Bosch: Securing the edge of your video surveillance network
Video surveillance data is increasingly connected across local and global networks. While this brings enormous benefits, its important to realize that without adequate measures, it...
Video surveillance data is increasingly connected across local and global networks. While this brings enormous benefits, it’s important to realize that without adequate measures, it can also leave us vulnerable to cybercrime. In addition to physical security, data security and privacy must also be taken very seriously.
Bosch provides a four-step approach that considers the entire video surveillance infrastructure. While, the camera is often the most remote outpost in your network, it can be easily overlooked when implementing data security measures. With this in mind, we start at the edge when we take measures to secure our cameras. Firstly, when our cameras are set-up, users are required to set a password. Secondly, only secure (HTTPS) connections with the cameras are allowed and all ‘unsecure’ ports are disabled by default. Thirdly, the execution of 3rd party software is disabled and firmware updates can only be done via our firmware files. Finally, all Bosch IP cameras feature a unique, built-in Trusted Platform Module (TPM). This module safely stores all certificates and keys needed for authentication and encryption. Even in cases of unauthorized access, the TPM ensures that the keys cannot be retrieved.
End-to-end data security
However, focusing on the edge of your video surveillance set-up alone is not enough. Even a single weak link in a surveillance solution can jeopardize the entire system. Bosch achieves the highest standards with a four-step approach that considers the entire video surveillance infrastructure. This includes cameras, servers, clients, storage devices, network protocols and standard key infrastructures.
It starts with creating trust by assigning every component in the network an authentication key. Secondly, data is secured by encrypting it at the hardware level, using a cryptographic key that is safely stored in a unique built-in Trusted Platform Module (TPM). In order to ensure that only authorized people have access to data, we offer a number of ways to manage user access rights. And finally, we have our own PKI solutions with in-house Certification Authority (CA) Escrypt. Our solutions also support 3rd party public key infrastructure (PKI) solutions from companies such as SecureXperts, Incorporated (SXI).
Securing core devices (servers, clients and storage devices)
Video surveillance data can range from sensitive to top secret. But even networks with trusted devices and secure data transfer can fall victim to human error. That’s why Bosch offers extended user management options for controlling individual user access rights and supports existing industry standards such as Microsoft Active Directory. Supporting solutions that authenticate users by making use of tokens. Regular updates via security patches and allowing digest access authentication only, further increases security levels to keep video data secure. Bosch recording solutions can also come with a unique built-in Trusted Platform Module (TPM). This module, as with our cameras, safely stores all certificates and keys needed for authentication and encryption. Even in case of unauthorized access, the TPM ensures that the keys cannot be retrieved.
Securing the infrastructure
Authentication within the network is ensured using the 802.1x protocol. Bosch network cameras and storage devices support up to 256 bit keys for encryption (Advanced Encryption Standard). All Bosch cameras feature a unique factory-loaded Bosch signed certificates to enable authentication and encryption. If needed, these factory-loaded certificates can be replaced by customer specific certificates to meet certain customer requirements. In a world where almost everything is connected, data security is now a community effort. That’s why Bosch video surveillance solutions comply with leading industry standards in PKI for the management of digital encryption certificates.
Because video data is often highly critical and sensitive, Bosch is driving a systematic approach to maximize data security by considering physical safety and cybersecurity simultaneously. Our system approach is the key to achieving the highest standards in end-to-end data security. Our focus is keeping your video data secure.