Zero Trust Security And Video Surveillance

By Sean Patton, Published Jul 07, 2021, 09:48am EDT (Info+)

Designing "Zero Trust" IP networks is a cybersecurity trend, but what does it really mean for video surveillance?

IPVM Image

We examine:

  • How is "Zero Trust" defined?
  • How does it impact video surveillance?
  • How can video surveillance manufacturers support Zero Trust?
  • What advantages and challenges are there for Zero Trust?
  • How should integrators approach Zero Trust networking?
  • What are the limitations of Zero Trust?
  • What is the US DoD / federal government approach to Zero Trust?
  • How is Hikvision advocating for building Zero Trust?

"Zero *****" ********

**** ******* * ********** ******** ******** **** defaults ** *******, ******* *** *****, not ***** *******, **** ** **** are '******' *** ************'* *** *******.

******* ******** ****** ** ************ *** dynamic ******* *********** ** ***** *** devices, ****** ** ******* **** ** the ******* ****** ** *** ******* based ** *** ************ ** *** task *** ***********.

******* *** ****, "**** *****" **** not ****** *** ** ** ******* of *** ****** ** ***** ********. For *******, ***** ************ *******, ********** if ***** **********, ***** ***** ** abused ** *** ******'* ***** ********** or *************** **** *** ***** ********** (as ** ******* ***** **** *** Verkada ****).

Zero ***** **********

***** **** *** ****** **** ** continuously ******** *** ********** *** **** given ****** ** ********** ********* **** permitted. ***** ****** ***** *** ******** as * "******", ***** **** ******* trust ** *******, *** ***** ** devices:

IPVM Image

****** ** ********, ** ********, ******-********** *********(****), ***** *** ** ********-***** ** turnkey **********, *** ******* **** ****** inspection (*.*. **** *********** ** ********* data ** **** ****?) ** ******** to ********* ** *********** ********* (*.*. VPN).

************, ***** ******** * **** ***** network *** ***** **** ** ****, there *** **** ****** ** ********** and ***********, *** * ***** ********** Zero ***** ******* (*.*. *****-****** **************, 802.1x, **** **********, **** ******** **********, etc.). **** ********** ******** *********** ******** and ********* **** ** ******** ** video ************.

Impact ** ***** ************

***** ************ ********* **** **** ******* of ****** ** *****, *** ** a **** ******** ** ******* **** moderate ** *********** *************** (*** ****'********** ** ***** ************ ************* *************** and ********). ***** **** ***** ******** *** video ************ ***** **** ******** **** of ***** *************** *** ********.

*******, *** ********** ** ************* ** a *********** ********* *** **** ***** surveillance ************* *** ***********.

Barriers ** **** *****

***** *** * ******* ******** ** Zero ***** ** ***** ************:

  • *********** ****** ** ** ** ***** own
  • *********** ********* *********
  • *** ******** ************* ** *** ** option

*********** ****** ** **** ***** *****

***** ************ ******* *** ********* **** a ******** ** ** ************'* ** network, ** **** *****, * **** small ********. ******* ** ****, **** integrators **** **** ************** *** *** surveillance *******, ******* ** ***** ****** ********* ************ *** **********, ************ **** ************* concerns.

*******, **** ***** ********** ***** ** be *********** ****** *** ****** ************ and ***** ******* * **** ***** of ***********/************* ******* *** ************ **********'* purview. *** *******, **** ***** ***** not ** ******* ** ******* ***, smartphones, ********, *** ***** ******* **-******* devices ****** ******** ******** *******.

*********** ********* *********

************ **** ***** ******* *** **** of *** *** **** ** ****** within ***'* *******. **** ***** ** be ******* ******* *** ******** ******** of *** ********.

* ******** ****** ** **** ***** is ********* ***** *** ******* *** accessing ********* (*.*. *** *********, ****** streams) **** ****** ****** ****. **** Touch ******* ******* *** *** ** multi-factor ************** (*.*. ***-****-*********, **********, *** keys, ***.) ***** ***** ** ****** that *** ******** ** *** **** is *********.

