Search Our Site

Our Newsletter

Our Ramblings

Choosing CCTV Cameras

cctv1Setting up a CCTV camera system is not something to be taken lightly. It is a significant expenditure and should be thought through before a single pound is spent. The most important part of any CCTV system is the camera as it provides the eyes of the operation, so to speak. The key to buying the right CCTV camera is not simply in going out and buying the biggest or most expensive model on the market.

The key is to start by identifying the needs a camera has to meet. Once those needs are known, it becomes easier to find the right camera, as opposed to spending a large amount of time trying to select a camera without really knowing how or why it will be used. Knowing what matters to a given purchaser not only speeds the decision process, but also helps to ensure they make the right CCTV camera purchase decision. Therefore, the key is knowledge, knowing what to look for in order to meet the user’s needs.

How a CCTV Camera Works

Most CCTV, or closed-circuit TV cameras used in home security work, are solid-state electronic devices that are connected to a central recorder rather than broadcasted over the air. It is, therefore, a closed circuit, broadcasting to a specific location, rather than to anyone in range. The camera itself is usually made up of the following main components: lens, sensor, and digital signal processor, or DSP. In simplest terms, the lens focuses the light that is to be imaged onto the sensor, which then passes it to the DSP which converts it into a TV signal. This signal is then transmitted to a central location either by wire or wirelessly for storage and viewing.

Factors to Consider When Purchasing a CCTV Camera

There are a number of important factors to consider when purchasing a new CCTV camera, most of which map to one or more of the basic hardware components, so understanding the components and how they affect the CCTV camera’s performance is an important part of knowing what to look for.

Choosing the Right Lens

The lens is what gathers the light for the sensor. Everything the viewer sees, or that gets recorded on the DVR comes through the lens. It determines the distance at which a car’s number plate can be read, and a face can be recognised because the lens controls focus. In many cases, a better lens is more helpful than a higher output resolution, as the output is always limited by the input, and the lens determines the input.

Buyers should also look for a zoom lens. Some CCTV cameras come with digital zoom, where others have optical zoom, handled by the lens. Whenever possible, buyers should opt for optical over digital zoom. The problem with digital zoom is that it provides no more information than was in the original image. Optical zoom can actually add new information as it changes which light reaches the sensor.

Choosing the Right Sensor

Not all digital sensors are created equal. There are two main things to look for when studying the sensor specifications of a given CCTV camera: the first is the sensor type, the second is the sensor size. Most CCTV sensors are either CMOS or CCD. CMOS is less expensive and uses less power than CCD, but it is less sensitive and does not produce as clear an image, which can be particularly problematic when using the camera for identification purposes. One result of this is that CMOS-based sensors require more signal processing to produce a clear image.

The other important factor is the sensor size. The larger the sensor, the more light it can process, and the higher quality image it can produce. Most CCTV camera sensors come in one of two sizes: 1/4 inch, which measures 3.2 mm by 2.4 mm, and 1/3 inch, which measures 4.8 mm by 3.6 mm; giving it over twice the surface area of the smaller sensor. A larger sensor not only gathers more light, but in doing so gives the DSP more data to work with, which is especially helpful with the less capable processors used in budget cameras.

Choosing the Right Output Resolution

One very common specification for CCTV cameras is the number of horizontal lines of TV resolution it can output, or its TVL. This can range anywhere up to 700TVL, with many cameras coming in between 380TVL and 540TVL. Some experts recommend 420TVL as a minimum, but this is not always the case. While a high resolution is nice to have, the output depends on the input, so if the lens and sensor cannot match the output resolution, which is determined by the DSP, then the extra resolution is wasted. What matters most is having enough resolution to clearly display any image the camera can produce. Anything beyond that is unnecessary.

CCTV Camera Types

Not all CCTV cameras are the same size and shape. Different uses require different capabilities, and so there are different kinds of cameras to meet those needs. The following table shows the three basic types of cameras and some of their common uses.

