IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
ONVIF has announced that it will end its support for Profile Q early next year since it contains certain specifications that are no longer consistent with current cyber security best practices.
Profile Q was developed to provide easy setup of a conformant device on an IP network. It requires a Profile Q conformant device to allow anonymous access to all ONVIF commands during the setup process in the factory default state. This does not follow current cyber security best practices, which recommend, among other things, that a network device require users to set passwords and other access rights before the device can be used.
Since the specifications of a profile cannot be changed as it would impact interoperability between products that conform to a specific profile, Profile Q will be deprecated on March 31, 2022.
“ONVIF conformant products are used in a wide variety of industries and geographies, with different requirements when it comes to cyber security policies or best practices,” said Leo Levit, chairman of the ONVIF Steering Committee. “As these cyber threats evolve quickly, it’s important that users are aware of these best practices to ensure they are implementing cyber security measures that are appropriate for their organization.”
ONVIF recommends following industry best practices and local regulations and staying informed about technology changes from the market. The ONVIF Network Interface Specifications have defined network protocols that include security elements such as TLS (Transport Layer Security), which allows ONVIF devices with that feature to communicate with clients across a network in a way that protects against eavesdropping and tampering. ONVIF specifications also cover the ONVIF Default Access Policy, which specifies that there should be different access classes to services based on different user roles. Manufacturers can implement these specifications regardless of whether the specifications are included in a profile or not.
Founded in 2008, ONVIF is a leading and well-recognized industry forum driving interoperability for IP-based physical security products. Other profiles include:
Profile S for streaming video
Profile G for video recording and storage
Profile C for physical access control
Profile A for broader access control configuration
Profile T for advanced video streaming
Profile M for metadata and events for analytics applications
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
ONVIF ending support for Profile Q in early 2022Support is ending for Profile Q since it contains certain specifications that are no longer consistent with current cybersecurity best practices.
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources
Related Topics
Securing the digital frontier: The critical role of cyber security in off-grid technologies
What’s next for AI in the security sector?
‘There is a real opportunity here for security companies to show leadership’: In conversation with Simon Giles, CEO at City Group Security