HTTPS / SSL Video Surveillance Usage Statistics

By: IPVM Team, Published on Apr 01, 2019

HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying communications between a website and a user.

And such technology has readily been available for many years in video surveillance products with the potential to improve the security of connections between cameras and recorders.

As such, 148 integrators answered the question:

HTTPS: In the past year, what percentage of cameras did you deploy that used HTTPS / SSL for connecting cameras to recorder / VMS? Why?

Usage was very low, with the most common meaningful response was that cameras and servers were installed on isolated networks. Moreover, many integrators clearly misunderstood what HTTPS was or how it works, or does not work, with video surveillance systems.

Inside this post, we examine these themes, explain how HTTPS / SSL / TLS is applicable to video surveillance, and share dozens of integrator comments.

***** / *** / TLS ***** *** ****** *********** for ******** ** ******* security ***, ** **********, to **** ******** ********* reading ** ********* ************** between * ******* *** a ****.

*** **** ********** *** readily **** ********* *** many ***** ** ***** surveillance ******** **** *** potential ** ******* *** security ** *********** ******* cameras *** *********.

** ****, *** *********** answered *** ********:

*****: ** *** **** year, **** ********** ** cameras *** *** ****** that **** ***** / SSL *** ********** ******* to ******** / ***? Why?

***** *** **** ***, with *** **** ****** meaningful ******** *** **** cameras *** ******* **** installed ** ******** ********. Moreover, **** *********** ******* misunderstood **** ***** *** or *** ** *****, or **** *** ****, with ***** ************ *******.

****** **** ****, ** examine ***** ******, ******* how ***** / *** / *** ** ********** to ***** ************, *** share ****** ** ********** comments.

[***************]

Key ******

*** ********* *** ****** emerged:

  • * *********** ******** ** Integrator ********* ********* ****** to ** *** ** HTTPS
  • * ****** ** *********** did *** ********** *** question ** ************* ******** communications ******* *** ****** and ******, ** ******* to ****** ****** ******
  • **** *** ********** ********* reported *** ******* **** using *****
  • ********* ********* ***** *** the **** ****** ******** to *** *********** ********* them. ***** **** * integrators ********* ** *** their ****** ** ******* policy.

*** ***** - ******** Cameras *** *******

*** **** ****** ****** for *** ***** ***** was ******* *** ******* being ******** **** *** customer's ******* ******* *** the ********. ***** **** is ** ********* *** to ******** ********* ************* risks, *** *********** ******* for ** ******* ****** on *** ****** ******* to ******* ***** ***********, commands, *** ***** *******:

  • "**** *** ** *** systems ** ****** *** on **** ********, ** HTTPS ****'* **** ********* as *********."
  • "****. ******* *** ****** behind ********* ********'* ** no **** **** *** https. ** ** *** easier ** ***** ** would ********** ****** **. "
  • ****. *** ** *** systems *** ***** ** an ******** *** *** cameras ****. **** ** through *** ********* *** for *** ****** *** do *** ***** *** outside ****** ******* **. We *** ********* ** control *** ****** *******."
  • "**-**%. ** **** ** our ***********, *** ****** aggregation *******, ** **** physically ********* *** ********."
  • "****** *** *** ****** networks *** ** * secure *******, ******** **** clients (***** ********) *** isolated **** *** ******** (in *** *****)."
  • "** ****'* *** ***** as *** ******* ** deploy *** ******** *******, no ****** **** *******. If **'* ********* *** them ** ** ******** from ******* **** ** deploy *** ****** ** some ***** **** ** secure ******."
  • "*% * ****** *** a ********* **** *******, and *** *** ******* switches *** *********, ** there's ** **** ** secure *** ************* ******* the ******* *** ***'*"
  • "*...*** ******* *** ****** networks *** ****** ********** via * ******** *** card"
  • "**** - *** ** the ******* ** ******* are **** ** *** LAN ** ** ***'* bother **** *****/***."
  • "****. *** ******** *** completely ********** **** *** outside ********** ** **** point. **** *** ****** in *** ******."
  • "*** **** ** ** automatically ****. ******* ** they ** ** ************* it **** **** *** better ********. ** ********* don't ***** *** ***** because ** ** **** consuming *** *** **** are ****'* ******."

