This is Part 3 in our series on data security. See Part 2 on Firmware Updates & Security Patches.
The series is adapted from our free eBook on network security, which includes a Vendor Selection Worksheet, an extra feature that outlines key questions you should ask any security provider before purchasing a system for your business.
DVRs & NVRs
Conventional video security systems store footage on what are essentially centralized, on-premise servers called digital video recorders (DVRs) or network video recorders (NVRs). Despite the fact that these devices add cost, complexity, and risk, the vast majority of ordinary video security systems today use them. Here are a few of the top ways in which NVRs and DVRs introduce complexity and risk.
Port Forwarding & Firewalls
Most DVRs these days enable remote access, allowing users to watch live or recorded video using a web browser or application. This is most commonly achieved by “port forwarding,” which enables external devices to penetrate through the organization’s firewall and communicate directly with the DVR. Once opened, however, this connection creates the possibility that external actors can enter the previously firewalled network.
Machines that are connected to the Internet are typically scanned thousands of times a day. And firewalls are often highly complex, requiring hundreds or even thousands of rules. If not managed correctly, DVRs can compromise the security of your entire system. Even if managed by a qualified professional, port-forwarding can introduce risk and complexity that should be avoided if possible.
Shared Passwords & Factory Defaults
DVRs and NVRs are often shipped with login credentials that are set at the factory. Since the user interface on these devices is notoriously unfriendly (many don’t have keyboards) it’s not uncommon for administrators to simply use the factory defaults when configuring the system. In some cases, the default username has been identified as “admin” and the password is blank.
By some estimates, as many as 70% of NVRs and DVRs operating today are still running on unchanged passwords. Even if you discount this estimate by 50%, that still suggests that over a third of systems have not had their factory defaults changed.
Single Point of Failure
By centralizing the storage of video data, NVRs and DVRs may represent a single point of failure in your system. Unless you are storing all of your video data in the cloud, which can greatly hinder the bandwidth of your local area network, you risk losing all of your footage if the device is tampered with or stolen. It is not unheard of for a disgruntled employee or savvy outside operator to deliberately target the video recorder when perpetrating a malicious act.