top | item 33744340

(no title)

omh | 3 years ago

Even in this dual-homed setup, there is still the potential for the cameras to infect, or otherwise compromise the recording server

I agree that this is a potential risk.

But if the cameras themselves can't route to the internet in this scenario then how are they infecting the recording server? Is the suggestion that they come shipped from the factory with code to compromise common recording servers? It seems like that would be very significant and something that we'd be able to see in action.

My biggest concern with CCTV networks that I manage is some sort of backdoor access to the cameras themselves. So the dual-homed server design is exactly what I'd choose in order to control things.

discuss

donmcronald|3 years ago

There’s also no reason you can’t isolate the recording server too. Don’t let it initiate connections to the internet and limit incoming connections as much as possible. IE: Only allow connections from a specific VLAN or VPN client IP range.

brk|3 years ago

Is the suggestion that they come shipped from the factory with code to compromise common recording servers?

Yes. While I have not seen it happen yet, there is plenty of precedent in cyber warfare tactics in general to have trojaned devices act in this way. The likelihood may be low, but it also very possible, and Hikivsion has already shown they cannot be trusted, so why risk it?

killingtime74|3 years ago

(not working in security) Say they do infect this recording server that is not connected to the Internet. So what then, how do they send this data elsewhere? It's just infected and sitting there?