As the number of IP-connected devices in physical security systems increases, conversations about information security are a natural part of the sales process.

Organizations such as the National Institute of Standards and Technology (NIST) are actively proposing an Identify - Protect - Detect - Respond - Recover framework for cyber security. The NIST framework advocates the identification of key business risks due to cyber threats, such as the protection of data, devices, and services; continuous monitoring to enable detection of cyber security events as they happen; and the development of a clear response and recovery process.



Ensuring data and the function of the system are not maliciously or inadvertently manipulated.

The integrity of a system is compromised when the software is maliciously modified or taken over by an attacker who has learned an administrator-level password. Software defects that permit buffer overflow, database code injection, and cross-site scripting vulnerabilities can also cause a loss of integrity


•No backdoor administrative or maintenance access accounts
•Signed and encrypted firmware
•Disabling access to operating system
•Fully encrypted control communication
•Transport layer security Secure Remote Password (TLS-SRP) for client-server connections
•Automatic firmware updates



Keeping information private and secure

A system’s confidentiality is compromised when users circumvent a system’s access controls to gain unauthorized access to the data it contains. Most often, a breach in confidentiality is the result of an attacker guessing or obtaining a legitimate user’s password to access the system.


•Centralized user control through Active Directory integration and/or parent/child user sharing
•Password strength enforcement
•Ability to bulk-change camera passwords from Avigilon Control Center (ACC) software
•Lock-out on multiple invalid login attempts



Ensuring system uptime and continuity of function

In addition to loss of confidentiality and integrity, the availability of a system and its data can be compromised by external attacks. These usually take the form of a denial of service (DoS) attack where an attacker bombards a system with requests. Although it is difficult to protect against all forms of these attacks, the effect is usually temporary.


•Progressive back-off on multiple invalid login attempts
•Separate limited access gateway for thin client (web and mobile) access to video
•802.1x device authentication