This page contains a Flash digital edition of a book.
WHAT’S NEW?


MAJORITY OF CCTV SYSTEMS LEAVE ORGANISATIONS OPEN TO CYBER ATTACK


KEMPER’S ROOF REFURB SUCCESS AT ROYAL &


SUN ALLIANCE Kemper System’s Kemperol V210 has been used yet again to repair the roof of Royal & Sun Alliance’s headquarters in Horsham following the success of a project to refurbish the building’s balconies last year.


Cloud-based video surveillance company Cloudview today published new research showing that, while the majority of CCTV systems may protect an organisation’s physical assets, they provide an open door to cyber attackers.


Research carried out by independent consultant Andrew Tierney on behalf of Cloudview and published in a new white paper ‘Is your CCTV system secure from cyber attack?’ found major vulnerabilities in both traditional DVR-based CCTV systems and cloud-based video systems. The security flaws inherent in almost all CCTV systems make it all too easy for intruders to hijack connections to the device’s IP address, putting people, property, data and entire enterprises at risk while leaving operators in breach of Data Protection regulations.


During the research, five routers, DVRs and IP cameras running the latest software were placed on the open internet. One device was breached within minutes and within 24 hours two were under the control of an unknown attacker, while a third was left in an unstable state and completely inoperable.


Vulnerabilities in traditional DVR- based systems ranged from their use of port forwarding and Dynamic


08 | TOMORROW’S FM


Within the central part of the building there were three individual roof areas, covering a radius of 400m2


address leaks in the existing single ply membrane. Roofing contractor, All Angles Roofing, carried out the six-week project on behalf of principal contractor, RCL Services, including repairs to the existing insulation.


The scheme follows on from three previous projects, spaced over two years, to repair three balcony areas, covering a total of 710m2


,


on the same building where water ingress was putting refurbished areas below at risk. Several attempts to repair the roof with


DNS to a lack of firmware updates and the existence of manufacturer ‘back doors’ which are often revealed on the internet. Because DVRs have similar capability to a small web server, they can easily be used to launch an attack against the rest of the network or to extract large quantities of data once an attacker has gained access.


Many cloud video solutions also use port forwarding to allow access to RTSP video streams, making them as vulnerable as DVR-based systems. Other issues include failure to use secure protocols effectively,


other systems had failed to address the issue, but Royal & Sun Alliance has no further leaks thanks to the Kemperol V210 overlay.


. These areas were overlaid to


All Angles Roofing having cleaned and prepared the existing roof surface applied Kemper System’s D primer. The installation team then laid the Kemperol V210 resin in a single wet-on-wet process that ensures complete saturation of the reinforcement fleece. Once cured the resin forms a seamless, elastomeric waterproof membrane that bonds directly to the substrate.


Comments Mike Baulu from All Angles Roofing, “We have carried out numerous programmes on this building over the past few years and the balcony areas had proved a particular challenge.


“A year after being refurbished using Kemperol V210, the balconies are performing well with no signs of any leakage, so R&SA had no hesitation in using the same system for this new roof area.”


www.kempersystem.co.uk


a lack of encryption, poor cookie security and insecure user and credential management.


“Any insecure embedded device connected to the internet is a potential target for attacks, but organisations don’t seem to realise that this includes their CCTV system,” said Andrew Tierney, the independent consultant who carried out the research. “It can easily provide a gateway to their entire network, enabling anyone with malicious intent to corrupt all their systems or extract huge amounts of data.”


www.cloudview.co twitter.com/TomorrowsFM


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60