White Paper Network Video Management System Ensuring end-to-end protection of video integrity

Similar documents
Chapter 7. Video Broadcast

Lufthansa (LH) Group OB Fee on Apollo

Create and Manage Group Policy

STUDENT APPLICATION PROCESS: TIER 1 STUDENTS

Shuttles are scheduled ONLY when there is a reservation. Without reservations we DO NOT travel.

Monitoring & configuring Server Group by using idrac Group Manager

ASISA STANDARD ON UNCLAIMED ASSETS

Access control and (pre-)registration

Screening, Qualifying & Instructing Passengers

PORTER AIRLINES INC. GENERAL CONDITIONS OF CARRIAGE

THIS IS UNCHARTED ADVENTURE

FLIGHTS OF FANCY How Wing Shape Affects Flight

Alien Flight Student Program

Contact Details for Visa Information

Concur Travel Tips and Tricks

Servas International - Nominations Committee Candidate Application Form -

Camp Caillet Crisis Response Plan

English Version ATC BRIEFING GUIDE. GR IVAO [COMPANY NAME] [Company address]

All Requests for Stamping, Banners, and Space Reservations must be done through TitanLink. Complete the form at:

This section outlines travel policies and procedures for international and in-country travel and related meals and incidental expenses payments.

GYMNASTICS & NINJA SUMMER CAMPS 2018

Camp BUCKO 2018 Volunteer Application

Optional Practical Training - STEM Extension

1501 Wall Mounted Drinking Fountain

What You Must Know About Your Immigration Status. Presented by the Office of International Affairs (OIA)

Manresa Island Reuse and Economic Impact Analysis Study Public Involvement Process & Summary June 2017

Tasmanian Tourism Snapshot

Cathay Pacific Airways (CX) and Dragonair (KA) will launch the first Ancillary selling through Travel Agency Channel

REFUND INFORMATION FOR TRAVEL AGENTS

Attachment: Example of I-9 with I-94 information Good afternoon,

GUIDANCE NOTE 17 TRAVEL POLICY & BOOKING PROCEDURE - ONSHORE

SAFETY ALERT - # TRANSPORTATION REQUIREMENTS & FIRST AID ALBERTA EDITION RELEASE DATE: DECEMBER 12, 2007

Camp Scholarship Application

ATM Network Performance Report

Skidmore College Guidelines on UAS - Unmanned Aircraft Systems (drones)

PBN Route Structure Alaska Sub-Committee AACA Co-Chair Dennis Parrish

Carbon Offsetting and Reduction Scheme for International Aviation (CORSIA) Overview Kurt Edwards Director General, IBAC NBAA BACE October 2018

National Business Ethics Survey 2013 Summary - US

IRELAND. AERONAUTICAL INFORMATION SERVICE IRISH AVIATION AUTHORITY CONTROL TOWER SHANNON AIRPORT CO. CLARE Tel Fax

Important Information about this Release

Rental Policies & Procedures Agreement

Greek Orthodox Metropolis of Boston Iera Mhtropolis Bostwnhs

DOT 3 Hour Rule GoJet SOC Master Plan

OPTIONAL PRACTICAL TRAINING FOR F-1 STUDENTS

Ski & Snowboard Group Guide. Wilmot Mountain, a Vail Resorts Company Fox River Rd. Wilmot, WI 53192

Three new ways to fly Agency how to guide

2013 Lewis and Clark Cub Camp June 3 rd -7 th Hitchcock Pack Galactic Trek

IndusInd Bank Ltd. Unclaimed Deposit Policy

Tiger CAMPus REC WELCOME CAMPERS!

Figure 1. The sun warms the soil in the daytime. Heat from the soil keeps crops warm at night. A covering traps heat from the soil around the crops.

Tips for attending the 11 th World IFYE Conference 8-16 September 2018 Cruisin with IFYE

PACKING A SUITCASE MINI COURSE

USE OF DURABLE PAVEMENT MARKINGS

Camp John J. Barnhardt December 9- December 11, Leader s Guide STANLY COUNTY BURNING BAN! NO CAMPFIRES

Facilities Worker. Job Information Pack. Employment Conditions. This information package includes:

BCHA Volunteer Hours Reporting Guide

D. Aircraft Conformity Procedures. D.1 Formal Request to Add an Aircraft. D.2 Manual Submission

Harmonizing Transport Work Package 4.2

FAMILY PREPAREDNESS FOR DISASTER. Mississippi Baptist Convention Board Disaster Relief. P. O. Box 530 Jackson, MS

