As you likely know, there are numerous 802.11-based wireless security surveillance systems on the market. Some are targeted at home users while others are aimed at the enterprise. I’ve actually seen such devices at my clients’ locations. That’s all fine and dandy – many businesses need some type of security surveillance system – and why not go wireless? It can be a heck of a lot cheaper.
The problem is that these devices are often outside of the realm of typical network monitoring, maintenance, and security. The physical security folks install them and don’t notify IT. The IT folks may come across them and proclaim, “Those aren’t my devices to support.” The business ultimately suffers. How so? Well, given the lack of oversight, these devices are often installed with the defaults. Maybe WEP, maybe no encryption at all. Maybe a strong password, maybe the default. Furthermore, the central console often has a Web interface that’s wide open for anyone and everyone on the network to configure. Then there’s patching, audit logging and so on. All of these are critical functions of security – for servers, routers, and firewalls, that is.
Even though these wireless-based surveillance systems often provide a way into the network and contain sensitive videos, logs, etc., they just aren’t as important – at least that’s the way it appears in many cases. They just end up in no-man’s land waiting to be attacked from a bad guy across the street or a rogue insider who likes to play around.
Make sure these systems are on your – or someone’s – radar. If it has an IP address and an on/off switch, it’s fair game to those with ill intent.
Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. He can be reached through his website at www.principlelogic.com.