Securing the edge of a surveillance network
Video surveillance data is increasingly connected across local and global networks. While this brings enormous benefits, it’s important to realise that without adequate measures, it can also leave users vulnerable to cybercrime. In addition to physical security, data security and privacy must also be taken very seriously.
Bosch provides a four-step approach that considers the entire video surveillance infrastructure. While the camera is often the most remote outpost in a network, it can be easily overlooked when implementing data security measures. With this in mind, Bosch starts at the edge when taking measures to secure its cameras. Firstly, when cameras are set-up, users are required to set a password. Secondly, only secure (HTTPS) connections with the cameras are allowed and all ‘unsecure’ ports are disabled by default. Thirdly, the execution of third party software is disabled and firmware updates can only be done via Bosch firmware files.
Finally, all Bosch IP cameras feature a unique, built-in Trusted Platform Module (TPM). This module safely stores all certificates and private keys needed for authentication and encryption. Even in cases of unauthorised access, the TPM ensures that the private key cannot be retrieved.
End-to-end data security
However, focusing on the edge of a video surveillance set-up alone is not enough. Even a single weak link in a surveillance solution can jeopardise the entire system. Bosch achieves the highest standards with a four-step approach that considers the entire video surveillance infrastructure. This includes cameras, servers, clients, storage devices, network protocols and standard key infrastructures.
It starts with creating trust by assigning every component in the network an authentication key. Secondly, data is secured by encrypting it at the hardware level, using a cryptographic key that is safely stored in a unique built-in Trusted Platform Module (TPM). In order to ensure that only authorised people have access to data, Bosch offers a number of ways to manage user access rights. Finally, Bosch has its own PKI solutions with in-house Certification Authority (CA) Escrypt. These solutions also support third party public key infrastructure (PKI) solutions from companies such as SecureXperts Incorporated (SXI).
Securing core devices
Video surveillance data can range from sensitive to top secret, but even networks with trusted devices and secure data transfer can fall victim to human error. That’s why Bosch offers extended user management options for controlling individual user access rights and supports existing industry standards such as Microsoft Active Directory, supporting solutions that authenticate users by making use of tokens. Regular updates via security patches and allowing digest access authentication only further increases security levels to keep video data secure.
Bosch recording solutions can also come with a unique built-in Trusted Platform Module (TPM). This module, as with the cameras, safely stores all certificates and keys needed for authentication and encryption. Even in case of unauthorised access, the TPM ensures that the private key cannot be retrieved.
Securing the infrastructure
Authentication within the network is ensured using the 802.1x protocol. Bosch network cameras and storage devices support up to 256 bit keys for encryption (Advanced Encryption Standard). All Bosch cameras feature a unique factory-loaded Bosch signed certificates to enable authentication and encryption. If needed, these factory-loaded certificates can be replaced by customer specific certificates to meet certain customer requirements.
In a world where almost everything is connected, data security is now a community effort. That’s why Bosch video surveillance solutions comply with leading industry standards in PKI for the management of digital encryption certificates.
Because video data is often highly critical and sensitive, Bosch is driving a systematic approach to maximise data security by considering physical safety and cybersecurity simultaneously. Its system approach is the key to achieving the highest standards in end-to-end data security. The Bosch focus is keeping users’ video data secure.