Tenderfoot: A new requirement 4c was added and the wording of requirement 13 was revised. The revisions are as follows:

Agenda Joint Meeting of The Park Board & City Council

GAMA/Build A Plane 2017 Aviation Design Challenge


RV SITE RENTAL AGREEMENT AND WAIVER OF LIABILITY

Guide to Life at the Campground

Schedule Irregularity/IROPS

Draft Evaluation Criteria for the Tonto National Forest Wilderness Recommendation Process

PISTOL SHOOTING QUEENSLAND. MONTHLY UPDATE April For PSQ Members

CHAPTER 1.0 INTRODUCTION

Tiger CAMPus REC WELCOME CAMPERS!

Lakewood Campus (5810 W. Alameda Ave. Lakewood, CO 80226)

Dog Hiking Behavior Volunteer Training Manual - Buddy Center

EMERGENCY MANAGEMENT FOR AERODROME CONTROLLER

Detailed Information Lauterbrunnen 2019 Hotel Staubbach

The Haiti Information and Communications Technology (ICT) Working Group is providing Internet services in 16 sites across Haiti.

Waukegan Park District Special Meeting of the Board of Commissioners Cultural Arts Advisory Committee Meeting September 29, :00pm meeting

Parks and Recreation. Goals

Digital Marketing Proposal for The City of Asheville

su mejor Modelling Delay Propagation Trees for Scheduled Flights Isdefe ATM Seminar, 11 th edition BRUNO CAMPANELLI, IFISC (UIB-CSIC)

SAU 24 Month Optional Practical Training Extension Guidebook

Forest and Prairie Protection Act and Regulations Parts I and II - Legislative Review and Regulatory Reform Discussion Paper

ASSISTANT SECRETARY 15 NOV 2011 ' PRINTED NAME OF SIGNER TITLE DATE

Concur Travel - Travel Arranger View

ERA AIR SAFETY GROUP REPORT FOR 2016

CCI Resource and Construction Conference And Construction Industry Dinner 28 June 2018

Review of the previous CARSAMMA and Scrutiny Group meetings Conclusions and Recommendations

SAN DIEGO ROTARY CLUB 33 CAMP ENTERPRISE 2018 PROGRAM INFORMATION FOR

CO 675 Group Counseling Theories and Techniques

Exhibitor Information Packet

MIAMI International Real Estate Congress 2013 EB-5

B.S. SHIPPING GROUP SHIPPING AGENCY

The chair features slim-line upholstery and has a plywood mono-shell construction to ensure maximum flexibility.

Concern Worldwide Haiti

CONSULTATION PAPER ON AIR PASSENGER PROTECTION REGULATIONS

AGENCY DEBIT MEMO (ADM) POLICY

!!!!!! Vision & Strategy!!

National Search and Rescue Committee (NSARC) Secretariat Issue Paper

o o o þ þ o o Short title of the project: VILLAGE DEVELOPMENT IN KAUNISSAARI I. BASIC INFORMATION I.1 Short title of the Pilot Action

ALI ZAGHARI Deputy District Director Caltrans, District 7 Division of Traffic Operations

APPENDIX D Safety Performance Review

Transcription:

