Network Security Concerns Examined

By: John Honovich, Published on Nov 05, 2009

At an ISC West 2009 presentation [link no longer available], Slayton Solutions spoke in detail on the vulnerabilities of network security while using some highly uncommon situational examples that may exaggerate real life risks. [Note: view slides from presentation [link no longer available]].

The presentation provided an introductory study of network security topics like attack techniques, hacking tools, type of attacks, and preventative security options. 

Some key points discussed were: 

  • The scenario of hackers placing a rogue access point (an cloned access point of the same name) to fool wireless clients into logging in.
  • The scenario of a hacker inside a local network sending large "ping" packets to stall or stop communications of IP cameras.
  • Denial of service method where an attacker spams a target machine with communications request so it cannot respond to legitimate traffic.
  • Discussed the importance of strong passwords that are minimum of 8 characters long using symbols, letters, and numbers.
  • Discussed the importance of using SSL encryption and recommended the security industry use encryption on all communications devices.
  • Hacker may use software to scan for open TCP/IP ports. Explained that security DVRs are most likely set to port 480.  He recommended to change the port to a higher network number.
  • Did not recommend the use of Microsoft OS based DVRs because of the necessity of frequently patching the OS vs the reality of having someone patch the DVR every week.

In addition, physical security scenarios were brought up to bring attention to low tech techniques for stealing information.  For example, the concept of "dumpster diving" into trash bins and using "social engineering" to pretend to be someone else to gather IT information over the phone or in person. Although the scenarios mentioned are possible, the likelihood of these occurrences are uncommon and come across as overly dramatic for the purposes of consideration by a systems integrator.

On a related topic, refer to our discussion on the risks of IP camera hacking.

Comments : Members only. Login. or Join.

Related Reports

ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Genetec Self-Discloses Critical Vulnerability on Jul 31, 2018
In an unprecedented move for the video surveillance industry, Genetec has self-disclosed a critical software vulnerability across Security Center...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Forced Entry / Duress Access Tutorial on May 17, 2018
Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for...
TVT Backdoor Disclosed on Apr 09, 2018
Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical...
Genetec Now Detects Insecure Camera Firmware on Nov 29, 2017
Genetec is heavily emphasizing cyber security and cyber resilience. From initiatives like CHAVE to 2 Factor Authentication to Expelling...
Genetec CEO Warns Against Insider Threats on Sep 21, 2017
With Dahua and Hikvision cybersecurity issues becoming indisputable, a new counter has emerged. Just put them behind a firewall, buy cheap...
Hikvision VMS Password Recovery Vulnerability - Emailing Admin Passwords In Plain Text on Aug 28, 2017
Hikvision iVMS-4200 suffers from a vulnerability that allows anyone local, without authentication, to generate a code that Hikvision will respond...
Hanwha Recorder Vulnerability Analyzed on May 18, 2017
ICS-CERT has released a vulnerability notice for Hanwha SRN-4000 recorders.  Hanwha provided additional information to IPVM about this issue,...
Bosch/Genetec Video Cybersecurity Partnership Examined (CHAVE) on Feb 15, 2017
Surveillance products have been relatively weak when it comes to cyber security. Default passwords, open ports, and weak authentication mechanisms...

Most Recent Industry Reports

Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...