How Avigilon is Protecting Against Cyber Vulnerabilities

by Avigilon
Dec 13, 2017


As the number of internet protocol (IP) connected devices in physical security systems increases, conversations about information security are a natural part of the sales process. Organizations such as the National Institute of Standards and Technology (NIST) are actively proposing an Identify-Protect-Detect-Respond-Recover framework for cybersecurity.

The NIST framework advocates the identification of key business risks due to cyber threats; the protection of data, devices, and services from these threats; continuous monitoring to enable detection of cybersecurity events as they happen; and the development of a clear response and recovery process.

The Three Layers of Avigilon Cyber Protection

The protection of data, devices, and services can be successful only if the network-connected software and hardware implement an appropriate amount of defensive measures to ensure integrity, confidentiality, and availability.


The integrity of a system is compromised when the software is maliciously modified or taken over by an attacker who has learned an administrator-level password. Software defects that permit buffer overflow, database code injection, and cross-site scripting vulnerabilities can also cause a loss of integrity.

Goal: To ensure data and the function of the system are not maliciously or inadvertently manipulated.


  • No backdoor administrative or maintenance access accounts
  • Signed and encrypted firmware
  • Disabling access to the operating system
  • Fully encrypted control communication
  • Transport Layer Security Secure Remote Password (TLS-SRP) for client-server connections
  • Automatic firmware updates


A system's confidentiality is compromised when users circumvent a system's access controls to gain unauthorized access to the data it contains. Most often, a breach in confidentiality is the result of an attacker guessing or obtaining a legitimate user's password to access the system.

Goal: To keep information private and secure.



In addition to loss of confidentiality and integrity, the availability of a system and its data can be compromised by external attacks. These usually take the form of a denial of service (DoS) attack where an attacker bombards a system with requests. Although it is difficult to protect against all forms of these attacks, the effect is usually temporary.

Goal: To ensure system uptime and continuity of function.


  • Progressive back-off on multiple invalid login attempts
  • Separate, limited-access gateway for thin client (web and mobile) access to video
  • 802.1x device authentication

© 2017 Avigilon Corporation. All rights reserved. ™ indicates a trademark of Avigilon Corporation. Please note, the recommendations contained in this article are intended as suggested guidelines and for informational purposes only. Avigilon does not guarantee that any of its products are immune from a potential cyber attack and adhering to any of the advice contained in this flyer may still result in a virus infecting your Avigilon product. In general, Avigilon recommends keeping all software and firmware up to date as best practice from an information security perspective.

Keep current on Avigilon

Sign up to receive our blogs.

Follow us on Twitter, Facebook, LinkedIn, and view Avigilon videos on YouTube.

Category: Security


For Media Relations

Please email or call 604-629-5182


ACC Version Last version of ACC tested with camera. This also implies support for later versions of ACC unless specifically listed otherwise.
Audio Input Receive audio feed from camera.
Audio Output Send audio to speaker attached to camera.
Autodiscovery Automatic discovery of camera IP address when connected within a LAN environment.
Compression Type Describes the encoding types supported for the camera.
Connection Type Describes the type of Device Driver used. Native refers to the Manufacturer's specific device driver.
Dewarping In-Client dewarping of fisheye or panoramic cameras.
Digital Input Receive Digital or Relay inputs from camera.
Digital output Trigger digital or relay outputs physically connected to a camera.
Motion Quick display of whether Motion Recording is available on for the camera.
Motion Configuration Configuration of motion detection within the ACC Client.
Motion Recording Support for motion-based recording.
PTZ Quick display of whether PTZ functionality is available for camera.
PTZ Control Basic PTZ Movement.
PTZ Patterns/Tours Ability to create and trigger either PTZ Patterns, or PTZ Tours, depending on camera support.
PTZ Presets Create and trigger PTZ Preset positions.
Unit Type Type of camera.
Verified By Organization which tested camera and reported capabilities.
Verified Firmware Specific firmware version tested.
Manufacturer Blah
Model DS-2DE2103
Connection Type ONVIF
Unit Type IP PTZ camera
Compression Types H.264

  • ACC Version
  • Model DS-2DE2103
  • Connection Type ONVIF
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah
  • Manufacturer Blah

Verified by:

Download Test Report