ** they ****** ** ********* off *** ********. *** server **** *** ** protected ** ******** ******** access *** ****** ****** to **** *** ******* needed ** ****** ** all."
  • "****, ******* ** *** way ****** *** ***** on ****. *******, ** is * *** **** for **** ** **** the ******."
  • "**% **** *** ** those ***** **** ** slower ** ***** **** it ******** ****** **. Haven't **** **** ** the **** ******** **** of ***** **** ***** is ****** ** *********."
  • "*. ******* *********** ***** does *** ******* ************, and ********/*************** ******* *** be *******."
  • "*% ******* ** ****** all ****** ** ****. Because ***** **** *********** that **** ***** ****."
  • "****. ** *** *** been ** ***** ** our ******** *** ****** captive ****** ********* *** VPN's. *****/*** **** ********** and *** **** ****** that ** ***** ****** not **** **** ****** absolutely *********."

********** ******* ****** *********** Limited

**** *** ********* ***** company ****** **** ******** the *** ** *****:

  • "*** ********* ** ****** have *****/*** ************ ****** and ****** **** *** the ************ ** *** security ******* ******."
  • "***% - * ***'* mention ** ** *** customer. ** ** **** it ***** ** **."
  • "*** ********, ***** **%. An ***** ***** ** security **** ******* ******, why ***?"

Comments (3)

* ***% ***** **** SSL/TLS ** *** *** to ** *** ******** ****, ******* ** should **** ** ***** that **** *** ***'* support ******* ********* ** this ***.  

** ********, ** **** increase *** ****** ****, possibly ********** *** ****** of ******* *** ******.

**** ******* ** *** encrypt *** ***** ******, rather ********** **** *** API & *** **** data.  *****, ****** **** encrypted ** ** **********.  Check **** **** ****** manufacture *** *** ** find *** *** *** combination ** *********.  

****, **** **** ** test *** *** *********** of * ****** **** HTTPS *******.  **** **** that ** ******** ** it ******** **** - webpages ***'* **** ****, video ***** **** *****'* drop, *** ***** ********, such ** *** ****'* limited.  * **** **** cameras **** **** ***** as * **** ** win * ***, *** it ****'* ******** ** ******** be ****.  *** *** page ****** **** ** slower **** *** **** enabled.

*******, *** *** ****** NOT ***** **********, ** is ******* ********* **** usernames *** ********* *** always **** ***** ****** authentication (* ***** **** of **********, **** **** HTTPS ***), *** *** clear ****.  **** ******* default ** ***** ****, which ****** ******* ** sniff *** ******* *** easily *** *** ********.   I **** **** **** cameras **** **** * selection ** *****, ******, or ****.  *** **** option ** **** ** weak ** *****.  ** attacker ******** ** *** authentication ******* **** **** only ******* ***** **************, and **** ** ****** them ** ******* ****** authentication.

***** ** ***** ** you *** *** ***** support ** * ****** option ****** *** ****** finder. ** ** ********* for **** ****** ********** clients. 

** *** *** ***** HTTP ** *** ********** network **** ** ** is ******* - ******** well, **** *** ***** as **** *** ******. GG.

**** **** *** *** has *** ****, **** network/their ******* *** **** own **** *******. ** is *** **** **** to ****** ******* **** a ******** ***. * have **** ** ******* more ****** *** ****** than * ****** ******* over ****** ******** ***** everything ********* *** **** expired *** ****** **** techs ******* **** * low **** *** ****** crying ***** ***** ***** and *********, *** ******* to *** ******.

*** **** *** ** by ************* ************** **** managing *** ****** ************ as * *******. ******** Integrators **** ** **** up ** **** ** the ** *** ***** rather **** *** ****** with * **** **** and **** ***** **.

**** ****** ** **** will **** **** ***** reverse ***** *****!

Read this IPVM report for free.

This article is part of IPVM's 6,592 reports, 889 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
Access Control and Video Integration Statistics 2020 on Oct 08, 2020
Video Surveillance and Access Control are two of the most common security...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
Dedicated Vs Converged IP Video Networks Statistics 2020 on Sep 10, 2020
Running one's video system on a converged network with other devices can save...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
The Future of H.266 For Video Surveillance Examined on Aug 17, 2020
First H.264, now H.265, is H.266 next? H.266 was recently announced amid...
Sony 61MP Surveillance Sensor Examined on Sep 04, 2020
For a decade, the highest resolution single-imager surveillance cameras have...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
Avigilon ACC Cloud Tested on Jul 08, 2020
Avigilon merged Blue and ACC, adding VSaaS features to its on-premise VMS,...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a...
Video Surveillance History on May 06, 2020
The video surveillance market has changed significantly since 2000, going...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
Avigilon Social Distancing Analytics Tested on Aug 26, 2020
Avigilon released its social distancing analytics in response to the...

Recent Reports

ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic i-PRO presented its X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...