Are Device Replacements Scheduled or Malicious?
Another issue we’ve seen is the substitution of an existing IP security device at the edge of the network. Cameras are often replaced for normal day-to-day service issues, but what if a camera is being substituted for malicious reasons? Would the IT or security department know if the device was replaced, and what is the response protocol for such an action? In some cases when looking for unauthorized servers, laptops or other storage devices, a foreign MAC (media access control) address would be detected through network supervision software, typically deployed to detect unauthorized or unrecognized hardware from operating within a campus network.
Security devices may not be monitored as they are considered low risk and often relegated to a dedicated subnet, creating some isolation from the main network. This does not preclude the opportunity for systems to be compromised; aside from replacing a device, consider that the programming may be altered. What was a single camera streaming video to a network server, could now be a different camera with an onboard storage SD card, which is now multistreaming the video content.
These scenarios are playing out across networks (mostly corporate at the moment) worldwide, creating new challenges for security and IT professionals alike. A new generation of software is entering the landscape to bridge the gap of supervision between IP security deployments and the networks they operate within. These new applications will create an extremely robust offering capable of supervising all security-based IP edge products. Institutions can create supervision rules that will notify security and IT personnel upon any change in functionality or presence.
The managed services marketplace and similar layered applications can provide real-time monitoring of the entire security enterprise, giving campuses instant notification of component failure and reporting.
Keep in mind that this will not resolve the issue of older security IP devices getting “left behind.” Institutions must work with their integrators when upgrading network hardware to maintain a regular dialog that allows the security and IT departments to stay ahead of upgrade schedules to ensure maximum uptime.
Bob Stockwell pens Campus Safety’s sister publication Security Sales & Integration’s “IT Intelligence” column, which covers network security. He is Chief Technology Officer for Stanley Security.
Read Next: Where Do You Fall on the Video Surveillance Learning Curve?