 

CCTV Camera Type

Use

Bullet Camera These small cylindrical CCTV cameras are often used in environments where discretion is important, but there is no need to permanently install the camera in a protective dome. They work well in shops and service areas when there is a need to monitor the staff
Dome Camera A CCTV dome camera is an excellent choice for surveillance as it not only protects the camera from casual vandalism, but also provides a degree of security as it is often impossible to tell where the camera is pointed
IR Day/Night Camera While obvious in appearance, these cameras have the advantage of providing 24-hour outdoor coverage regardless of lighting conditions. They provide a colour image in the daytime, shifting to black and white for infrared viewing at night

Which camera a given buyer wants to use depends on their goals and needs. Understanding those needs make choosing the right CCTV camera that much easier.

Choosing the Right CCTV Camera

When choosing the right camera for a given purchaser’s needs, there are several things the buyer should look for. The first is a lens that gives the user a clear image of the area covered by the camera from its mounting point. If the area under surveillance is not in focus, then there is no real point to monitoring it. The next feature is the sensor, whenever possible buyers should go for the 1/3 inch CCD sensor as this provides the most information for the DSP to process. The final feature of the camera itself is the output resolution. While many companies may put this feature first, its usefulness is limited by the components in front of it.

Once the hardware capabilities have been determined, the next step is to decide which type of camera best fits the user’s needs. Those covering large outdoor areas, such as homeowners wanting to cover their property, may want to consider a day/night camera. Bullet cameras work well for monitoring staff, while ceiling-mounted dome cameras are good for covering the entire premises of a shop or business.

Conclusion

There are a number of things to look for when buying CCTV cameras. Some are technical factors which apply to every situation regardless of the intended use: every camera can benefit from a better lens and high quality sensor. Other factors are more dependent on the intended use of the CCTV camera, as some types are more useful in some situations than others. A day/night camera is great for keeping an eye on visitors coming up the drive, but it may not be the best choice for monitoring staff or business premises.

Many businesses may be better served with either dome cameras covering the entire floor or small bullet cameras to monitor the staff. Regardless of the buyer’s needs, it pays to look for quality. Therefore, understand how CCTV cameras work and the importance of optical zoom as opposed to digital zoom makes it easier to recognise said quality. The most successful purchases are informed purchases, and knowing what to look for makes buying a CCTV camera much easier.

The Nessus Vulnerability Scanner

In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:

  • Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
  • Denials of service against the TCP/IP stack by using mangled packets
  • Preparation for PCI DSS audits

On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user.
According to surveys done by sectools.org, Nessus is the world’s most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide.

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap or Nmap) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests…).
Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.
If the user chooses to do so (by disabling the option ‘safe checks’), some of Nessus’s vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.
Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA’s guide for hardening Windows servers.

 

Q. What is included in the Nessus download?
A. When you download Nessus, you receive the Nessus 4.4 scanning engine (server) that includes a flash web-based client. To receive updates under either a ProfessionalFeed or HomeFeed, you will need to register your scanner.

Q. What OS platforms does Nessus have builds for?
A. Nessus 4.4 is available and supported for a variety of operating systems and platforms:
Debian 5 (i386 and x86-64)
Fedora Core 12, 13 and 14 (i386 and x86-64)
FreeBSD 8 (i386 and x86-64)
Mac OS X 10.4, 10.5 and 10.6 (i386, x86-64, ppc)
Red Hat ES 4 / CentOS 4 (i386)
Red Hat ES 5 / CentOS 5 / Oracle Linux 5 (i386 and x86-64)
Red Hat ES 6 / CentOS 6 (i386 and x86-64) [Server, Desktop, Workstation]
Solaris 10 (sparc)
SuSE 9.3 (i386)
SuSE 10.0 and 11 (i386 and x86-64)
Ubuntu 8.04, 9.10, 10.04 and 10.10 (i386 and x86-64)
Windows XP, Server 2003, Server 2008, Server 2008 R2, Vista and 7 (i386 and x86-64)

Q. What does Nessus 4.4 cost?
A. The Nessus 4.4 scanner is available as a free download.

Q. Where can I go for more information?
A. If you still have questions about Nessus 4.4, feel free to contact us, visit http://www.rustyice.co.uk/ or post to us via our contact link.