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Netwrk Vide Management System Octber 7, 2016 NVMSWP002 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Table f Cntents 1. Intrductin... 3 2. Purpse and target audience... 4 3. Vide flw and inherent security risks... 5 4. Addressing security cncerns and risks... 7 4.1. Vide captured by camera... 7 4.2. Vide streamed t the Recrding Server... 8 4.3. Vide stred in the Recrding Server database... 9 4.4. Live r recrded vide is send t a client ver a netwrk... 9 4.5. Live r recrded vide viewed and exprted t a media... 10 4.6. Exprted evidence media is transprted frm the surveillance site t plice r a curt... 11 4.7. The exprted evidence is viewed by plice r a judge in a curt... 12 5. Benefits and summary...14 Revisin Histry...15 Sny Netwrk Vide Management System 2 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 1. Intrductin In applicatins and installatins where vide plays a critical rle as evidence material, it is paramunt that the vide is transmitted, stred and in general handled in a secure way; frm the time it is captured by the camera t the time it is used as evidence, fr example in a curt f law. Sny s Netwrk Vide Management System (NVMS) Enterprise Editin and NVMS Smart Client prvide a series f security mechanisms that enable users t maintain full end-t-end security and integrity f recrded vide data. Vide database encryptin, digital signing f vide databases and a functin t prevent re-exprt f the exprted material are cre cmpnents f Sny s vide management slutin fr ensuring and prtecting the integrity f the vide evidence. Sny Netwrk Vide Management System 3 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 2. Purpse and target audience The purpse f this white paper is t give a general verview f hw vide is transmitted frm the camera and stred securely in the NVMS Enterprise Editin Recrding Server databases, as well as hw exprted recrdings are secured and validated in the NVMS Smart Client Player when used as evidence. The primary audience fr this white paper is individuals r rganizatins with surveillance prjects/installatins where vide and evidence handling is critical. The target grup might include (but is nt limited t) the fllwing audiences: surveillance system architects/designers and surveillance prject cnsultants security fficers cmpanies rganizatins and law enfrcement bdies This white paper shuld enable the reader t understand hw recrdings are secured frm transmissin frm the camera t viewing exprted recrdings as evidence, as well as hw t implement and use the extended security in the mst ptimal way. The reader is assumed t have a general understanding f NVMS Enterprise Editin and IP vide management slutins in general. Sny Netwrk Vide Management System 4 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 3. Vide flw and inherent security risks In any vide surveillance system, analg r digital, there is an inherent security risk in the different parts, cmpnents r data/vide transprtatin media used. These elements f the system may be tampered with r the security f them can be cmprmised. In digital vide surveillance systems, the vide flw is typically as illustrated belw. Each functin and cmpnent has its wn inherent risks, examples f which are listed here: 1. Vide is captured by a camera Camera may be discnnected, stlen r simply vandalized Camera may be tampered with by turning it r by cvering the lens 2. Vide is streamed ver the netwrk t a Recrding Server The netwrk may be discnnected r flded with unwanted data due t a distributed denial-f-service (DDOS) attack The netwrk may be cmprmised giving unauthrized persns access t tapping int the transmitted vide 3. The Recrding Server stres the vide in its vide database The Recrding Server may be turned ff r fail Micrsft Windws security culd be cmprmised giving lcal r remte access t the vide database files 4. Live r recrded vide is sent ver a netwrk t a client Sny Netwrk Vide Management System 5 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity The netwrk may be discnnected r flded with unwanted data due t a DDOS attack The netwrk may be cmprmised giving unauthrized persns access t tapping int the transmitted vide 5. The client decdes the vide and displays it n the mnitr and ffers a functin t exprt vide recrdings fr evidence Unauthrized persns may try t hack r therwise btain lgin credentials t gain unauthrized access t viewing and exprting vide Authenticated surveillance users may try t tamper with exprted material 6. Exprted evidence media is transprted frm the surveillance site t plice r a curt The exprted vide may be viewed and cpied by unauthrized persns The exprted vide may be tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence 7. The exprted evidence is viewed by plice r a judge in curt The exprted vide may have been tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence Sny Netwrk Vide Management System 6 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 4. Addressing security cncerns and risks As highlighted in the previus sectin, there are several places where security can be breached. T address these security cncerns and inherent risks, Sny has implemented several security functins in additin t the standard security measures that can be used t increase the security f the verall vide system and its recrdings. The belw illustratin shws the pssible security measures t cunter tampering and fraud in each f the vide flw steps. 4.1. Vide captured by camera Risk: Camera may be discnnected, stlen r simply vandalized NVMS Enterprise Editin will autmatically detect if the camera is nt respnding r stps streaming vide t the system. Once the system detects this it issues a cmmunicatin errr event, which triggers alarms r rules that ntifies the right peple f the issue. Risk: Camera may be tampered with by turning it r by cvering the lens Many cameras can detect tampering events f different kinds, such as tampering, vide lss, and temperature. These events can be received by the NVMS Enterprise Editin system that triggers alarms r rules, which ntifies the right peple f the issue. Sny Netwrk Vide Management System 7 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 4.2. Vide streamed t the Recrding Server Risk: The netwrk may be discnnected r flded with unwanted data due t a DDOS attack NVMS Enterprise Editin will autmatically detect if the camera is nt respnding r stps streaming vide t the system. Once the system detects this it issues a cmmunicatin errr event, which triggers alarms r rules that ntifies the right peple f the issue. In additin t creating alarms r ntificatins via emails, NVMS Enterprise Editin als supprts Edge Strage n selected devices. Edge Strage ffers the functin t recrd vide in the camera itself and let the Recrding Server retrieve these recrdings after a netwrk failure, effectively ensuring vide recrding even fr perids with n cnnectin t the camera. Fr mre infrmatin n Edge Strage supprt in NVMS Enterprise Editin: www.sny.net/camerasystem/nvms/technical-dcuments Risk: The netwrk may be cmprmised giving unauthrized persns access t tapping int the transmitted vide Tw methds can be used t prtect the transmitted vide: VPN tunneling and HTTPS. A virtual private netwrk (VPN) tunnel