SecurityWorldMarket

24/07/2017

Dahua urges efforts from all quarters to tackle cyber security

Hangzhou, China

Cyber security has increasingly become a topic of global concern. Especially after the attack by a large-scale DDoS when the global public security network was almost paralysed.  Adding to this Dahua has high aspirations to create safety value and calls attention to establishing a new global network security ecosystem, protecting network security for end users, installers and device manufacturers alike.

In 2016, an American website for the sale of jewellery online was attacked by hackers. The website was working at its usual rate of 3500 times per second in the HTTP request, but follwing analysis of the original data package by a security researcher, it was found that these HTTP requests were all from IP cameras. A DDoS attack launched by a botnet consisting of 25000 cameras was the biggest CCTV botnet known so far. Last October, America suffered the largest DDoS attack, leading to website crashes along the entire east coast of the country. Within 24 hours, the pages were not visible. Ultimately, this was found to be caused by a botnet, which was made up of cameras and other intelligent devices.

A couple of further network security events that occurred last year brought challenges to the IoT and network security arena. Governments all around the world have issued laws and guidelines to achieve IoT protection. It shows that IoT network security incidents are closely related to video surveillance systems, and most IoT device problems are caused by cyber security video surveillance issues. Therefore, in the foreseeable future, foreign hackers will make full use of video surveillance systems to initiate DDos attacks.

2010 was a watershed year for development of the global security industry. When monitoring devices are used independently, there are no security laws. However, video surveillance is now becoming a core part of the IoT system. Video surveillance equipment not only started to make progress on high definition, but also experienced a migration from conventional analogue monitoring to network monitoring.

With IP cameras, NVRs and IP storage server listings, video surveillance has been witnessing rapidly advancing network technology. In the technical architecture of IoT and big data, cyber video surveillance has reached a new stage. However, it faces many problems:

Firstly, video surveillance products have become increasingly necessary in many fields. Driven by security concerns and cost improvements, standard equipment can be found in most retail stores and offices. Video surveillance equipment is connected with infiltrating broadband and mobile Internet, lowering the cost of bandwidth and data usage. Remote monitoring and alarm systems are now commonly used with a mobile APP that comes from video devices. However, that has resulted in many video devices becoming exposed to potential hackers online.

Secondly, cyber security lacks comprehensive regulations regarding the building of projects. In global security projects, referring to the standard controls, design, construction or acceptance, cyber security is ignored with a lack of regulation. To this extent, there is a lot of work to be done to develop the security industry within the field of cyber security.

Thirdly, users often lack security awareness. Many IP camera users just set simple passwords, such as 1234 admin and so on, while some of them even use a null password or a default password. Thus, hackers easily take control of the system and make further use of it.

Finally, many network monitoring device manufacturers have exported a large volume of products to other countries. In order to save costs, some of the manufacturers use generic and open source firmware, or adopt OEM products without any security reinforcement. As a result, devices with different brands are set up with default passwords and share the same flaws. Once the vulnerabilities have been exposed, it is hard to upgrade and fix them. Meanwhile, manufacturers have faced similar problems in terms of technology.

How to prevent data and information from being stolen, protect video surveillance against sabotage, and prevent attacks from botnets are serious problems to be solved urgently. It’s not difficult to see that every link in the network security is potentially weak, so establishing a new ecosystem for network security is crucial in order to resist attacks.

Globally, whether at home or for commercial application, all network monitoring devices exposed to the Internet will be at risk of hacker attacks. Therefore, users have two methods of defence: one strategy is to be invisible to auto attack tools. Connect IP cameras to the embedded PoE port of the NVR (usually these ports were isolated from outside network), or change ports in both the NVR and the mobile app. Another strategy is to follow all the simple steps to enhance immunity, no network knowledge required: default password, weak password, create user account (no admin privilege) for use on mobile app and remote viewing, check & upgrade to the latest firmware, do not let outsiders see your video equipment brand & model. Customers can use a compound of letters, special symbols and numbers, in order to enhance the security levels. When passwords are typed, users should be careful who is watching. A safer account can also be chosen, and devices can be regularly checked for possible vulnerabilities, and deploying network video surveillance equipment on the internet can be avoided. Instead, a private network or connection through a VPN can be used so that when you transfer data to the cloud, safe network connections are deployed. 

The installer plays an important role of the link between end users and manufacturers during project design and configuration. They need to master all the defensive measures in cyber security, and educate the end user about the importance of cyber security. In this way, end users will be aware of the importance of safety. Engineers could also offer regular testing services to ensure a perfectly secure system. Whether users can isolate video equipment from other network equipment, especially Wifi accessible network (VLAN or separate network switch using different network segment), disabling UPnP and common mistakes of end users and mitigation are other key issues. This also show responsible behaviour towards the end users with the quality of service improved, but could also lead to greater profits. Some of monitoring devices can have their settings changed through the command access port and data access ports, when engineers make some cipher modifications. This demands strict control for verifying the identification of installers, to avoid user privacy being disclosed. Meanwhile, if engineers have been using passwords such as 66666666 or 888888 during installation, it is quite easy to be invaded. This not only means to network monitoring, but also for other security devices, thus it’s necessary to complete the secondary encryption.

Due to the specialty of security equipment applications, once equipment has been attacked by a hacker, it could cause damage to individual privacy, social information, and even national production safety. In order to promote global network monitoring, Dahua Technology is putting a great deal of effort into establishing a leading cyber security structure and system. Considering in depth cyber security in product development, for the end users, Dahua aims to teach customers to adopt good habits when using cyber devices, especially in terms of good managment and regularly resetting passwords, and caring about the cyber environment safety. For installers, Dahua is not only creating a market in the service programmes, for which installers can provide regular maintenance checks, it also raising their awareness of end user product safety, and also training installers on how to avoid DDoS attacks. Dahua is considering setting up a standard testing scheme for network monitoring devices, and adding QA processes. There is no doubt that all of these intentions demand a great deal of investment for Dahua in terms of research and development, professional training contingents, and implementing strict management and control.

 Dahua already uses security-testing tools to analyse the network protocol safety, toughness and reliability of all products, and discover vulnerabilities. At the same time, Dahua uses validators to guarantee all its products are verified by a team of cyber security professionals before they are released. In addition, Dahua communicates and exchanges ideas frequently with users and engineers to get feedback from the market. Faced with IoT and big data, Dahua has boundary-crossing cooperation with the IT industry, to promote the security testing methods, testing tools and safety standards of related security products together.

Compared to the IT and telecommunications industry, public awareness of network security seems to be far behind. Regardless of national policies or industry development, network security is here for the long-term schedule and Dahua aims to grasp the opportunity to create much more value.

DDoS attacks and safety problems that now exist in video surveillance based on IoT systems, have attracted attention towards cyber security. However, cyber security needs a joint effort from all levels, devising how to establish a global new network security ecosystem becomes the breakthrough in the ecological chain. Dahua Technology, with its value proposition believes it is presenting an unprecedented importance on cyber security. Moreover, Dahua Technology is making huge effort to provide innovative and reliable security technology to establish a global new network security ecosystem, realising the company's mission of  “Safer Society, Smarter Living”.



Product Suppliers
Back to top