Security At the Edge: Locking Down the Network Perimeter

When securing your company’s network, it’s best to start on the edges — the perimeter — where the system interfaces with the rest of the world. It’s an approach that makes sense. While installing safeguards deep inside the network is a good idea for securing against some types of threats, you’ll generally get the broadest protection — and the biggest bang for your security buck — by building up protection along the edges.

To begin planning a perimeter-oriented network-defence strategy, one has to understand exactly where the perimeter lies and what technologies are involved. Put simply, the perimeter is the network’s boundary: the frontier where data flows in from (and out to) other networks, including the Internet. Perimeter defense functions like a checkpoint, allowing authorized data to enter unencumbered while blocking suspicious traffic.

Perimeter-checkpoint duty is handled by several different technologies, including border routers, firewalls and a variety of other specialized security products. Let’s take a look at each of these technologies and the roles that they play in perimeter security.

Border Routers: Network routers work much like traffic policemen, directing data into, out of and within networks. A border router is a special type of router: the one that stands between your network and an external network, such as the Internet. Therefore, the border router is like a traffic policeman posted at a spot located on the main road into a town — the one who spots the registration plate on the bad guy’s car. Since all Internet traffic passes through the border router, it’s a logical place for filtering.

Firewalls: A firewall’s basic job is to permit or stop data flowing into or out of a network. For perimeter defence, firewalls are available as software (installed inside a router) or as stand-alone hardware appliances. A firewall can provide services such as stateful inspection (analysing transactions to ensure that inbound packets were requested); packet filtering (blocking data from specified IP addresses and ports); and NAT (network address translation), which presents a single IP address — representing multiple internal IP addresses — to the outside world.

IDS (Intrusion Detection Systems):
An IDS protects networks by analyzing traffic for suspicious activity. If something unusual is detected, the IDS alerts the network administrator, who can then take action to stop the event that is taking place. In fact, an IDS is often described as a network burglar alarm. Various vendors offer IDS products with a range of different capabilities, enabling customers to easily find a system that most closely match their security and budgetary needs.

IPS (Intrusion Prevention Systems): An IPS is similar to an IDS, except that the product is designed to take immediate action — such as blocking a specific IP address or user — rather than simply issuing an alert. Some products also use behavioral analysis to spot and stop potentially dangerous data. The line between IDS and IPS technologies is blurring, so it’s now possible to find an IDS that incorporates IPS functions.

VPN (Virtual Private Networks): A VPN provides perimeter security by encrypting the data sent between a business network and remote users over the Internet. In essence, the technique creates a private tunnel through the Internet. VPN technology is widely popular and is used by enterprises of all sizes. The approach’s biggest threat is from an attacker who figures out a way of compromising an authorized user’s system, then gains control of an encrypted pathway into the company network.

DMZ (Demilitarized Zones):
Borrowing its name from the no-man’s-land created between North Korea and South Korea at the end of the Korean War, a DMZ is a neutral area that is created outside the firewall between a company’s network and an external network, such as the Internet. One way of forming a DMZ is to install a host (a dedicated server) that resides between the two networks. The DMZ host can initiate sessions for Web pages, email and other requests on the public network. The system can’t, however, initiate a session back into the company’s network — it can only forward packets that have already been requested. The technique prevents unrequested and potentially destructive data from entering a company’s network.

Perimeter network security works by providing several layers of protection at the network’s edge. Different security technologies working in unison create a fortress-like barrier that can thwart most types of attackers. Perimeter security can’t, however, block all attacks — particularly a DoS (denial-of-service) onslaught. Yet a well-planned system will efficiently deflect most network threats, providing peace of mind for business owners and managers, network administrators, and end users.

Managed Security Services – Good or Bad?

The buzz word “Managed Security Services” sparks off a religious debate among the staunch believers and critics of this rapidly emerging phenomenon in the world of information security.

The supporters vehemently profess that Managed Security Services should be considered as a kind of panacea for today’s burgeoning security problems facing the industry. The critics on the other hand maintain that such a solution should not be considered as a full time solution but adequate training and awareness must be imparted to develop the core skills needed to run businesses securely.

Although a semblance of truth exists in each of these assertions, this post attempts to highlight the current predicament facing organizations across the UK and how with the aid of a competent and reliable MSS provider the organizations could overcome these shortcomings and continue to flourish and stay abreast in the cyber space.

The current trend:

Organizations in the UK are shifting to a new paradigm. The government organizations, the large institutions and the small start-ups are making a beeline to jump on to the Internet bandwagon in order to get connected. Getting connected to the highly precarious Internet is now being perceived as the life line for survival.

As more and more organizations are relying on the Internet more and more security problems are surfacing. Attacks and attackers are getting increasingly sophisticated. According to a recent study conducted by the Honeynet project, the life span of a system connected to the internet is around 15 minutes after which it will be targeted. The attack can either be a simple scan of the system or a full fledged attack. Since the Internet knows no geographic boundaries the attack can happen from any part of the world and at any time of the day. The attack tools are also widely distributed on the Internet and anyone can easily obtain them. There is an urgent need to protect our resources, assets and ourselves from these threats. But the question that comes to mind is – can we adequately protect our resources when we do not fully understand what security is all about?

Understanding Security

The authors of the famous and best selling security book “Hacking Exposed” say Security is not a goal, it is a process, and Security is not a product, it’s a posture. Security works by knowing the threats and managing the risks. The risks can never be completely eliminated but can be reduced by managing them properly. A competent Managed Security Services Provider can help reduce risks to organizations by

• Pro-active Monitoring of Security Devices
• Effective Management of Security Devices &
• Rapid Incident Response.

Most Managed Security Services Providers operate from their state-of-the-art SOC – Security Operations Center equipped with latest monitoring tools and gadgets. At Here at Rustyice Solutions, we provide the following services:

• Managed Firewall Services
• Managed Intrusion Detection Services
• Managed Anti-Virus/Anti-Vandal Services
• Managed Vulnerability Assessment Services
• Managed System Forensics, Investigation & Response Services

The current predicament:

Most organizations are typically besieged with the following problems

• Critical business issues.
• Increasing security threats &
• Unmanageable technical issues

Managed Security Services Providers such as us at Rustyice Solutions are strategically placed to help organizations counter these problems.

Let’s take a closer look at each of these problems to understand how we can help alleviate these problems & thereby help reduce risks to an organization:

1. Critical Business Issues:

In most organizations, business demands exist on a 24×7×365 basis. Consumers seek information that must be available in real-time. There is no room for outages and the In-house IT staff needs to focus on running core mission-critical business applications. Consequently, security is considered an additional chore and gets neglected thereby resulting in serious security breaches. For instance:

• NIMDA virus compromised over 86,000 internet hosts (Source: SANS Institute)
• Code Red – 359,000 servers in less than 14 hours (Source: CAIDA)

The cost of these security breaches is typically high and will adversely impact the business revenue model of an organization. According to Datamonitor magazine, around USD15 Billion was the cost towards eSecurity breaches to U.S. businesses in one year.

Rustyice Solutions MSS helps reduce security breaches in organizations by managing security of the systems round the clock by ensuring that all the systems and applications are properly patched.

2. Increasing security threats:

Some of the increasing security threats affecting an organization are:

• Known vulnerabilities exploits
• Malicious Code
• Espionage

Let’s look how each of these threats will affect an organization:

Known Vulnerabilities exploits

Unfortunately, none of the operating systems are secure out of the box and attackers will take advantage of holes in default OS or application configurations or user/admin mis-configurations. A majority of the attacks are initiated through these well known holes. These holes are often well known and publicised in the computer underground and exploits are readily available for these vulnerabilities. For example: In one of the largest criminal Internet attacks to date, a group of hackers spent a year systematically exploiting known vulnerabilities to steal customer data. More than a million credit cards were stolen and more than 40 high profile sites were victimized. The hackers gained accessed to high profile ecommerce sites through well known vulnerabilities and once they were in, they downloaded proprietary information, customer databases, and credit card information.

Vulnerabilities are disclosed everyday; systems have to be regularly patched. MSSP can help organizations by providing Managed Vulnerability Assessment by conducting periodic and regular vulnerability assessment of the systems.

Malicious code

Malicious code includes viruses, worms and trojans . Recent incidents like Nimda/Sobig virus indicate the seriousness of these threats.

MSS helps by providing Managed Anti-Virus and Managed Anti-Vandal Services to prevent the outbreak of viruses and worms.

Espionage

Contrary to the popular belief that espionage is limited only to militaries and governments, espionage or stealing of information routinely happens in many organizations. Espionage is quite often carried out by trusted insiders. Unless organizations have some sort of content filtering to monitor the internal traffic these sort of attacks will go unnoticed.

Rustyice Solutions MSS helps by providing Managed Monitoring & Managed Content Filtering Services by screening the contents of email, web and network traffic to prevent leakage of any sensitive information.

Unmanageable Technical Issues

To most organizations in the UK, security is considered as a technological issue. The selfish and over zealous vendors too are doing their bid in stoking the flame further by impressing upon the organizations that technology can “solve” the computer security problems. This belief that “technology can make us more secure” is forcing the organizations to invest in more and more technology like

• firewalls,
• IDS,
• VPNs,
• Content Filters
• Java/active X protection
• Integrity Software’s
• IDS
• PKI
• Smart Cards
• etc.

This technology is getting increasingly more complex to administer and manage. Quite often the task of managing and administering these complex devices is handed down to administrators who lack the specific knowledge and skills required to manage these devices. The administrators are also responsible for a lot of other devices and also tasked with various other activities.

The initial work of configuring the devices is often done by the vendors themselves as part of the purchase deal. However, once the devices are configured and the initial sense of novelty wears off, the administrators do not pay much attention to monitoring the logs emitted by these devices. Actually to be fair to the administrators, the logs are huge and gibberish in nature. For example:

A single firewall on a busy network generates around

• 200 MB of log data per hour
• 4.8 GB per day
• 33.6 GB per week
A single IDS on a busy network generates around

• 1,000 alerts per hour
• 24,000 alerts per day
• 168,000 alerts per week

These logs contain subtle clues of an attack or an impending attack but as the administrators are blissfully unaware of the tell-tale signs in the logs they will not be in a position to effectively respond to incidents. Trained people are needed to properly interpret the logs and take decisive actions to mitigate the risks.

Managed Security Services Providers have highly trained and skilled staff that can monitor the systems round the clock. Rustyice Solutions MSS analysts are trained to monitor and interpret a wide variety of logs. As soon as the analysts identify an incident or an attack pattern taking shape they react by following a well orchestrated incident response plan. The incident response plan will vary depending upon the type and severity of the threat and will also include coordinating with the upstream ISPs to nullify attacks, notifying the CERT and law enforcement agencies.

Conclusion

The organizations have to shoulder a tremendous amount of responsibility to keep them properly secured to thwart attacks. The responsibility includes: Implementing defensive controls like firewalls, intrusion detection systems, Anti-Virus scanners, hardening internal systems, conducting periodic vulnerability assessment to eliminate potential vulnerabilities or holes through which attacks get manifested and by practicing due care and diligence to keep the firewalls, IDS’s, Anti-Virus scanners up-to date with latest security patches and fixes.

All of this consumes a huge amount of time, resources and significantly increases the cost. Forging a partnership with Rustyice Solutions is a viable alternative for organizations to keep themselves replenished with the highly specialized skill sets, facilities, state-of-the-art technologies, rapid response to incidents and a check on the spiralling costs.

Managed Security Services in the UK holds a lot of promise for those enterprises who are bracing themselves for donning the mantle of cyber-omnipresent enterprises. Contact us today to discuss the many ways that we can help.