Meraki MV security cameras have been on the market for just a couple of weeks now, but their revolutionary new architecture hasn’t gone unnoticed. Breaking boundaries and creating new technologies is nothing new for Meraki. We did it first with wireless when we removed WLAN controllers and servers before moving on to other parts of IT. Because of this, we’re not strangers to the multitude of questions and concerns that can arise from our customers when they first encounter these new and very different architectures.
The release of MV security cameras has been no different. We understand just how important security is to our customers and know that it’s our job to ensure those using MV cameras can rest at ease knowing their offices, schools, and other facilities are well taken care of. This is why our engineering team made it a top priority to implement full, at-rest disk encryption (using AES-256, for those nerdier types), which is now standard for all MV cameras—right alongside native management and transport encryption of video.
Those who have encrypted a personal computer before know that it can take hours to secure all that data, so those plugging in MV cameras for the first time may encounter up to a 20 minute encryption process. Encrypting a computer can also be a huge hassle, but we’ve made sure that our encryption process requires no configuration on the user’s end, in true Meraki fashion. The only thing required is a little bit of patience (we know it will be hard!), as refraining from unplugging the camera during initial boot up will ensure everything goes smoothly. The good news is that cameras only need undergo this encryption process once, so after the initial start up, cameras can be unplugged and restarted with much shorter boot times.
MV, like all of the other Meraki product lines, are cloud-managed, meaning the newest and best features will always be pushed to Meraki devices without any additional cost to our customers. Our engineers carefully process every piece of feedback that comes through our make-a-wish tool located at the bottom of each and every dashboard page, and use these comments to inform what features they work on next.
Full disk encryption was released just a week after MV became available—just imagine what else our engineers have up their sleeves! Meraki’s commitment to data security is just as serious as our commitment to making easy-to-use, yet feature rich products. Don’t miss your chance to participate in the product development process by making a wish.
The last couple of weeks have shown how vulnerable our connected world can be. Reports of a new wave of Distributed Denial of Service (DDoS) attacks at a scale beyond what has been seen before are attracting worldwide headlines. With traffic floods now reaching the terabyte scale, only those with global resources and deep pockets can withstand such an onslaught.
“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second.”
KrebsOnSecurity Hit with Record DDoS – KrebsOnSecurity – September 21st 2016
Powering this new wave of cyber weaponry is the Internet of Things (IoT). A nascent breed of devices taking their steps into the world at a time where the value of something is dramatically amplified by its integration into the network. Unfortunately this rapid push to connect everything has not always been balanced with the rapid push to secure the underlying technology architecture.
“That cyberattack was powered by something the internet had never seen before: an army made of more than one million hacked Internet of Things devices.”
How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet Motherboard – September 29th 2016
One of the unwilling device types in these recent attacks are IP enabled security cameras. These cameras and recording systems are typically well connected and remotely accessed. When this is combined with poorly implemented web interfaces, default passwords, and a lack of cyber security oversight, systems are effectively waiting to be exploited.
“Attackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks last week, prompting fresh concern about the vulnerability of millions of “smart” devices”
The Meraki MV Security Camera delivers on the promise of simple connected devices without security compromise. At the heart of MV is the same core software powering other Meraki devices like wireless access points and security appliances. This code has been honed over the last 10 years, battle tested in the most demanding of locations, and it provides the most secure control infrastructure of any security camera available.
All MV management traffic and video transport is encrypted by default: it’s not even possible to configure MV to operate without encrypted communications. Administrative access to the cameras is only available through the Meraki dashboard, an interface that can be secured with advanced technologies such as two factor authentication.
Beyond the individual devices, the Meraki infrastructure is housed in SSAE16 / SAS70 Type II certified data centres, undergoes daily penetration testing, and is covered by our security rewards program. These policies and processes allow us to meet the most rigorous of customer requirements, including the need to be PCI compliant.
The initial savings of a low cost or consumer grade security camera system may prove expensive later on. If it is trivial for cameras to be used to attack legitimate businesses and other organisations, how much extra effort would it take for someone to start snooping through those same cameras?
With the advent of National Cyber Security Awareness Month, the MV team will be posting more information on MV’s security architecture to highlight our commitment to a safe world of connected devices. Until then, for further information please contact us to find out more.
Meraki Systems Manager continues to offer extensive functionality for Apple platforms. Only recently we announced same day support for iOS 9 in conjunction with a new strategic joint development partnership between Cisco and Apple. We continued that story with the launch of extensive new features for Systems Manager on February 9th. In this particular post we are going to explore the Apple specific elements of that launch.
With MDM it has always been important to make sure you keep the users informed. This ensures they attribute changes to their device to administrative control and not to a fault. The iOS Wallpaper functionality of iOS 9 offers a great way of keeping users informed, while also offering branding and user experience options.
The Lock and Home page Wallpapers can be configured independently or together with a simple drag and drop. The reason that changing the Wallpaper with Systems Manager offers a great way of interacting with the user is because it can be tied to tags. This means that the Wallpaper can change dynamically based on various events, for example based on the person using the device or its posture.
FileVault disk encryption
Information is the lifeblood of any organization, with the securing and management of this data under increasing scrutiny. Encryption of information on portable devices such as laptops is frequently being mandated in regulated industries such as health care. The loss of confidential or private information can lead to stiff penalties, brand damage, and dented consumer confidence.
FileVault in OS X provides strong data security with full disc encryption using AES. With full disk encryption, data on a mislaid or stolen device is useless to the unauthorised recipient. Systems Manager now supports FileVault disk encryption management, and in typical Meraki fashion, has been made as simple as possible.
The difficulty associated with disk encryption is not typically with encrypting data but in decrypting it when required. For example, when an employee leaves the organization it may be necessary to access the customer data on their device. If the password or recovery key has not been provided by the departed employee, then the data is lost forever.
Systems manager supports all three methods of FileVault data recovery: an institutional recovery key, a personal recovery key, or both simultaneously. Institutional recovery keys are transparently managed by the Meraki cloud ensuring they are never lost. More information on FileVault 2 can be found on our documentation portal.
OS X system preferences
To top off the list of Apple functionality added in this Systems Manager launch there are now 35 new OS X system preferences to play with. This includes things such as control of Security & Privacy settings, Software Updates, and Parental Controls. Further information on these OS X systems preferences is again located on our documentation portal.
The new features for Apple platforms included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you can upgrade to the full version by simply contacting our sales team. The full version includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
Excited by the new content in this systems manager launch? We are! The team will be highlighting these features and more in upcoming Systems Manager webinars. Alternatively if you can’t wait to get started, contact us to begin a no risk trial and we will help get you up and running.
Last week we upgraded all Standard networks to Pro at no charge. We did this because we were no longer selling and improving the Standard product and wanted to provide our established Standard customers with the best and most up-to-date features Meraki has to offer.
This upgrade means Standard network operators will have the exact same features as Pro, including billing features, captive portal control, and our recently expanded Pro features such as splash pages and encryption on both SSIDs.
We everyone enjoys the new features!
Last week we upgraded all Standard networks to Pro at no charge. We thought we could provide the best service to our Standard customers by consolidating Standard and Pro to offer the same feature set.
This upgrade means Standard network operators will have the exact same features as Pro, including captive portal control, and our recently expanded Pro features such as splash pages and encryption on both SSIDs.