Milestone XProtect® VMS System Security

Feature Brief

Milestone XProtect VMS - secure by design

- providing high protection resilience against cyber attacks

Milestone XProtect VMS products are designed to

provide the highest security protection against Key benefits
 Protects the system
external and internal security threats. Tiered
integrity from
administrator and user rights, enforced on the server cybersecurity attacks
side, combined with the use of standard IT security
 Secure end-to-end handling
procedures, make XProtect VMS the perfect choice for of exported forensic
organizations with focus on cybersecurity. material
 Secure access for web and
Video surveillance systems are one of several ways mobile users
organizations safeguard assets and people. As with other
 Secure integration of third-
protection systems, video surveillance systems can be party applications and
exposed to attacks in conjunction with criminal activities. systems
However, unlike the physical protection systems, the attacks
on IT and video surveillance systems are more refined and Key features
subtler, and often difficult to detect as there often are no  Possibility for physical
separation of camera
visible traces. networks and client network
 HTTPS – secure camera
Video surveillance systems are, like any other IT connectivity
infrastructure, exposed to both internal and external security
threats. Potential threats include: distributed denial-of-service  Encryption and password
protection of video
(DDoS) attacks, hacking, social engineering, port scanning databases and exports
and general software vulnerabilities, among others.
 Digital signing of video
databases and exports
 Option for Windows AD user
authentication via Microsoft
NTLM or Kerberos
authentication
 Strict and time-controlled
user rights management,
enforced server side
 Secure and encrypted
(HTTPS) access for web and
mobile client users
 Audit log provides full
Principal risk exposures in a VMS system tractability of user actions

The exposure to cyberattack depends on three primary  Full authentication and

authorization of third-party
parameters: the overall risk profile of the company or applications integrated via
organization in question, the cybersecurity maturity level of Milestone Integration
the organization and the degree of attention on cybersecurity Platform SDK (MIP SDK)
when designing and installing the system.

1
Milestone XProtect® VMS System
Security
Feature Brief

The solution dilemma Cameras with

Designing a modern IP video surveillance solution is often a support for HTTPS
compromise between security on one hand, and flexibility and Visit the Milestone website
user friendliness, on the other. Milestone XProtect VMS for information about which
software offers an array of security mechanisms described in cameras support HTTPS:
this feature brief. Using these capabilities, it is possible to
protect the system from both internal and external security
threats, without compromising the system’s flexibility or
usability.

Security through network separation Video encryption

Milestone’s VMS architecture builds on a tiered system The video database
architecture, which makes it possible to separate the camera encryption is made in real-
time as data is stored in the
network and the core server/client network. With the databases. The encryption
recording server as a gateway between the camera and the is available in two levels:
system networks, there is no direct routing between the two
 Light encryption
network segments. Encrypts the data header
information which
prevents the media data
from being decoded. The
light encryption is
recommended for
minimizing the impact on
CPU load

 Full encryption
Encrypts all data and is
stronger but slightly more
Network separation protects the system integrity CPU intensive

This means that a cyberattack potentially may reach the

recording server on a particular network segment but will
have difficulties penetrating beyond this point. Likewise, the
recording server will prevent internal hacker attempts on the
camera network. System hardening
Read more about how to
protect surveillance
HTTPS – secure camera connection installations based on
Milestone XProtect VMS products support HTTPS Milestone XProtect VMS
software against
communication between the recording servers and the cybersecurity threats.
connected cameras and other security devices. HTTPS
provides bidirectional encryption of communication and The guide outlines best
practices for system design,
prevents eavesdropping and tampering with the contents of operating system
the communication. configuration, servers,
workstations and the
Milestone XProtect VMS
Secure video storage software. It also contains
To protect recorded video, audio and metadata while stored in input on cybersecurity
the recording servers and the associated storage, XProtect policies, risk evaluation and
Corporate offers the ability to encrypt and password-protect mitigation.
the media data. This means that the recorded data is
protected even if someone gains access to the database files