Customer ** ******* ************ ******* ***

*** **** ****** ******** related ** *** ***** is ** ** *** used *** ** *** customer ** ******* ******** it (** ***). **** of *** ******** ******* why ** *** **** were *** ******** ******, PCI ********** *** ** policy ***********:

  • "**% **** ** **** our ********* *** ********* now."
  • "*. **** *** *** been ********* ** *** customer *** ***** *******."
  • "**%. ********** ******** ***********."
  • "****. ** **** *** had **** *********** ********* for *** ********."
  • "** ***'* *** ** since ********* ***'* *** for ****. ** *** we ****'* *** *** security ********."
  • "**-**%. ** ******** ***** this ****** **** **** required ** ******** ******* policy"
  • "*** ******** ** *** industry / ******"
  • "**** ** ******* ** this ****. ********* ** are ******** ** **** on ***** ** ** able ** **** ******** audits *** *** **********."
  • "***. ** **** ** a ********* ******** ************** environment, ** **'* ******* to **** ** **** security ****** *** *****"
  • "*** ********** **-**% ** commercial ************ **** ********* by ***** ** ***** for ********* ********."
  • "** *** * ****** method ** ******* *** cameras. ***** ** *** easiest. ***** ********* **** a ****** ********** * standard ***********."
  • "**** **** ********* ** customer"
  • "*%. *** ********* ** customers (****** ** ***** local ***) *** ******** in ***** *** ********** is **** ******* ** benefit"
  • "***%. ****** ********. **** customers *** *** *****/*** they **** **** *** safer **** *********."
  • "**% ***** ********* **** dedicated ** *******....*** ****** security ****** ***** **** to *** *****"
  • "** *** ***** *********** it ***-***** ******** *********"
  • "** **** ***** **** it ***. *** ******* customer *** **** ****** concern *** ******** ** the ***** ****** ***** we ******* * ******** network *** *** *****. The **** **** ** see ** *** **** access ** *** ***."

Not ***** - *** ****** *** *******

*** ****** **** ****** reason *** *** ***** HTTPS *** *** **** and ********** ** ************ it ** *******.

***** *** ************ **** a ***** *********** ********* can **** ~$*** *** domain/customer, ***** ***** ********* only ** ******** *** client *********** ******* ** the ********. ******* *** Servers *** ******* ****-****** certificates ** *********** ********, however, ****-****** ***** *** be **** ****** **** certificates ********* **** * Certificate *********, *** *** potentially **** ******* ** create *** *****.

*****, **** ** ***** responses **** ***** **** the ******* ****** ** installed ** ** ******** network, **** ** ******** access:

  • "**** - *** ****** and **** ** * SSL. *** ******* ****** be ** * ******* network *** *** ******* to *** ***."
  • "**** ****** ******* **** ssl **** ** *****. We ******* *** ******* onto * ******** **** and *** *** ***** to ******* ****. *** cameras **** **** ** see *** ****** ** they ****** ** ********* off *** ********. *** server **** *** ** protected ** ******** ******** access *** ****** ****** to **** *** ******* needed ** ****** ** all."
  • "****, ******* ** *** way ****** *** ***** on ****. *******, ** is * *** **** for **** ** **** the ******."
  • "**% **** *** ** those ***** **** ** slower ** ***** **** it ******** ****** **. Haven't **** **** ** the **** ******** **** of ***** **** ***** is ****** ** *********."
  • "*. ******* *********** ***** does *** ******* ************, and ********/*************** ******* *** be *******."
  • "*% ******* ** ****** all ****** ** ****. Because ***** **** *********** that **** ***** ****."
  • "****. ** *** *** been ** ***** ** our ******** *** ****** captive ****** ********* *** VPN's. *****/*** **** ********** and *** **** ****** that ** ***** ****** not **** **** ****** absolutely *********."

********** ******* ****** *********** Limited

**** *** ********* ***** company ****** **** ******** the *** ** *****:

  • "*** ********* ** ****** have *****/*** ************ ****** and ****** **** *** the ************ ** *** security ******* ******."
  • "***% - * ***'* mention ** ** *** customer. ** ** **** it ***** ** **."
  • "*** ********, ***** **%. An ***** ***** ** security **** ******* ******, why ***?"

