Home » IPSW Columns & Features » Article

IPSecurityWatch.com |

Online Article Page

  

View more IPSW Columns & Features articles »
IPSW Columns & Features

Fredrik Nilsson, Axis Communications
Fredrik Nilsson has been a regular contributor to SecurityInfoWatch.com since 2004 on the topic of network (IP) video surveillance. He also serves as general manager of Axis Communications.
VPN security for network video surveillance
One method of security network video data is to run it through a virtual private network (VPN), which creates a secure tunnel through networks.
image courtesy of Axis Communications


802.1x for network video surveillance
802.1X is often referred to as Port Based Network Access Control because it prevents "port hi-jacking." This security protocol authenticates the device (supplicant) that is attached at the port level.
image courtesy of Axis Communications


Most Read Stories Today Most Read | Most E-mailed Stories Today Most E-mailed | E-mail This Story E-mail Article | Print This Story Print Article
Eye on Video: Network security for cameras
A look at options for securing video transmissions
Fredrik Nilsson
SecurityInfoWatch.com

Feb. 2008 - With the widespread use of IP networks for data, video and voice by government, financial institutions and corporate enterprises, today's users are demanding better technology for transferring information securely. Over the last decade, a tremendous amount of R&D money has been spent to strengthen security to keep highly sensitive information safe in transit

Creating secure communication means not only addressing security issues within a network, but between different networks and clients. Effective solutions need to control everything from the data sent over the network to who actually uses and accesses the pipeline. They not only need to authenticate and authorize the source of the message but also ensure the privacy of the communication as it flows through the network.

Authentication and Authorization: Who are you and do you have permission to be here?

The first step requires the user or device to identify itself to the network and the remote endpoint - the recipient. There are a number of ways to authenticate this identity to the network or system. The most typical is through a username and password. Once the identity is authenticated, the second step is to verify whether that user or device has authority to operate as requested. Once authorization is confirmed, the user is fully connected and allowed to send a transmission.

As a basic protection, this technology might be sufficient for installations where a high level of security is not required, or where the video network is separated from the main network to prevent authorized users from having physical access to it.

Privacy: Can you keep the transmission from prying eyes?
The second step involves encrypting the communication to prevent others from using or reading the data as it travels through the network. There are a number of technology options open to integrators, each with its pros and cons. I would like to discuss four of them:

• IP filtering
• Virtual private network
• HTTPS
• 802.1X

A restrictive firewall: IP filtering
Some network cameras and video encoders use IP filtering to prevent all but one or a few IP addresses from accessing the network video components. IP filtering provides a function similar to a built-in firewall.

1 2 3 4 next

About the author: Fredrik Nilsson is general manager of Axis Communications, a provider of IP-based network video solutions that include network cameras and video servers for remote monitoring and security surveillance. Contact him via email for further discussion.