can be set up between the camera and Recrding Server using standard equipment r sftware. The VPN will encrypt all data transmitted thrugh the tunnel and thus prtect against unauthrized access t the vide. Using a VPN is a generic slutin that can be used with any camera. In additin t a VPN, NVMS Enterprise Editin als supprts HTTP Secure (HTTPS) fr a subset f cameras. HTTPS uses Secure Scket Layer (SSL) and ffers encrypted cmmunicatin directly with the camera withut a VPN tunnel. Fr mre infrmatin abut VPN, HTTPS and SSL: http://en.wikipedia.rg/wiki/virtual_private_netwrk http://en.wikipedia.rg/wiki/http_secure http://en.wikipedia.rg/wiki/transprt_layer_security Sny Netwrk Vide Management System 8 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 4.3. Vide stred in the Recrding Server database Risk: The Recrding Server may be turned ff r fail Edge Strage can help because, as described in the previus sectin, it can recrd vide in the camera, allwing the Recrding Server t retrieve the vide nce it is up and running again. Risk: Windws (the perating system) security culd be cmprmised giving lcal r remte access t the vide database files T prevent unauthrized access t the vide database files several layers f security can be implemented: Physical security Access t the rm with the physical Recrding Server shuld be limited t a few authrized peple nly Windws Server security Lcal cnsle and remte desktp access t the server running the Recrding Server shuld be limited t a few authrized peple Windws shuld be set t autmatically lgut after a shrt time f inactivity Windws shuld be kept updated with the newest service releases 4.4. Live r recrded vide is send t a client ver a netwrk Risk: The netwrk may be discnnected r flded with unwanted data due t a DDOS attack In case the netwrk is flded with unwanted data, the cnnectin t the client may be discnnected r rendered inperable. In this case the peratr will immediately see this and can alert the administratr abut the issue. While the clients may nt be able t view live r recrded vide, the Recrding Server can cntinue t recrd vide unaffected if the netwrk has been designed as tw separate netwrks; ne fr clients and ne fr cameras. Risk: The netwrk may be cmprmised giving unauthrized persns access t Sny Netwrk Vide Management System 9 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity tapping int the transmitted vide As with the netwrk cnnectin frm the cameras t the Recrding Server, the transmitted vide frm the Recrding Server t the client can be prtected by using VPN tunneling. In additin t VPN tunneling, NVMS Web Client and NVMS Mbile als supprt HTTPS. 4.5. Live r recrded vide viewed and exprted t a media Risk: Unauthrized persns may try t hack r therwise btain lg-in credentials t gain unauthrized access t viewing and exprting vide T prevent smene frm hacking int the system, NVMS Enterprise Editin relies n secure Windws Active Directry (AD) authenticatin that ffers strng prtectin against hacking. In extensin t the built-in technical security in Windws AD, it is imprtant that all users f the system have their wn separate Windws AD accunt because a single accunt, r just a few shared accunts, will make it hard t cntrl wh knws the user name and passwrd and thus wh can access the system. Using separate accunts fr each user will als make it easier t investigate in the NVMS Enterprise Editin audit lg wh lgged in, viewed live r recrded vide r wh exprted vide frm the system. In additin t securing access t the client, NVMS Enterprise Editin ffers centrally cntrlled security settings with time prfiles that set when and which cameras can be viewed live, played back and exprted by the user. Furthermre, NVMS Enterprise Editin can cntrl all exprt settings available in the NVMS Smart Client via a s-called NVMS Smart Client prfile. Belw is highlighted a few f the NVMS Smart Client prfile s exprt settings with the recmmended value fr the mst secure exprt. Sny Netwrk Vide Management System 10 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Exprt t set t T media burner NVMS frmat set t Available Media player and Still image frmats set t Unavailable Include NVMS Smart Client Player set t Yes Prevent re-exprt set t Yes Passwrd prtect data set t Yes Passwrd set t a predefined passwrd Encryptin strength set t 256-bit AES Manage prject cmments set t Required Include digital signature set t Yes The Lcked check bx must be selected fr all f the abve settings t ensure that an NVMS Smart Client user cannt verride them. The full list f the NVMS Smart Client prfile s exprt settings can be seen in the screensht t the abve. 4.6. Exprted evidence media is transprted frm the surveillance site t plice r a curt T prevent unauthrized persns frm viewing r cpying exprted vide, NVMS Smart Client supprt three levels f security n the exprted vide database: 1. Database encryptin with passwrd prtectin 2. Disable re-exprt 3. Digital signature Risk: The exprted vide may be viewed and cpied by unauthrized persns The database encryptin supprts up t 256-bit advanced encryptin standard (AES) and access is prtected by a passwrd. Sny Netwrk Vide Management System 11 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity NVMS Smart Client ffers the ptin t prevent the exprted vide frm being re- exprted when viewed again in the NVMS Smart Client Player. This ensures that the vide cannt be exprted in anther frmat r be exprted t the NVMS frmat again but withut encryptin and digital signing. Risk: The exprted vide may be tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence When vide that shuld be exprted is prtected with a digital signature n the Recrding Server, the signature f the recrded vide will be checked during the exprt t ensure that the vide has nt been tampered with n the Recrding Server. If the recrded vide passes the signature check, including the riginal digital signature, the vide is exprted t a new database created by NVMS Smart Client n the client PC. During the exprt, NVMS Smart Client adds its wn signature s the vide is prtected by tw signatures the riginal ne made during recrding and the ne created by NVMS Smart Client during the exprt. 4.7. The exprted evidence is viewed by plice r a judge in a curt Risk: The exprted vide may have been tampered with remving critical sequences f the recrded vide r be mdified t give anther impressin f the recrded evidence When the exprted recrdings prtected by encryptin and digital signing are viewed again by plice r a judge in curt, the NVMS Smart Client Player will request the user t enter the passwrd t decrypt the recrdings. Once the crrect passwrd has been entered, the client infrms the user that the vide is signed and can be verified by clicking the Verify Signatures buttn. This indicates fr the persn viewing the vide that the recrdings have been prtected by an encryptin and in additin t this have a digital signature that can be verified fr authenticity. Activating the digital signing verificatin will pen a new windw and may take sme time t cmplete depending n the size f the recrdings and amunt f cameras in the exprt. When cmpleted, it will display if the recrdings have been tampered with r if the integrity is intact. Sny Netwrk Vide Management System 12 Revisin 1.0.0

