Hardening of security systems
A security system is intended to increase safety and protect people and property.
Because security systems are now connected to the corporate network, new risks have arisen.
To prevent the security system itself from being a target for criminals, hardening is applied to these systems (servers and IP-based hardware).
Hardening is the process of disabling redundant features and/or security risks and encrypting connections.
This is to make it as difficult as possible for possible attackers to gain access to a system or to thwart intruding attackers so that they can do little or nothing.
And finally, if the attacker intercepts data, it should be made as difficult as possible for him to use this data.
The hardening measures that can be taken for this purpose are diverse.
Here are just a few:
- deletion of unnecessary user accounts;
- applying a sound password policy;
- restricting access to the system based on IP addresses;
- use encryption for the connections to and from the system;
- special network settings, such as encryption and access protocols;
- Implement an active policy with regard to software and firmware updates, with security patches being given high priority.
To get the most out of security systems, links are often made to other systems using an API/SDK.
This form of openness provides a lot of comfort because cooperation with other systems is possible, but also requires the necessary attention from both the installer and the ICT department.
It is advisable to protect data with passwords and to systematically monitor external manipulations.
Measures within the ICT infrastructure
In addition to hardening the hardware and software, more general measures can also be taken within the ICT infrastructure (to limit access for attackers).
Where access to the internet is not necessary, it should not be made possible.
The use of physically separate networks or VLANs is recommended.
If the systems do need to communicate with other systems, it is better to filter and control this communication with firewalls.
It is also recommended to indicate in a so-called authorization matrix which users have which roles and associated rights, so that the risk of (accidental) improper use or manipulation of the data is reduced to a minimum.
Security systems can play a role in this, for example when two-factor authentication or the four-eyes principle are desired.
ICT department
Security systems increasingly work via IP and are therefore a potential target for (cyber) criminals.
To minimize this risk, it is therefore important to work closely with the IT department when implementing security systems.
The security system is part of the ICT infrastructure and therefore it is essential that the whole is assessed when it comes to security.