Comments (3)

* ***% ***** **** SSL/TLS ** *** *** to ** *** ******** ****, ******* ** should **** ** ***** that **** *** ***'* support ******* ********* ** this ***.  

** ********, ** **** increase *** ****** ****, possibly ********** *** ****** of ******* *** ******.

**** ******* ** *** encrypt *** ***** ******, rather ********** **** *** API & *** **** data.  *****, ****** **** encrypted ** ** **********.  Check **** **** ****** manufacture *** *** ** find *** *** *** combination ** *********.  

****, **** **** ** test *** *** *********** of * ****** **** HTTPS *******.  **** **** that ** ******** ** it ******** **** - webpages ***'* **** ****, video ***** **** *****'* drop, *** ***** ********, such ** *** ****'* limited.  * **** **** cameras **** **** ***** as * **** ** win * ***, *** it ****'* ******** ** ******** be ****.  *** *** page ****** **** ** slower **** *** **** enabled.

*******, *** *** ****** NOT ***** **********, ** is ******* ********* **** usernames *** ********* *** always **** ***** ****** authentication (* ***** **** of **********, **** **** HTTPS ***), *** *** clear ****.  **** ******* default ** ***** ****, which ****** ******* ** sniff *** ******* *** easily *** *** ********.   I **** **** **** cameras **** **** * selection ** *****, ******, or ****.  *** **** option ** **** ** weak ** *****.  ** attacker ******** ** *** authentication ******* **** **** only ******* ***** **************, and **** ** ****** them ** ******* ****** authentication.

***** ** ***** ** you *** *** ***** support ** * ****** option ****** *** ****** finder. ** ** ********* for **** ****** ********** clients. 

** *** *** ***** HTTP ** *** ********** network **** ** ** is ******* - ******** well, **** *** ***** as **** *** ******. GG.

**** **** *** *** has *** ****, **** network/their ******* *** **** own **** *******. ** is *** **** **** to ****** ******* **** a ******** ***. * have **** ** ******* more ****** *** ****** than * ****** ******* over ****** ******** ***** everything ********* *** **** expired *** ****** **** techs ******* **** * low **** *** ****** crying ***** ***** ***** and *********, *** ******* to *** ******.

*** **** *** ** by ************* ************** **** managing *** ****** ************ as * *******. ******** Integrators **** ** **** up ** **** ** the ** *** ***** rather **** *** ****** with * **** **** and **** ***** **.

**** ****** ** **** will **** **** ***** reverse ***** *****!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
US Government Ban of Dahua, Hikvision, Huawei Takes Effect Now on Aug 13, 2019
The 'prohibition on use or procurement' of Dahua, Hikvision and Huawei products and 'essential components' take effect today, August 13, 2019, one...
Proactive CCTV "Only Affordable Video Archiving Solution" Profile on Aug 12, 2019
Proactive CCTV is claiming to offer "the only affordable video archiving solution on the market", reducing the storage typically required for H.265...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...
Poor OSDP Usage Statistics 2019 on Jul 09, 2019
OSDP certainly offers advantages over decades-old Wiegand (see our OSDP Access Control Guide) but new IPVM statistics show that usage of OSDP, even...
Maglocks Usage Statistics 2019 on Jul 01, 2019
Maglocks divide access control specifiers perhaps more than any other component. Many are concerned about life safety codes, but others cite...
ADT Eliminating Acquired Brands, Unifying Under 'Commercial' Brand on Jun 14, 2019
ADT is eliminating the brands of the many integrators it has acquired over the past few years, including Red Hawk, Aronson Security Group (ASG),...
Favorite Wireless Manufacturers 2019 on Jun 12, 2019
Many wireless options exist for video surveillance but how are integrator's overall favorites? 170 integrators answered the question: What is...
Axis Will Not Block Resellers on Jun 10, 2019
While Axis generally has strong favorability amongst integrators, the biggest complaint is their channel model, which results in smaller integrator...

Most Recent Industry Reports

Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Axis 4K Camera Shootout 2019 on Aug 14, 2019
Axis' 4K Q3518-LVE claims the "best video quality possible", with Lightfinder super low light performance, Axis' high end Forensic WDR, and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact