Last March, the Crown Casino in Australia made international headlines after a group of high-rolling card players were able gain unauthorized access into the casino’s video surveillance system in order to cheat Crown out of $33 million in illegal winnings. Journalists were quick to compare the elaborate heist to the storyline of the 2001 feature film, Oceans 11, where Brad Pitt and George Clooney starred as the masterminds behind robbing a high-profile Las Vegas casino for $150 million.
Given that Pitt and Clooney’s characters were perceived as the good guys in the movie – to whom the audience rallied behind to pull off the impossible – it was no surprise that the crime in Australia was glamorized and was taken lightly in the public eye.
While it is easy to dismiss the Australian casino heist, many people within the security industry were hit with the reality that new approaches needed to be taken with advanced technology.
Making sure your IP surveillance system is secure from outside threats is vital no matter if you are a well-known Las Vegas casino or a privately owned retail store. We spoke to Michael Miller, the president of The Wire Guys, a surveillance system integrator based in the eastern United States, to discuss this topic. Miller came up with five ways end users can protect themselves from getting hacked.
Use a Dedicated Network for Your Clients and Your Servers
Miller: I don’t know the particulars as far as the Australia casino heist, but if you have your security network on your same corporate network, which is tied to your wireless network, and if it’s all on the same subnet, it’s pretty wide open at that point. That would be my guess to what might have happened in Australia. It would be absolutely crazy for a casino to be set up like that if they were. But technically in a casino, just like in hospitals, everything is separate and dedicated. There’s absolutely no way to get to the cameras from their corporate network.
If their network is set up like that we will step in. But a lot of times, the IT departments are in control already, so they set the rules and regulations and we conform to what they recommend to us. What we would typically recommend is having a totally dedicated separate network. Separate switches, separate cables, separate everything. Even the client machines are on their own dedicated networks. Make it so that it’s physically impossible to go from your corporate network to your camera network. That’s the best way to do it.
Change Your Passwords
Miller: Make sure you change all of your passwords on your cameras and your switches. You can use authentication on your network to make sure that only the devices that you want on your network are on your network. Those are the things that you would typically want to do.
From Remote Access Use Your VPN
Miller: There are two ways to give remote access to your system. The first option would be to open a hole in your firewall, or as we call it port-forwarding. The other option, which is more secure, would be to do a VPN access. So basically, from your mobile device, you can initiate a virtual private network back to your firewall which puts you on your network. That is much more secure than just opening up ports at that point. Then you have your username and password you have to enter for Avigilon’s ACC Mobile, so you have VPN and your username and password to get into the system.
Don’t Use Your VMS server With Company Information on it – Dedicate a System for Surveillance
Miller: If you circumvent the VMS and go directly to the cameras, then you can see the live feeds. If you can get into the server, you can access recorded footage potentially delete recorded footage. Typically, especially the way we build system and the majority of companies that know what they are doing – you’re not going to share your surveillance system, with your SQL server, with you database with everybody’s AR department, you wouldn’t want to do it that way.
Check to See Who is Accessing Your Networks
Miller: Well Avigilon’s system can do that and most VMS’ can do that. It gets a lot trickier though if they’re circumventing the VMS and going straight to the cameras. If you have a firewall in between, then you can track IP addresses and Mac addresses and see who’s accessing your network. And even some of the cameras have logs in them as well so you can see what IP address and what user would have accessed them.
Used with the permission of avigilon.com/connected.