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity The belw screensht shws an example f crrectly validated databases. Bth signatures can be validated directly in the Player. If the validatin fails, the dialg bx will display the time f the first failed segment f the database as seen in the screen sht belw. Sny Netwrk Vide Management System Revisin 1.0.0 13

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity 5. Benefits and summary By cmbining a set f standard security functins and cncepts with a set f slutin unique functins, NVMS Enterprise Editin enables users t deply vide surveillance slutins with full end-t-end security. With the encryptin and signing features in NVMS Enterprise Editin and NVMS Smart Client, it is pssible t keep streamed and recrded vide secure and prve the integrity f recrdings all the way frm the riginal stream frm the camera and t the pint where it is viewed, fr example in a curt f law. Fr cmpanies that require strict cntrl f the exprt frmat and security settings, the NVMS Smart Client prfile can be used t cntrl exprt settings and parameters strictly frm a central pint. NVMS Enterprise Editin and NVMS Smart Client ffer secure handling f vide all the way frm the pint where it is captured and streamed frm the camera t the vide surveillance system and t the time it is viewed as evidence. Sny Netwrk Vide Management System Revisin 1.0.0 14

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Revisin Histry Date Revisin Descriptin 2016/10/07 1.0.0 First editin. Sny Netwrk Vide Management System Revisin 1.0.0 15

White Paper Netwrk Vide Management System Ensuring end-t-end prtectin f vide integrity Disclaimer This dcument, in whle r in part, may nt be reprduced r transferred fr any purpse withut prir written apprval frm Sny Crpratin. Sny Crpratin reserves the right t make any mdificatin t this dcument r the infrmatin cntained herein at any time withut ntice. Sny Crpratin shall nt bear any respnsibility r liability fr any damage, lst earning, and third party claim, resulting frm the prducts and related dcuments. Cpyright This dcument cntains registered trademarks and trademarks that are wned by their respective cmpanies. Sny Netwrk Vide Management System Revisin 1.0.0

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback