IT Security for Physical Security

The weakest point of your network are likely your legacy Video Surveillance and Access Control systems. Physical Security routinely undermines Network Security.



Target, one of the nation’s largest retailers with over $70B in annual revenue, was hacked in 2013 and their customers credit card information was stolen. This cost them $100M+ in settlements alone.


How did the hackers get in? Through a web server running the HVAC system. Why would an IT department allow a web server on their corporate LAN? You’re probably doing it right now. How does your Video Surveillance system work? It’s almost certainly an NVR (Network Video Recorder), which is just some ‘security’ company’s offshore C++ project put under their brand and running on a Windows machine. Same thing with your Access Control system, though that might be an embedded webserver (not any better from a security standpoint).


Any Video Surveillance or Access Control system made and deployed over the last several decades by the name brand security system vendors works the same way, they have open ports (e.g. 80 and 443, sometimes 22 and others) and offer up services (e.g. web and SSH). If you’re going to access these from off site, so can any hacker on the planet.


Remember the DDOS attack on DynDNS near the end of 2016? It took half the Internet down. Their botnet was largely comprised of Network Cameras and NVR’s that all used the same firmware vendor in Taiwan. Even after the IT department that bought these products changed the passwords, there was still an attack vector that used the default credentials. There was literally nothing the IT department could do to prevent their devices from being taken over, other than blocking off access from the outside world — which, given their outdated server architecture, would have rendered their systems useless.


Cloudastructure’s on premise hardware, the CVR and CDC, do not have any open ports. They offer up no internet services. They will get a 100% A+ on every penetration test you throw at them. They require no port forwarding in your router or holes in your firewall, your network stays secure. How do they work, then? All they do is phone home to Cloudastructure over HTTPS, just like one of your employees logging into Gmail or Bank of America would — exactly the kind of network usage you want to see in your logs.

Cloudastructure’s solution:

  • No open ports on any of our devices on your LAN

  • No port forwarding in your router

  • No holes in your firewall

  • All devices on your network make outbound HTTPS connections to Cloudastructure

  • 100% A+ penetration test results for both our devices and your network

Facilities would probably keep buying the incumbent solutions, and running web servers from the corporate LAN. Now that IT is involved in most of these projects, however, that solution is is being shown as the Bad Idea that it is. There just haven’t been an alternative, until Cloudastructure.

0 views