How to Use BlastShield with IP Cams for Enhanced Security
IP video cameras have become a key part of many business physical security strategies, but they’re not perfect. Anyone with access to a computer, phone, or tablet can access a video surveillance system and view its footage.
To keep your video surveillance system secure and minimize the risk of unauthorized access, it’s important to use security software that works alongside video cameras as a “security guard.”
One of the most effective ways to do this is by using security software such as BlastShield™ that restricts access to video surveillance systems.
How Does BlastShield Work?
You’ve designed a security system, installed a security camera, and set up a firewall. But that’s not enough to protect your surveillance system home or business. Many firewalls are just not sufficient to protect your home or business “out of the box.” With legacy firewalls, complex configuration makes it difficult to restrict users and devices from accessing specific applications. Without granular access controls, the security risk is increased due to an increased attack surface.
What if someone was able to access your camera controls, recordings and system? They could disarm a camera or remove recordings. That’s why it’s important to use security software like BlastShield that will protect your IP cams.
Many security cameras use either Wi-Fi or ethernet to transmit footage to a receiver. TIn order to protect your system and camera, you will need increased security that prevents a hacker from accessing your system. With BlastShield, you can create this security using a simple setup process. You’ll select your camera and then connect it to your computer. From there, you’ll set up the Blast Shield software gateway and create your secure connection.
How to Use BlastShield with Your IP Camera
Once you’ve finished setting up your camera, you can start using BlastShield. You will be able to open the BlastShield app, select your network and then simply connect and join the BlastShield network.
Now, any person trying to access your camera will be blocked by BlastShield. With this kind of security, no one will be able to see what you’re recording or view footage from your camera except yourself or others to whom you have explicitly given access.
You will need an x86-based device to be used as a gateway to your IP cam(s). I'm using a Protectli FW2B in this example.
Minimum Requirements for Gateway:
- CPU: Minimum Intel Atom with AES-NI support or Intel Celeron with AES-NI support. Note that more powerful CPUs with AES-NI support such as Core i3 or Xeon are also supported.
- RAM: Minimum 4GB
- HDD/SSD: Minimum 8GB
- NICs: Minimum 2 NICs are required. Most NICs made by Intel, Broadcom and Mellanox are supported.
You will also need a BlastShield Orchestrator, which you'll need to register and connect to. You can sign-up for a free account here, where you can also download the BlastShield™ Desktop client and Mobile Authenticator app.
Setting up with BlastShield is very quick, and you should be able to get connectivity working in about 5 minutes. Follow the instructions here to complete the initial setup with BlastShield. Before you continue setting up your Gateway, your connection to the Orchestrator should look like the figure below:
Next, to create and set up the BlastShield™ Gateway Agent, use the following steps:
Create a new BlastShield Gateway Agent instance in the Orchestrator by clicking on the Add New Gateway button. Choose a name and select the Addressing Mode. Save and download the BlastShield Invitation (aka BSI file). Follow the directions to complete the installation of the Gateway Agent on your x86 hardware here.
Physically connect your router and IP cam to your gateway hardware.
This will allow on-demand encrypted connections between the Gateway and the Client on your computer as shown here. This can be used either across a LAN or across the WAN or internet.
The BlastShield™ Gateway should be placed immediately upstream from the endpoint devices to be protected. If the endpoint devices connect to an ethernet switch, the BlastShield™ Gateway should be upstream of the ethernet switch. The switch should be configured to operate in port isolation mode and the BlastShield Gateway configuration should have its 'Addressing Mode' set to 'MAC address.’.
Step 1: Add New Gateway In The Orchestrator
- Select "Gateways" from the left Menu
- Select "Add New Gateway" from the Gateway List
- Enter Name for the new Gateway
- Select Addressing Mode for the Gateway (click here to learn about Gateways and Addressing Modes)
- Select "Save and Download Invitation"
- The Invitation (.bsi) file and save it for use when installing the gateway software
Step 2: Download the Gateway Software Installer
In this step, you will be downloading the BlastShield Gateway Software Installer. Using the Installer and the Invitation (.bsi) file generated in the previous step you will install the software on your x86 platform and bind it to the BlastShield Network. Below are the steps for this process.
- Download the Gateway Software Installer here.
- Unzip the Installer Package (Do NOT run the Installer file).
- Write the Installer Image to a USB drive using any available image writer
- Note: there are several free utilities available for writing images to USB drives. We recommend the BalenaEtcher software, but you can use any utility.
- Once you have written the image to the USB, copy the invitation (.bsi) file in the root folder of this image on the USB.
Step 3: Install The Gateway On An x86 Background
Install the Gateway on an x86 Platform
In this step, you will be booting the x86 platform from the USB image created in the previous step.
Follow the steps below:
- Make sure the x86 server is connected, as shown above, power it on and exit the boot sequence using the break key that applies to your hardware, then select the boot setup menu.
- Reboot your server from the USB image, once the image boots you will begin the setup process
- Select the uplink interface (to the network)
- Select the downstream interface (to your endpoints)
- Select the invitation (.bsi) file
- Select the target device (hard drive)
- Confirm that all data will be erased, and the image will be installed on the server
- When the installation is complete you will be prompted to remove the USB flash drive (please remove the USB flash drive at this point), and the server will reboot.
At this point, you can return to the BlastShield Orchestration console to begin adding endpoints to your new gateway. You can disconnect the monitor and keyboard from the Gateway hardware now.
Adding Endpoints to Your Gateway
- Click on Gateways in the BlastShield Orchestrator
- Choose your Gateway
- Click on Endpoints
- Click “+ ADD NEW ENDPOINT”
- Choose the name you would like for your endpoint
- Check the box beside “Endpoint Enabled”
- You can leave the IP address as-is unless you want to change it. You can also give your endpoint a DNS Hostname ( BlastShield has an internal DNS).
- Insert the MAC address of the IP cam device that you are adding. In this case, the IP Cam. This may be listed on the device itself or you may need to go to the support page of your device for this info).
- Check “Send DHCP Default Gateway.
- Select “Save Changes”
BlastShield is a cloud-based security service that protects your IP camera from unauthorized access. It works by creating a secure connection between your home or business network and the BlastShield network.
Once you’ve set it up, anyone attempting to access your IP camera will be blocked by the BlastShield network. This means that only authorized users will be able to view footage from your IP camera.
How to secure Docker containers on a Raspberry Pi ...
Time to read: 6 minutes.
Secure an AWS EC2 instance with BlastShield™ in 6 ...
Secure an AWS EC2 instance with BlastShield™ in 6 steps.
Protecting DevOps Software Development Pipeline ...
Security for software developers is an important yet often overlooked part of the software build process. Your build pipeline is a foundational part of your system...
The CyberSecurity Mindset is Broken
Why are cyber attacks exploding while investment in security products is growing at double digits? Equifax CISO Jamil Farshchi’s recent Q&A in the WSJ here illustrates a...
4IR - Driving new cybersecurity requirements
I reminisced with a friend yesterday about spending hours in my local Blockbuster store looking for the perfect video rental. Blockbuster had very little cybersecurity...
Is network security the new definition of ...
They say the definition of insanity is doing the same thing over and over expecting different results. I swear, network security - specifically using VPNs to protect...