Dirk Stegemann

Product Security Officer, Bosch Security Systems

Author Bio ▼

Dirk Stegemann is Product Security Officer for Bosch Security Systems. He is also a key contributor to the ONVIF Profile Q Working Group and ONVIF Security Working Group.
September 18, 2015

Sign up to free email newsletters


The State of Physical Access Control in EMEA Businesses – 2020 Report

ONVIF Introduces Profile Q to Tackle Cyber Security Challenges

onvif on displayIn a world in which cyber theft, hacking and corporate security breaches seem to be proliferating, securing the systems we trust to guard sensitive data, communications and servers has become more important than ever.

ONVIF’s Profile Q offers the advanced security required in today’s technologcal world, giving integrators and end users the necessary protections from today’s cyber security threats, in addition to providing out-of-the-box interoperability.

Before IP technology was widely-adopted, networks for surveillance and access control systems often provided assurance that the communications transmitted between devices was secure and could not be intercepted or hacked, as well as plug and play interoperability.

Today, the IP equivalent, a dedicated and separate IT network for security devices operating independently from a general operations network, is expensive to maintain and has become a luxury few organisations can afford. As a result, CCTV and access control systems often share a network with other business systems and operation devices, clients and software.

When sharing a communication infrastructure with these other business networks, CCTV and access systems require enhanced information security capabilities in order to provide the same level of security as a system operating within a dedicated network.

ONVIF’s newest specification, Profile Q, provides the enhanced information security capability required by today’s shared network infrastructure. Profile Q specifies the use of Transport Layer Security (TLS) as conditional, meaning that if the product has the feature, it must be available on the ONVIF interface to meet profile conformance.

Profile Q also mandates HTTP Digest Authentication and a ‘default access policy’, which is an improvement of security in the communication with conformant devices.

In addition to advanced security features, Profile Q also answers the call for easy installation and out-of-the-box functionality. Manufacturers will have ONVIF automatically enabled for every product that is Profile Q conformant.

This means that an integrator or user doesn’t have to find a switch to activate ONVIF or search for instructions. Profile Q conformant devices are easily discoverable and feature easy camera replacement and configuration, a factory reset functionality and event management.

The two main features of Profile Q – easy set up and advanced security features – have a shared purpose. If a product is too onerous to set up and configure, then it often goes unused.

If security features, too, are difficult to install, configure and maintain, busy operators may turn them off. Though understandable, this leaves devices and networks vulnerable to attack.

Profile Q makes the implementation of advanced security and configuration easy for integrators and users, saving them time and ensuring their networks are safe for multiple uses.

Get your summer security fix in this essential free 'State of the Nation' webinar

Explore the state of security in the United Kingdom in this unmissable webinar led by industry titans Professor Dave Sloggett, Surveillance Camera Commissioner Tony Porter, TSI's Rick Mounfield, BSIA's Mike Reddington and Alex Carmichael of the SSAIB.


Related Topics

Notify of
Inline Feedbacks
View all comments