Below we take a look at a few of those enhancements, and what they mean for users of Powered by Nx products.
New in v5 is the ability to encrypt recorded video archives so that they can only be viewed in Nx Desktop, Mobile, and Web clients. In v4.2 and earlier all archives were written as un-encrypted .mkv files which could be played back on any modern media player. Video encryption protects the content of recorded video files by making it impossible to play back the files on 3rd party players like VLC.
With the launch of v5 System Administrators now have the ability to define custom encryption keys and enable encryption for all recorded video archives, rendering them safe even in situations where a nefarious ne’er-do-well has physical access to the machine or hard drives where these files reside. When combined with encrypted communications, the archive encryption feature allows organizations to create video systems with end-to-end encryption. All video streams, all archives, and the transport of live and recorded streams can now be protected from a variety of cyber attacks.
* The Encrypted Archives feature for Nx uses 128- AES encryption, which uses 10 transformation rounds to encrypt data and is approved by the National Security Agency to protect secret government information.
Two Factor Authentication (2FA)
Another new cyber security feature in Nx v5 is Two Factor Authentication (aka 2FA). 2FA adds an extra layer of security for users trying to gain access to their systems by requiring a password (aka the “first factor”) + a pin code (aka “the sector factor”) generated by an authentication app (e.g. Google Authenticator, Microsoft Authenticator) in order to verify their identity before logging into a system.
With 2FA, a potential compromise of just one of these factors (password, or access to the authentication app) won’t enable access. Even in the instance a user’s password is stolen or their phone is lost, the chances of someone else having their second-factor information is highly unlikely, creating a more secure login and blunting the opportunity for cyber attacks.
More Secured ConnectionsAnother significant improvement in Nx v5 is the way that connections are secured amongst components of the system (client, server, and cloud connections). Man-in-the-middle attacks are a persistent threat to intelligent video systems, potentially allowing interception of sensitive video and metadata content as it flows throughout a system. In v5 Nx has hardened all communications between System components, rendering MITM attacks impossible.
All internet requests use OS SSL/TLS Certificate Validation to prevent MITM attacks, including but not limited to updates, on-prem to cloud communications, license validation, statistics reporting, and more.
All Server connections use SSL/TLS Certificate pinning:
Servers exchange certificates on merge and validate them on every connection.
Clients pin certificates on the first connection and validate them on each subsequent connection.
Clients using Cloud Connect validate Servers through the Cloud.
Clients may use strict mode to limit their connections to only trusted Servers.
Servers and Clients use new session-based (bearer token) authentication by default.
For local users, old authentication is disabled by default, which prevents MD5 password storage in the local DB.
For cloud users, OAuth2 authentication is used by default, which prevents a Server owner from compromising a user’s Cloud password and renders Offline Cloud Login attacks impossible.
Two-factor authentication may be enabled on the Cloud to make OAuth2 authentication even more secure.
Many Server API calls require a fresh user session to execute, which requires password confirmation at the API level.