2
Milestone XProtect® VMS System
Security
Feature Brief

on the storage system, a network share or in conjunction with Audit logging

an actual system hacker attack. Milestone XProtect VMS
products maintain an audit
In addition to media data encryption, XProtect Corporate log, which makes it possible
to perform detailed user
supports a digital signature on the recorded media data in the activity monitoring. The
system. The signature can be used to prove that the video has audit log tracks all user
not been altered or manipulated while stored in the system. accesses and activities,
including changes to the
system configuration. This
Strict server-side authentication and authorization enables system
Milestone XProtect VMS products use consistent user administrators to detect and
authentication and authorization across all clients and investigate potential
attempts to intercept the
integration interfaces that are enforced on the server side. system.
This authentication and authorization process applies to both
human users, and system services accessing the VMS system
via the Milestone Integration Platform (MIP) SDK or Milestone Kerberos
Open Network Bridge. Kerberos (RFC 3244) is a
security authentication
Building on user role definitions, it is possible to apply strict protocol that offers a more
secure way to authenticate
and granular user rights to specific roles (individual or groups users than NTLM. Kerberos
of users) in terms of: builds on symmetric key
cryptography and requires a
 Client interfaces the user may use trusted third party.
Milestone supports Kerberos
 Cameras and other security devices and device
authentication as a
functions the user can access complement to Microsoft
 System functions the user has the right to use NTLM authentication.
 System configuration data the user can see/edit

The user rights can be defined to be both static and time

conditioned. This, for example, makes it possible to block a
user from accessing the system outside normal working hours, Dual authentication
or limiting access rights to cameras and functions during Dual authentication offers
certain time periods. The time-conditioned user rights also an additional level of
system security for
make it possible to block access to recordings older than a
customers operating high-
given time. security installations. The
dual authentication only
Certificate-based encryption grants a user access to the
system when a second user
To secure the communication of data (video, audio, metadata) (for example a supervisor)
originated in the Recording Server and retrieved by connected has confirmed the login
components such as the Management, Mobile and Event with a successful
servers as well as the Management, Mobile and Smart clients, authorization by the second
user.
XProtect uses SSL/TLS certificate-based encryption forced on
both ends. The dual authentication
may optionally be applied
to users accessing the VMS
Builds on Windows security infrastructure system via the XProtect
Milestone XProtect VMS products support Windows Active Smart Client or the
Directory (AD) based authentication, where both native Management Client.
Microsoft NTLM and Kerberos authentication may be used.

3
Milestone XProtect® VMS System
Security
Feature Brief

Secure remote user access Two-step verification

To facilitate remote system access via the XProtect Web Client To protect the VMS system
from attacks via the remote
and the Milestone Mobile application, the XProtect VMS web and mobile interfaces,
products use a dedicated mobile server as a gateway to the it is possible to apply a two-
system. Apart from being responsible for the connection step verification process for
management for web and mobile users, the mobile server users accessing the VMS
system via the XProtect
plays an important role in protecting the integrity when used
Web Client or the Milestone
by remote users. Mobile application. In
The communication between the mobile server and the two addition to the normal
clients support HTTPS, which provides secure authentication username and password-
and bidirectional encryption of all information exchanged, based verification, with
two-step verification the
including user credentials, configuration and media data. This VMS system sends a
prevents eavesdropping and tampering of the communication. random one-time code to
To protect the VMS system from attacks via the Internet, the user via email or SMS.
Milestone recommends placing the mobile server in a The user is only permitted
access to the system if the
demilitarized zone with two separate network connections.
correct one-time access
code is provided.
Secure systems integration via MIP SDK
To address potential security threats imposed by third-party Want to know more
applications integrated via the MIP SDK, the XProtect VMS Read more about the
applies the same strict authentication, authorization and benefits of advanced
management rights and
certification policies on integrated applications as on the client the use of inherited device
interfaces. permissions in the
Advanced Security
Management white paper:
External video access using Milestone Open Network
Bridge
External systems and applications can access live and
recorded video in Milestone XProtect VMS systems via an
ONVIF-based RTSP interface using the Milestone Open
Network Bridge. As with internal VMS users, external systems Feature availability
using the Milestone Open Network Bridge must run under a The security capabilities
registered account. This makes it possible to apply the same described in this brief are
strict authentication and authorization policies on integrated fully available in XProtect
applications and users. Similar to the mobile server (see Corporate, and partially
available in rest of the VMS
above), Milestone recommends placing the Milestone Open products. For details please
Network Bridge in a DMZ with two separate network refer to the specification
connections. sheets of the individual
products.

Protection of evidence material

The ultimate output of any video surveillance installation is
the evidence material it can provide. When exporting forensic
material using the XProtect Smart Client, the video material
can be password protected, encrypted and digitally signed.
These security measures can be applied in addition to signing
recorded data in the recording server.

Encryption and password protection ensure that the forensic

material can be viewed by the authorized receiver only, while

4
Milestone XProtect® VMS System
Security
Feature Brief

the digital signature proves that the video has not been
altered or manipulated while in transit.

5