What is "hardening?"
Developing and implementing security measures and best practices is known as "hardening." Hardening is a continuous process of identifying and understanding security risks, and taking appropriate steps to counter them. The process is dynamic because threats, and the systems they target, are continuously evolving.
Most of the information in this guide focuses on IT settings and techniques, but it’s important to remember that physical security is also a vital part of hardening. For example, use physical barriers to servers and client computers, and make sure that things like camera enclosures, locks, tamper alarms, and access controls are secure.
The following are the actionable steps for hardening a VMS:
- Understand the components to protect
- Harden the surveillance system components:
- Harden the servers (physical and virtual) and client computers and devices
- Harden the network
- Harden the cameras
- Document and maintain security settings on each system
- Train and invest in people and skills, including your supply chain
Target audience
Everyone in an organization must understand at least the basics about network and software security. Attempts to compromise critical IT infrastructure are becoming more frequent, so everyone must take hardening and security seriously.
This guide provides basic and advanced information for end users, system integrators, consultants, and component manufacturers.
- Basic descriptions give general insight into security
- Advanced descriptions give IT-specific guidance for hardening XProtect VMS products. In addition to software, it also describes security considerations for the hardware and device components of the system.
Resources and references
The following organizations provide resources and information about best practices for security:
- International Standards Organization (ISO),
- United States (US) National Institute of Standards and Technology (NIST)
- Security Technical Implementation Guidelines (STIGs) from the US Defense Information Systems Administration (DISA)
- Center for Internet Security
- SANS Institute
- Cloud Security Alliance (CSA)
- Internet Engineering Task Force (IETF)
- British Standards
Additionally, camera manufacturers provide guidance for their hardware devices.
See Appendix 1 - Resources for a list of references and Appendix 2 - Acronyms for a list of acronyms.
This guide leverages country, international, and industry standards and specifications. In particular, it refers to the United States Department of Commerce National Institute of Standards and Technology Special Publication 800-53 Revision 5 Security and Privacy Controls for Federal Information Systems and Organizations (https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final).
The NIST document is written for the US Federal government; however, it is generally accepted in the security industry as the current set of best practices.
This guide refers and links to additional information about security controls. The guidance can be cross-referenced to industry-specific requirements and other international security and risk management standard and frameworks. For example, the current NIST Cybersecurity Framework uses SP 800-53 Rev4 as a basis for the controls and guidance. Another example is Appendix H in SP 800-53 Rev 4, which contains a reference to ISO/IEC 15408 requirements, such as Common Criteria.
Hardware and device components
In addition to software, the components of an XProtect VMS installation typically include hardware devices, such as:
- Cameras
- Encoders
- Networking products
- Storage systems
- Servers and client computers (physical or virtual machines)
- Mobile devices, such as smartphones
It is important to include hardware devices in your efforts to harden your XProtect VMS installation. For example, cameras often have default passwords. Some manufacturers publish these passwords online so that they’re easy for customers to find. Unfortunately, that means the passwords are also available to attackers.
This document provides recommendations for hardware devices.