Total Video Solution Cybersecurity Protection. ConteraWS Platform Cybersecurity Overview

Similar documents
ConteraWS. Cloud Managed Web Services. IT Network Pre-Deployment Requirements

Awareness Technologies Systems Security. PHONE: (888)

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Projectplace: A Secure Project Collaboration Solution

Keys to a more secure data environment

SECURITY PRACTICES OVERVIEW

Data Center Operations Guide

Security Specification

HIPAA Regulatory Compliance

IBM SmartCloud Notes Security

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

System Security Features

Hosted Testing and Grading

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SECURITY & PRIVACY DOCUMENTATION

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Dooblo SurveyToGo: Security Overview

What can the OnBase Cloud do for you? lbmctech.com

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

KantanMT.com. Security & Infra-Structure Overview

QuickBooks Online Security White Paper July 2017

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

The Common Controls Framework BY ADOBE

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

TECHNICAL INFRASTRUCTURE AND SECURITY PANOPTO ONLINE VIDEO PLATFORM

Integrated Cloud Environment Security White Paper

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

InterCall Virtual Environments and Webcasting

CYBERSECURITY RISK LOWERING CHECKLIST

CONNX SECURITY OVERVIEW

Standard Dome Accessories

MigrationWiz Security Overview

FormFire Application and IT Security

Ten Security and Reliability Questions to Address Before Implementing ECM

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

Security Information & Policies

Security Fundamentals for your Privileged Account Security Deployment

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

Recommendations for Device Provisioning Security

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

GoAnywhere MFT System Architecture Guide. For High Availability, Scaling, and Performance

ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER

Heavy Vehicle Cyber Security Bulletin

Security and Compliance at Mavenlink

Integrated Access Management Solutions. Access Televentures

Online Services Security v2.1

6 Vulnerabilities of the Retail Payment Ecosystem

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Atmosphere Fax Network Architecture Whitepaper

Cloud FastPath: Highly Secure Data Transfer

EVERYTHING YOU NEED TO KNOW ABOUT NETWORK FAILOVER

Arecont Vision Multi-Sensor Panoramic and Omnidirectional Cameras vs PTZ Camera Technology

Why the Threat of Downtime Should Be Keeping You Up at Night

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Security. ITM Platform

Layer Security White Paper

Internet of Things Toolkit for Small and Medium Businesses

Sparta Systems TrackWise Digital Solution

Network Video Recorder Security Guide


2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.


Xerox Audio Documents App

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

IPM Secure Hardening Guidelines

SECURING DEVICES IN THE INTERNET OF THINGS

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

SECURING DEVICES IN THE INTERNET OF THINGS

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them

Securing Devices in the Internet of Things

Information Security in Corporation

SECURITY AND DATA REDUNDANCY. A White Paper

Secure Access & SWIFT Customer Security Controls Framework

For USA & Europe January 2018

Cloud-Based Data Security

GateHouse Logistics. GateHouse Logistics A/S Security Statement. Document Data. Release date: 7 August Number of pages: Version: 3.

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Data Security at Smart Assessor

WHITEPAPER. Security overview. podio.com

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

CIP Security Pull Model from the Implementation Standpoint

SECURITY DOCUMENT. 550archi

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Guest Access

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Grandstream Networks, Inc. UCM6100 Security Manual

The Lighthouse Case Management System

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Overview Brosix stringent corporate security requirements.

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Achieving End-to-End Security in the Internet of Things (IoT)

AppPulse Point of Presence (POP)

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Transcription:

Total Video Solution Cybersecurity Protection ConteraWS Platform Cybersecurity Overview +1.818.937.0700 www.arecontvision.com avsales@arecontvision.com

Table of Contents Introduction... 3 Data & Network Security... 4 Multi-Factor Authentication... 4 Transport Layer Security... 4 No Inbound Ports Open on Network Firewall with OTC... 5 Cross-Site Request Forgery Protection... 5 Protected Login Credentials... 6 Logically Separated Data... 6 Data Integrity... 7 Firewalls... 7 Encryption... 7 Data Redundancy... 7 ConteraWS Proxy Server Support... 8 High Availability... 8 Storage Device Decommissioning... 8 Physical Security... 9 Infrastructure... 9 24/7 Guard... 9 Surveillance... 9 Access Control... 9 Background Checks... 10 Conclusion... 11 2

Introduction Security is a top priority for companies doing business in the cloud. As the number of cloud connected devices continues to grow, so does the risk of data breaches and the potential for unwanted access to vital information. To mitigate these risks, organizations need a video surveillance platform that leverages the latest in network security, proactively protecting against people or programs that might cause harm. ConteraWS (web services) by Arecont Vision is a secure and powerful Web-enabled platform that reduces maintenance costs, and streamlines the management of video surveillance systems. Customers using ConteraWS (web services) can store account credentials and access information on cloud servers without fear of exposing their security system to potential threats. Our service ensures the security and integrity of your data by implementing technologies designed to prevent a wide range of hacking and data loss scenarios. The following security overview outlines how ConteraWS shields your data from unwanted access by hackers, and how we protect it from physical threats such as natural disasters, hardware failure, and on-site tampering. 3

Data & Network Security Multi-Factor Authentication Multi-factor authentication requires more than one independent form of credential to verify the user s identity. ConteraWS uses multi-factor authentication to ensure that unauthorized parties are unable to gain access to user accounts. Once enabled, account access is subject to a user successfully entering a time restricted and unique authorization code delivered to their mobile device via SMS. This ensures an account can t be accessed even if the user s login credentials are compromised. Similarly, if the system administrator wishes to change their password, they must first enter the randomized code delivered via SMS. This prevents a third party from locking a user out of their account by changing passwords. Transport Layer Security Transport Layer Security (TLS) protocols ensure privacy between communicating applications and their users on the Internet. TLS is one of the most common security protocols used by sites dealing with transactions involving sensitive data. All metadata transferred between the recorder, ConteraWS (web services), and a remote client is encrypted using the TLS protocol. Metadata used by ConteraWS is comprised of connection information, passwords, usernames, and PTZ commands (excluding raw video). Since eavesdroppers don t know the server s private key, it is infeasible for them to hijack the connection. Upon successfully establishing a TLS connection, authentication and control information transferred between the client and server is encrypted. Third parties cannot tamper with or read this data. 4

No Inbound Ports Open on Network Firewall with OTC Proper user authentication and a successful TLS handshake will establish what is known as an Outbound Trusted Connection (OTC). With an OTC, a recorder will only communicate with and respond to verified clients. This Outbound Trusted Connection methodology also enables WAN client connections without permanently opening an inbound port on the network s firewall. The result is tighter network security while preventing specialized IT configuration at individual sites. Recorders using traditional connection methods listen to and can potentially respond to any incoming network traffic. Arecont Vision s ConteraCMR series recorders (cloud managed recorders) only respond to requests from ConteraWS servers upon successfully creating an outbound TLS connection once established by an authorized user. Cross-Site Request Forgery Protection A Cross-Site Request Forgery attack forces users to execute an unwanted action on a site they re currently authenticated with. This is typically accomplished by tricking the user into clicking a decoy link or logging in to a fake version of a legitimate website. To prevent this, Arecont Vision has implemented CSRF protection techniques similar to those implemented by banks, stock traders, and other websites that require a high degree of online security. 5

Protected Login Credentials Processes compliant with the National Institute of Standards and Technology (NIST) protect users passwords from hacking attempts. These processes encrypt stored passwords, making them practically unusable, even in the event of a server breach. The NIST reviews these processes on a semiannual basis to look at conformance and assess new methodologies. Logically Separated Data Customer data is logically compartmentalized through a tenant isolation layer. This acts as a virtual storage location to keep customer data contained, and ensures that even a direct attempt to access another customer s data by manipulating a query will fail. User data is separated into its own virtual container independent of queries and is protected when it s active or inactive. Using this framework, users can t affect the integrity of other users data, even if they attempt to gain access to their container through a fraudulent data query. All credentials, connection information, and video clips are stored in virtual containers, and thus protected. QUERY DATABASE STORAGE 6

Data Integrity Firewalls Customer data is stored on a private network that is not directly accessible from the Internet. This network is secured by firewalls that only allow access to and from the designated application servers. In the unlikely event of a breach in the private network, firewalls filter all incoming and outgoing traffic, allowing only approved users and devices to access ConteraWS servers. Encryption Backup data stored on ConteraWS is automatically encrypted using AES-256, the same encryption used in banking, health care, and government. ConteraWS user data is encrypted using a data encryption key, which is then itself encrypted and stored on a separate server for added protection. Video clips saved to ConteraWS are encrypted the same way. This ensures that backup data cannot be accessed by an unauthorized party. Data Redundancy Rolling Backups To protect users from data loss, all ConteraWS server locations store 60 days of rolling backups. This ensures user data will not be lost even in the event an entire server or data center is rendered inoperable. Offline Storage As a final layer of data protection, thirty days of backup data are stored offline, isolated from public networks, to prevent unwanted access and tampering. 7