*******, **** **** ******** ***** ** the ******* ** ***** ******* ** to **** *****, *** ** * worst-case ******** *********** ******* *** * user **** ********** ** ** ********* incident, *** ** * ********* ***** out ** ***** *******.

** ****** *** ** ***** ************* For **** **** **

***** **** ***** *** **** ******* vulnerable ******* **** ********* ** ********** other ********* ******* ** ***'* *******, one ***** ***** ** ***** ****** manufacturers *** **** **** ******* **********. For *******, ***** *****, **** **** zero *****, **** ** ***** **** their ***** ********* **** *** ** breached **, *****, ***** ***** ** spying ** ***** *********.

Verkada *** **** *******

**** ******* *** ******** ** ***** 2021, *** *** ** ******** ************ ***** ********** *********** ***** **** ***** ******** architecture. **** ********** ********** **** **** though ******* ******** **** ****** ** admins, ******* ******* *** ******* ******* Verkada ***** ******* ***** ******* ****** Okta's *** *******.

*******, ** *** ******* ******, **** were **** ** *** ********* *********** from ****'* *** ***** ************ ******.

US *** **** ***** *************

***** ********** ** ******* ******** ** initiative ** **** ** ****** *** capabilities ** **** ***** *************** ** ********* *** ********. *******, the *** **** *** ****** ** to ** ***% *** ** ********* security ***** ** ******* ** ***** this.

*** ******** ** **** ***** ** scope, *** ***** *** ** ********/******** specifications, ** ****** ** * ***** for *** ************:

*** *********** ** *** **** ******* ** ** ***** *** *********, operator, *******, *** **** ** **** Trust ** *** *********** *********** ** ********* * **** ***** framework ****** ** ******** ***********.

**** ****** * **** ** ********* and **** **** **** *********-***** ******* that **** **** ************** *******, ****** and ***********:

********** ******* **** ****** *********** ******* ******* **** ****** ****** and ***** ******** ***** ******* ***************. ******* *** ********** ** ******* policies, ***** ** ***** **** ****************, **** *** ** ************** *******, reconfigured,***/** ******** ***************, ******* ****** **** ****** *** ineffective.

**** **** ******** **** ****-******* *****-****** hackers:

*****-****** ******* *** **** *******, ****-*********,*** **********. *** *** ** *** tactics,**********, *** ********** ******** **** **** invasive ******* *** ****** ****************** ********** **** **** ********** ****** ***** and ********.

Hikvision ********** **** *****

********* ******** *********** ********* **** *****, * ************** ******* *** *** cybersecurity ******; ** ** *******'* ******* can ** *******, **** ***** ******* is ** * ***** ******* *****.

***********, *** ********** ****** **** *************** for ************ * ****** **** ***** network *********:

********* *** ********* *** ** ********* and *** ********* **** **** *** need ** ****** *** ***** ************ system

************ ** ********* ****** "***** ******* are *******" ***** ******* *** ****** purpose ** **** *****.

Limitations ** **** *****

* *********** **********/**** ** *** ** that**** ***** **** ********** *** *********. ******* ********* ****** Verkada **** '***** *****' ********** ** view *** ********'* ****** ******* ** any ****. ********, ** ******** ****** to *** **** ***** ****** *** cameras ******* ****** **** ********'* ********.

*** ** *** ******* *** "**********" from *** ********** ** **************, **** Security, *** ************* ********. **** ** a **** ** ********** **** ***** in *******, ** **** *** ****** with ***** ******* ** *** ******* infrastructure/admin ******* ** ***********.

