Adi Ikan, Network Research & Protection Group Manager
Oren Koren, Senior Cyber Security Product Manager
Ibrahim Shibli, Security Expert
Check Point Application Control provides the industry’s strongest application security and identity control for organizations of all sizes and is integrated into the Check Point R81 Cyber Security platform. Check Point R81 is the Security Management and Threat Prevention platform for Check Point’s Infinity Architecture. Application Control enables IT teams to easily create granular policies based on users or groups — to identify, block or limit usage of applications and widgets. Applications are classified into categories, based on diverse criteria such as applications’ type, security risk level, resource usage, productivity implications and more.
Check Point Application Control IP cameras’ detection capabilities encompass major IP camera network protocols, divided into 4 major components – Streaming, Control, Discovery and Management protocols. In addition, our capabilities are focused both on standardized and proprietary protocols, following top vendors in the market.
IP Camera Visibility
A major challenge today presented by IP cameras within a network is to identify their traffic and behavior. There are many vendors, and their various devices use several layers of communication, depending on the actions performed. In addition, devices may use both standardized and proprietary protocols, and have multiple interfaces. Application Control provides the ability to detect the relevant traffic, identifying the devices and their network connections.
Best practice:
- Download the report template to review and report on IP camera applications usage.
- Discover IP cameras in your organization, using the relevant applications and protocols.
- Identify potential challenges based on the amount of traffic and how this may impact the infrastructure.
Data Exfiltration
IP cameras are a potential source for Data Exfiltration flow, as in many cases they are less monitored and are knowingly or unknowingly connected to the internet. In some cases, these devices are part of the core network and reside in sensitive locations within the organizations. Those devices can enable a backdoor within the organization, thereby exposing sensitive information.
Best Practice:
- Identify external IPs with high bandwidth usage.
- Deduce the internal to internal network activities based on your segmentation like the following example: NOT (src:(“192.168.*”) AND dst:(“192.168.*”))
- Identify anomalies in the external resource connection’s time- frame (for example, outside of working hours.)
- Pinpoint internal hosts that shouldn’t be connected to the cameras and are sending significant amounts of traffic
Camera External Exposure
Based on their configuration, IP cameras may be exposed outside of the network to the internet. This issue correlates with a major challenge in IoT, namely, misconfiguration of devices. The potential damage of this exposure can be severe, as it can enable attackers to view the live video streaming of the camera. Therefore, it is highly important to identify the devices exposed to the internet, and block outbound traffic.
Best Practice:
- Identify suspicious external connections using protocols associated with malicious activity.
- Leverage Geo location capability to expose suspicious/forbidden source IPs connecting to cameras within the organization.
Unknown Camera Installed
With the proliferation of devices within the network, it is increasingly important to monitor the IP camera’s traffic and identify any unknown\unwanted devices. These devices may have been wrongly installed or connected to the network or to a specific unintended segment. This can result in potential data loss or create a new attack surface within the network.
Best Practice:
- Identify unknown devices communicating over IP cameras associated protocols.
- Review the list of IP addresses related to IP cameras and identify the unknown devices.
Summary
IP cameras enable us to more easily secure and monitor public and private properties. However, these devices may in turn present security challenges of their own. Following the significant increase in their usage, it’s more important than ever to secure and monitor these devices. Check Point Application Control has unique detection capabilities that provide better visibility and security for IP cameras, as well as their associated traffic and behavior within the network.
Application control can be used with Check Point’ IoT Protect solution for monitoring IoT device application traffic. IoT Protect is a broader solution that identifies any IoT device on the network, assesses its risk, prevents unauthorized access with zero-trust segmentation, and blocks IoT attacks with threat prevention security services including 300+ signatures and on-device run-time protection.