Wavestore operates an ongoing security hardening program for its VMS. Many of its security features are pre-configured as standard and do not require the user to set them up, offering protection from the moment the system is switched on.
Secure Linux Operating System (OS)
Wavestore’s VMS is embedded into Linux operating system which offers a host of security benefits over Windows™ based counterparts. For example, Wavestore is not impacted by Windows vulnerabilities and there are no time-consuming Windows updates that require the VMS to be off-line while time-consuming updates are being performed.
Wavestore also has full control over which specific components of the Linux operating systems it uses and disables all non-essential areas to greatly reduce the threat of potential vulnerability.
- No back-door access
- Security hardening package enabled as standard
- Wavestore’s VMS is embedded into an inherently security Linux Operating System (OS)
- Up to 4096bit encryption
- Password policies
No back-door login access
Some vendors have generic back-door access called a ‘root login’ which is always open. This is to provide them with access to the system for trouble shooting and technical support issues, but it is also a potential security threat. At Wavestore we don’t have an unsupervised back-door to the system. Instead, if an authorised administrator decides to grant us access for remote diagnostics, they must be physically with the Wavestore server to provide support staff with a temporary administration account and password that the administrator is firmly in control of. After the diagnostics process is finished, the administrator can close the remote access and delete the temporary administration account.
Video, data and password encryption
Wavestore offers up to 4096bit encryption for video, allowing if required the option for secure public keys to be used when encoding and decoding video. In addition, Wavestore enables passwords to be encrypted. This means that when video evidence is being exported, the secure public key details do not also need to also be handed over to the authority.
Wavestore’s firewall, provided as standard within its VMS, locks down ports and helps prevent unauthorised connection to its servers.
Restricting IP addresses
Wavestore can restrict access to all but authorised IP addresses to eliminate the risk of unauthorised users logging in from other remote computers.
Protection against ‘Man-in-the-middle’ attacks
Login details are always encrypted using very strong password hashes and Wavestore provides ‘man-in-the-middle’ protection as standard. We ensure sensible password policies are enforced, e.g. users must change the default password on their first log in and enter a mix of letters, characters and numbers to a required length to make s their password more secure.
No applications can be run on Wavestore’s server
No other applications can be run on Wavestore servers/NVRs/HVRs, meaning that no malicious programs can be loaded and executed.
Wavestore operates ‘privilege separation’ which makes user accounts more secure. Users can be separated into groups and the relevant privileges set. For example, the ‘Install’ group may have set-up rights while the ‘User’ group only has day-to-day operation functions made available to them.
Wavestore is compatible with LDAP and Active Directory to assist in the management of systems with many users.
WaveView client software inactivity time out
Wavestore’s WaveView client software can be set to automatically log out after a user-selectable time period if there is no user activity. This is especially useful if the client is being operated in a space that may be easily accessible, such as a reception area, or where policy dictates that user must log out after each use.
Wavestore operates an on-going third-party security program which purposefully tests for vulnerabilities with the system to give us confidence that the solutions we are providing are as secure as possible with today’s threats in mind.
Best security practice for all IP security installations
- Always change your default password when commissioning your system. This is a common oversight that affects thousands of installations. Default passwords for a wide range of equipment from the world’s leading vendors can easily be found on the internet and this can lead to your system being compromised.
- Prevent unauthorised physical access to your server. Always keep your recording and management equipment in a secure room, locked cupboard or area that is not accessible to unauthorised persons. If somebody has physical access your server then they may be able to remove hard disks or install malicious code directly onto your server.
- Secure your network appropriately. Good network design and security across your entire network is essential.
If you would like any further details about Wavestore’s security policy, please contact firstname.lastname@example.org