**** * ********* ********** ***** **** ************* ***************, ***** ** ******* **** ***** have ****** **, ******* *** ******* was ************ ******* ******* *******'* *** servers:

IPVM Image

Video ************ ************ ********* *******

******* ** *********, **** ** *** only ***** *** ***** ************ ******* that ****** ********* *********** ** **** Trust, **** ******* **** ****. **** ****** ******** **** ************ manufacturers ***, ** ****, ******* ** securing ***** *** ******* *** ************. Securing ***'* ****** ******* ** ******** the ***** ** ***-**-*** ********** ************* (e.g. *****, ********, ***-*****) *** *********** security ********* (*.*. **** ****, **********, Sonic ****).

***** *********** *** ******** ** **** security ********* ** **********, ** **** not ******** *** ********** ** ******** that *************** *** ********* *** **** one *** ******** ***** ***'* ******'* suppliers.

Comments (8)

***** ******* ** ********* *** ********* to ****-*****. *** ********* ********* ** white-lists ** * **** ****-**** ******.

*******, * ***** ************* **** ** made. ********* ***** ******* ** *** hardcode ***** ***** ********* **** ****** scripts *** **** ****** **** ** the ********. *** ***** ***** ** 3rd ***** ****** ** ******, *******, & ********* ***** **** ****** **** if ******* *** ***** ** ***. What ******** *** ********** *********** *** is ******** **** ** **** *** vendor. ***** *** **** **** ******** methods *** ********** **** *****-***** ******** within *** ***** ******** **** ********* devices, ****** ************ ****, *** ***** evidence, *** ***** ***** ********* ****** support.

***** ****** ****** *** *** ************** of *** ******* ** ********* *** the ************** ** *** *********** *** vet *** **** ******* *** *******. Yes, **** **** *********** ********** *** these *********** *** ********* **** *** can ***** **** ***** ** ***** to *** ******** *** *** ***-*****.

Agree: 5
Disagree
Informative
Unhelpful
Funny

********* *** *********** *******.

Agree: 2
Disagree
Informative
Unhelpful
Funny

**** ******* ******* ** ******** **** Zero ***** ************ (***) ** * worthless *******, ******* "*** ***** ***** to ***** ****** *************." * ***** that ********** ** *** ****. ** Okta ****** *********** ***, **** *** their ******* ********* ***** ** ** an ******** ***-******* (** ****), ** that * ****** ** *** ******* side ***** *** ********* *** **** of *** **** *******. ** ***** would ** **** ** * ******** valuable ********** ** **** *** ****** or *** ****** ***. *** ******* is ******* ** ****** **** ******* customers **** ***** ******* ** *** sense **** *** ***** ***** **** and ******* **** ********, *** **** is *** **** *** *** ******* you *** **** ** *** ****, i.e. **** *** **** ******** **** care ** ***** *** ********. ** @Jacob ****** ******* *** *****, ** Verkada *** *** ** ******'* **** helped ****** ******* ** ***** ********** mistake ** ********** ***** *** ***** admin *********. *** ** *** ***** adding *** ********** ** **************, *** no **** ****** ** *** ******** can **** *** ** **** ******** is ******-****** *** ******* **** *** it.

Agree: 2
Disagree
Informative: 2
Unhelpful
Funny

#*, ** *** *** ********** **** ZTA ** *******. ** *** ******** with *** **** **** *** **** here:

******* ********* **** ***** ******* ** the ***** **** *** ***** ***** data *** ******* **** ********, *** that ** *** **** *** *** anytime *** *** **** ** *** kind, *.*. **** *** **** ******** take **** ** ***** *** ********.

*** ***** *** *** *** ******** with ***, **** **** ******** **** ZTA ********** *** ******** ***** ******* you **** ******* *** ** *** 'trust' *** ******** *** ***** ** still ********* ** *** ********** **** providers *** ****** ** ******* ******** whether ** ** ***** ** *** or *****, ***.

Agree: 1
Disagree
Informative
Unhelpful
Funny

** ** ***** ** *** * worthless *******, *** ***** *** ***** risks, ** ** ***** ***** ****

**** ********** ********** **** **** ****** Verkada ******** **** ****** ** ******, neither ******* *** ******* ******* ******* could ******* ***** ******* ****** ****'* own *******.

**** ************ *** ***** ** ***, if ****** ** ** ***** *** enforced, **** ******** ** *******, *** activities *** ********* ********.

*******, **** ** * ******* **** a *********** ********** *** ******** ** cybersecurity. **** **** *** ******** ************ and ********* ** ********** ****. ***** schools, *********, ***** ********** *********, *** countless ***** ********* **** ************ **** are ****** ** ******** ** ** so, *** ******* ** *** ***** of ****, ************/******** ******* *** **** one ***** ***** ** *** ********.

Agree: 1
Disagree
Informative
Unhelpful
Funny

***** *********** *** ******** ** **** security ********* ** **********, ** **** not ******** *** ********** ** ******** that *************** *** ********* *** **** one *** ******** ***** ***'* ******'* suppliers.

***** **** ****.

*'** ****** **** ********** ******** ***** because ** ************ (***) *** ******* of **** **** - ***** ** critical.

***** ***** ** ************** ** **** **** ********** ** this ********** ***** (***** ************) *** is * '**** ********' ** *** kind ** ***** ******* *******.

***, ********** ********* ** *********** **** *** manufacturers **** ********* ******** ***'* ********** in *** ****** ** ***** ********.

Agree
Disagree
Informative
Unhelpful
Funny

**** ********/******* ******* ******** ***** ** not ** ****** ** ******* ***** models **** ***/******* ***** ** *** customer ********** ********, ***** ** **'* own **** **** ***'*, **** *** remote (*** **** *****) ****** *** 2FA ******* ********(**** *** ****** ***** notifications). *** ***** **** ***** ******* or ******** **** *** *** ****** to *** ******** ** **** **** no "***** ****" ************. **** **** and/or ******** ***** ***** ** ** intermediate, ******* ***** *******(*), **'* ** nas *** ***** ****/*** ******* ****** to *** ***** ******* **** **** no ************ **** *** *** ********. Log *** ****** *** ****** ******* events **** ************ ** *** ********* local ******** ****. **** *** ***** at * ****. ** **** ***** security ** ***** **** ***** ** protection, **** ** ** ***** ********* for ** ****. **** **** ** solution ** *** ****** ******* ***** business ** **** **** ****** ***** be ****** ** ******* **** **** burdens. *** **** ******** ** **** enough? *** ** *** *****, *** what ** *** *****. ***** ** one ******* ** **** ********** *********- purchase ******* ************ ***** *********(** ** doesn't *****, ***** *** ** ** exist. ****** ********* **** ****** ** destroy *** ********), ******* ****** **** review **** ***'* ** ******* **. If **** *** *******'* ************ ******** are ****** ** ***, ***** ** little *** *** ** ***** ****

Agree
Disagree
Informative
Unhelpful
Funny

*** ** *** **** ********* ***** of **** ***** ** ****** *** product **** ** ***** ** * reverse ********. *** ******* ****** **** ever ***** ** ***** *** *******. Will **** **** ****, ***...... *** not ** ******* ***.

**** ** * **** ***** ********* or ******** ?, *** ***** **** the ********** ******** * ***** *****. Maybe ********* *** ******** *** *********.

**** * **** ** * *******, Safe -* ***** *** ***** **** Trust ******** *** ************ ** *** really **** ** ***** ***** **** Trust **** ***** ** ******** **** can *** ** ***** ******** **** cloud ****** ********, ***....

* ***'* **** *** ****. ******* I ** ******* **** ***** ******** that ****** **** *** ***** ******** work. **** * ***'* **** *****.

***** **** ** ****** **** **** work *** ***** ******** ********* **** will *** ****** *** ******, *********** that **** **** *****, *** *** what **** ** ** *** **** sell *** **** ***** **** *** test **** **** ** **** **** the **** ******* *** ******* ***** products ** ******'*.

***** ***** ******** ** **** **** cloud *** *****, *** *** *** today.

Agree
Disagree
Informative: 1
Unhelpful
Funny: 1
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports