5 Ways to Protect Your IP System From Getting Hacked

May 24, 2013


Last March, the Crown Casino in Australia made international headlines after a group of high-rolling card players were able gain unauthorized access into the casino’s video surveillance system in order to cheat Crown out of $33 million in illegal winnings. Journalists were quick to compare the elaborate heist to the storyline of the 2001 feature film, Oceans 11, where Brad Pitt and George Clooney starred as the masterminds behind robbing a high-profile Las Vegas casino for $150 million.    

Given that Pitt and Clooney’s characters were perceived as the good guys in the movie – to whom the audience rallied behind to pull off the impossible - it was no surprise that the crime in Australia was glamorized and was taken lightly in the public eye.

While it is easy to dismiss the Australian casino heist, many people within the security industry were hit with the reality that new approaches needed to be taken with advanced technology.

Making sure your IP surveillance system is secure from outside threats is vital no matter if you are a well-known Las Vegas casino or a privately owned retail store. We spoke to Michael Miller, the president of The Wire Guys, a surveillance system integrator based in the eastern United States, to discuss this topic. Miller came up with five ways end users can protect themselves from getting hacked.   

Use a Dedicated Network for Your Clients and Your Servers

Miller: I don’t know the particulars as far as the Australia casino heist, but if you have your security network on your same corporate network, which is tied to your wireless network, and if it’s all on the same subnet, it’s pretty wide open at that point. That would be my guess to what might have happened in Australia. It would be absolutely crazy for a casino to be set up like that if they were. But technically in a casino, just like in hospitals, everything is separate and dedicated. There’s absolutely no way to get to the cameras from their corporate network.

If their network is set up like that we will step in. But a lot of times, the IT departments are in control already, so they set the rules and regulations and we conform to what they recommend to us. What we would typically recommend is having a totally dedicated separate network. Separate switches, separate cables, separate everything. Even the client machines are on their own dedicated networks. Make it so that it's physically impossible to go from your corporate network to your camera network. That’s the best way to do it.

Change Your Passwords

Miller: Make sure you change all of your passwords on your cameras and your switches. You can use authentication on your network to make sure that only the devices that you want on your network are on your network. Those are the things that you would typically want to do.

From Remote Access Use Your VPN

Miller: There are two ways to give remote access to your system. The first option would be to open a hole in your firewall, or as we call it port-forwarding. The other option, which is more secure, would be to do a VPN access. So basically, from your mobile device, you can initiate a virtual private network back to your firewall which puts you on your network. That is much more secure than just opening up ports at that point. Then you have your username and password you have to enter for Avigilon’s ACC Mobile, so you have VPN and your username and password to get into the system.   

Don’t Use Your VMS server With Company Information on it – Dedicate a System for Surveillance

Miller: If you circumvent the VMS and go directly to the cameras, then you can see the live feeds. If you can get into the server, you can access recorded footage potentially delete recorded footage. Typically, especially the way we build system and the majority of companies that know what they are doing - you’re not going to share your surveillance system, with your SQL server, with you database with everybody’s AR department, you wouldn’t want to do it that way.

Check to See Who is Accessing Your Networks

Miller: Well Avigilon’s system can do that and most VMS’ can do that. It gets a lot trickier though if they're circumventing the VMS and going straight to the cameras. If you have a firewall in between, then you can track IP addresses and Mac addresses and see who’s accessing your network. And even some of the cameras have logs in them as well so you can see what IP address and what user would have accessed them. 


Stay Connected. Sign up and receive exclusive industry articles and other value-added content from Avigilon.

We welcome the re-use, republication, and distribution of "Connected" content. Please credit us with the following information: Used with the permission of avigilon.com/connected.   

Category: IT


For Media Relations

Please email media@avigilon.com or call 604-629-5182


ACC Version Last version of ACC tested with camera. This also implies support for later versions of ACC unless specifically listed otherwise.
Audio Input Receive audio feed from camera.
Audio Output Send audio to speaker attached to camera.
Autodiscovery Automatic discovery of camera IP address when connected within a LAN environment.
Compression Type Describes the encoding types supported for the camera.
Connection Type Describes the type of Device Driver used. Native refers to the Manufacturer's specific device driver.
Dewarping In-Client dewarping of fisheye or panoramic cameras.
Digital Input Receive Digital or Relay inputs from camera.
Digital output Trigger digital or relay outputs physically connected to a camera.
Motion Quick display of whether Motion Recording is available on for the camera.
Motion Configuration Configuration of motion detection within the ACC Client.
Motion Recording Support for motion-based recording.
PTZ Quick display of whether PTZ functionality is available for camera.
PTZ Control Basic PTZ Movement.
PTZ Patterns/Tours Ability to create and trigger either PTZ Patterns, or PTZ Tours, depending on camera support.
PTZ Presets Create and trigger PTZ Preset positions.
Unit Type Type of camera.
Verified By Organization which tested camera and reported capabilities.
Verified Firmware Specific firmware version tested.
Manufacturer Blah
Model DS-2DE2103
Connection Type ONVIF
Unit Type IP PTZ camera
Compression Types H.264

  • ACC Version
  • Model DS-2DE2103
  • Connection Type ONVIF
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah

Verified by:

Download Test Report