ConteraWS Proxy Server Support ConteraWS (web services) supports the use of network proxy services to securely aggregate HTTP communication in corporate environments. ConteraWS requires an HTTP 1.1 compliant proxy and can accommodate null or basic authentication. Relayed connections will route all video traffic through the proxy host, while a peer-to-peer negotiated connection will deliver video directly from the recorder to the client, while control messages will remain routed through the proxy. High Availability The data centers housing ConteraWS user data operate on the principle of high availability. This approach focuses on eliminating single points of failure, delivering reliable crossover points, and detecting failures as they occur. Using high availability engineering, servers can add redundancy, so that one component failure won t spread to the rest of the system. This approach to system engineering leads to less downtime. Redundant Servers ConteraWS user data is securely stored on multiple servers within each data center to add redundancy and minimize downtime. This prevents users from losing or being unable to access data in the event of an unforeseen failure. Collocation ConteraWS user data is securely stored in multiple data centers across diverse geographic regions. Data replicates throughout these centers, mitigating the risk posed by catastrophic hardware failure, sabotage, or natural disasters. If any single data center is compromised, an automated process seamlessly redirects traffic from the affected location to unaffected data centers. Redundant data centers are designed to handle all redirected traffic, meaning the failure of any one data center won t affect the quality of a user s service. Storage Device Decommissioning As data center servers are upgraded and decommissioned storage devices from systems are degaussed and physically destroyed using processes recommended by the Department of Defense and National Institute of Standards and Technology. This ensures that unauthorized third parties are unable to recover data from decommissioned servers. 8

Physical Security Infrastructure Ensuring the physical safety of servers is as critical as electronically protecting the data housed on them. User data is stored in state-of the-art data centers designed to withstand physical and geological threats. UPS Systems ConteraWS data centers feature fully redundant power systems that deliver uninterrupted 24/7 operation. In the event of electrical grid failure, UPS systems and generators ensure power continues to flow to servers as well as to the entire facility. Fire Suppression ConteraWS data centers are equipped with automated fire detection and suppression systems. Gaseous sprinkler systems suppress fire without damaging critical equipment. Climate Control Data centers with large numbers of servers require an extensive climate control system to keep machines working at peak efficiency. Thermostats monitor conditions to maintain a constant level of temperature and humidity ideal for server operation. 74 24/7 Guard Data centers housing ConteraWS user data are monitored 24/7 by trained security staff. All personnel are screened upon leaving areas containing user data. Surveillance State-of-the-art electronic video surveillance systems and intrusion detection systems are in place for round the clock monitoring of data center locations. Access Control Restricted access to data centers is strictly enforced through multi pass two-factor authentication requiring staff to authenticate a minimum of 2 times before accessing data center floors. An authorized staff member provides continuous escort to any visitor or contractor on site. 9

Background Checks Personnel with direct access to data center servers housing ConteraWS data receive a thorough background check. All administrative actions carried out by Arecont Vision employees or partners are tracked and audited to ensure that no unauthorized changes are made to your service. 10

Conclusion ConteraWS (web services) simplifies the management of your video solution, delivering value beyond physical security, while simultaneously reducing the burden on IT. Using state-of-the-art facilities and industry-leading technology, ConteraWS (web services) shields user data from unwanted access and protects it against physical threats. The ConteraWS infrastructure places a heavy emphasis on multi-factor authentication, numerous forms of user authentication, protected credentials, and permission controls. The ConteraWS infrastructure reduces the burden on IT by eliminating the need to forward and permanently open inbound ports on the network firewall. Arecont Vision secures user data through firewalls, encrypted backups, and redundant storage across multiple locations. Access to servers containing user data is tightly controlled and carefully managed. Access control, CCTV systems, and security guards monitor servers 24/7, enforcing user credentials and access rights. At Arecont Vision we take the security and integrity of your data seriously. Rest assured as your online security needs evolve, so will the ConteraWS platform. To learn more about the ConteraWS (web services) platform and how you can benefit, visit www.arecontvision.com or contact Arecont Vision at (818) 937-0700. 11

2019 Arecont Vision Costar, LLC All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of Arecont Vision Costar. The information in this publication is believed to be accurate in all respects. However, Arecont Vision Costar cannot assume responsibility for any consequences resulting from the use thereof. The information contained herein is subject to change without notice. Revisions or new editions to this publication may be issued to incorporate such changes. Arecont Vision Costar, the Arecont Vision Costar logo, Arecont Vision, MegaBall, MegaDome, MegaVideo, MegaView, MicroBullet, MicroDome, and SurroundVideo are registered trademarks of Arecont Vision Costar. Arecont Vision Costar, MegaIP, Contera, Contera SysCon, Contera MobileApp, ConteraCMR, ConteraVMS, ConteraIP, Arecont Vision Costar University, Casino Mode, Channel Partner Certification Program, CorridorView, Leading the Way in Megapixel Video, MegaDynamic, Massively Parallel Image Processing, MegaLab, MegaVertical, NightView, SituationalPlus, SNAPstream, STELLAR, True Day/Night, and Enhanced/True Wide Dynamic Range are business use trademarks of Arecont Vision Costar. Arecont Vision Costar 425 E. Colorado St. 7th Floor Glendale, CA 91205 USA +1.818.937.0700 www.arecontvision.com avsales@arecontvision.com Rev 002.001

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback