How to protect your video security setup from a cyber attack: the fundamentals 

February 26, 2024

This article explains nine fundamental steps to help mitigate the risk of an attack on your video security setup.

Many European organizations are currently auditing their security setups as a response to the European Union’s NIS2 mandate. This mandate has been in effect since October 2024, and it provides legal measures to boost the overall level of cybersecurity in the EU. But double and triple-checking that the fundamentals are in place isn’t specific to Europe. It’s relevant to all organizations that utilize video security (or CCTV, if you prefer). Additionally, most of the work that goes into securing the setup happens outside of the actual video management software (VMS). In other words, this article is for all security and IT professionals, even if you’re not a Milestone customer.  

Each item on this list relates to either asset management or access management. These are two distinct but closely related concepts. Asset management involves identifying, categorizing, and managing hardware (e.g., security cameras and recording servers) software (e.g., VMS and Active Directory) and even employees. Meanwhile, access management is about controlling who can interact with the aforementioned physical and virtual assets. 

 

Asset management  

  1. Update the firmware of each and every camera to the latest version. Quite a bit of time can pass between a camera coming out of the factory and its installation. Older firmware might have security vulnerabilities, hence the need to stay updated.
  2. Update camera drivers to the latest version in your VMS. Video device drivers are used to control and communicate with the cameras connected to a recording server. In addition to fixing compatibility issues, frequent updates include enhanced protection against various cyber threats. 
  3. Disable any built-in admin accounts for your cameras (or change the passwords). The more modern and more expensive the camera, the less likely that it ships with a factory admin account and password. But it’s worth being certain, as any unchanged passwords make it easy for unauthorized individuals to tamper with settings and/or disable critical features. Most default passwords are easily found in online documentation. 
  4. Ensure that all cameras only allow HTTPS. HTTPS encrypts communication between the security camera and the server or client. This means that any video feeds and configuration settings cannot be easily intercepted by bad actors.
  5. Keep your Windows Operating System updated. In the case of Milestone’s XProtect VMS, the software runs exclusively on desktop computers or Windows Server environments. As with keeping camera firmware and drivers up-to-date, updating your Windows OS means getting security patches that protect against malware and cyber attacks. 

 

Access management  

  1. Create user credentials for each person accessing your VMS. Just because it’s simple, doesn’t mean it’s easy. Password sharing is more common than most of us would like to admit. But without unique login credentials, you can’t track who’s doing what. Meaning a slim chance of recourse. In the case of XProtect, the Management Server syncs with Active Directory for user authentication and authorization.
  2. Safeguard the room where your VMS servers are installed. The media often portrays cyber attacks as a remote exercise. But in the real world, cybersecurity has to begin with a lock and key.
  3. Limit the number of people with access to the server room. We can’t provide a magic number. But if someone’s role isn’t directly related to the maintenance, administration or security of the VMS, their access should potentially be revoked. 
  4. Limit the number of people with admin rights for the servers. Admin accounts have elevated privileges, and each additional account increases the risk of exploitation if credentials are compromised.

 

Go beyond the basics

Check out the next article in our series to learn about: 

  • Using VLANs to separate your VMS network from your corporate network
  • Encrypting your recording server’s media database
  • Best practices for device management and user access management in Milestone XProtect
Ready to see what we have to offer with smart video technology?
book a demo
Related content
12 best practices for Milestone XProtect
How Milestone’s software meets video security needs within retail 
How access control works with Milestone's XProtect VMS
You will be logged out in
5 minutes and 0 seconds
For your security, sessions automatically end after 15 minutes of inactivity unless you choose to stay logged in.