Information Security Standard for Network-Connected Video Cameras

 

In accordance with the University of Guelph Video Surveillance System (VSS) Policy, requests for video cameras on campus that will record individuals, including students, staff, or faculty, must be reviewed and approved by the Campus Safety Office.

 

In cases where video cameras are not supported by Physical Resources, such as cameras intended for research purposes or viewing lab equipment, it is the responsibility of the camera owner to ensure that all equipment is securely configured prior to connection to the University network.  

 

Securing network-connected video cameras is essential to protect the privacy of the campus community and the security of the University network. If exploited, an unsecured camera could be used as a surveillance tool or as a pivot point within the network, allowing an attacker to further compromise the security of other connected devices and equipment.

 

The following steps must be taken by the camera owner to ensure they are not introducing unnecessary risk to the campus network:

  1. Change Default Credentials - Change all default administrator passwords to complex and unique passwords at time of installation. Password complexity should meet or exceed the complexity described in the University Password Standard. Keep the passwords secure in a password manager, only securely share them with trusted individuals, and change all passwords on a regular basis.
  2. Regularly Update Firmware - Keep the camera's firmware up to date to patch vulnerabilities and improve security.
  3. Restrict Access – Within the camera software, restrict access to specific users, devices or the trusted VPN IP range (10.131.0.0/16).  With this restriction in place, users will first need to connect to the University of Guelph VPN service before they can connect to the camera. If this is not configurable within the camera software, contact CCS for assistance.
  4. Connect Cameras to the Private Network – Ensure the camera is connected to the private campus network and the assigned IP address is in the 10.0.0.0/8 range which will segregate it from the internet and critical campus systems. Contact CCS if assistance is required.
  5. Secure Physical Access - Ensure the camera is installed in a secure location and consider using tamper-evident hardware.
  6. Only Use HTTPS**- Configure the camera to only use HTTPS for encrypted communication to protect the user credentials and video feed.
  7. Disable Unnecessary Features** - Disable any unused or unnecessary features, services, or ports on the camera to reduce the attack surface.
  8. Employ Strong Access Controls** – If possible, implement user access controls and assign specific roles with minimal privileges to limit who can view and manage the camera.
  9. Regularly Audit Access Logs** - Review camera access logs on a regular basis to detect unusual or unauthorized access attempts.
  10. Secure Storage** - Protect stored video footage with strong encryption if supported and backup regularly to a secure location to prevent data loss. Never store unencrypted video footage to a memory card that could be removed from the camera with physical access.
    ** If technologically feasible within the camera hardware/software

 

 

By following these steps, you can significantly enhance the security of your network-connected video camera and minimize the risk to the University.

 

As detailed in the Vulnerability Management Policy, any device found on the network with security vulnerabilities, regardless of ownership, may be immediately disconnected from the network in the event that a discovered vulnerability poses an immediate risk to the University. Notification to camera owner(s) may not occur until after the disconnection has taken place.

 

For additional cyber security assistance or questions, contact the Information Security team (infosec@uoguelph.ca). 

 

For questions or assistance with video camera hardware and management, contact the Physical Resources Electronic Access team (eaccess@uoguelph.ca). 

 

 

CCS Information Security
Last Updated: December 4, 2023

© 2005 - 2024 ProProfs
-