Performing VA/PT On Uniview CCTV devices: Steps of penetration and secure approach

These attackers use techniques by discovering vulnerabilities in the network and subtly exploiting them by injecting backdoor as an example without leaving any trace. Furthermore, people lives are even more important and the rules for privacy have been stricter than ever. Moreover, with the increased demand by people for of their homes and private properties to be monitored using CCTV networks, these cameras should be secure as any intrusion in this network may exploit the daily lives and routines.To simulate a penetration test and scan the network for possible vulnerabilities and exploit them, we believe the most dangerous attacks come from attackers who have all the technical knowledge of the flaws and vulnerabilities exist in the network. The main objective of our research is to setup a network using devices that can be used and bought by a normal user having them not knowing the vulnerabilities that they put themselves into, as we are going to use different tools and devices to scan the network and exploit the network and show the normal user what kind of dangers, they put themselves into and how can it be resolved. Hence, our research project will be used around the below scenario.“It was a Sunday afternoon. Rashid was in his office when he suddenly received an anonymous message containing a link. We he clicked on the link it was a video of him leaving his home today and going to work. Rashid immediately called home and asked them to power down the devices as he knew they were compromised and are being controlled by an attacker. Rashid instantly contacted his friend Marwan who is a penetration tester and forensic analyst to find out how the devices were hacked and how was the attacker able to successfully intrude the network and get access to the CCTV devices” [1]In this research project, the research type will be experimental. We are going to provide an introduction and comparison among different scanning and penetration tools to pave the way for penetration approaches. In addition, the above scenario going to aid us in conducting a meaningful experiment. Furthermore, we are going to discuss about the role of a well-designed and secure network when it comes to securing a home network internally and from the outside. Moreover, the scans that will be conducted will aid us in analyzing the network and exposing the back doors and misconfigurations and help prevent future attacks. We are going to illustrate a Raspberry Pi device can be connected to the network using the initiate scans to find the holes within it to provide the attacker with the necessary information and we will also monitor the traffic and the authentication between the cameras and the NVR, then we will use credentials if found to use by installed device and act as a man in the middle and route the stream to the attacking  During the experiments, we might face some challenges which will be mentioned in our research project, for instance, the stream may be interrupted as two devices will act as the main NVR, also, the tools used may have different readings and may have inaccurate information, Finally, we seek to provide in our research useful information on the different methods in penetration testing so we can have a better understanding of how the attacks are initiated. As of future work, we seek to contribute and thrive on the knowledge to prevent future attacks on CCTV and secure our networks with the best practices available. Project instructions1.    The research SHOULD include figures of processes, methodologies, and penetration testing applications. It should be from 3000 to 3500 words maximum. The references should not be less than 9.2.    The research SHOULD be in IEEE formatting with the proper styles.3.    The paper is between 6 pages and 8 pages (single spaced lines, font size <=11). 4.    Kindly update us about your progress frequently, this will help us to review the work and see the way forward.  5.    The practical part was done with file name “CCTV-PT-Practical.docx”, please ensure that the research is around that. Also, make sure to include screenshots in that file where applicable in the research. Experimental Procedures section in the research will include the practical part “CCTV-PT-Practical.docx” which is sent to you.6.    Please include the scenario explained [1] in the research paper as it will make the objective clear.Project Scope StatementTitle    Performing VA/PT On Uniview CCTV devices: Steps of penetration and secure approach    Date:1/11/2021Project Sections    Abstract    A brief summary of the detailed research project    Introduction    1.    Introduce and define penetration testing and scanning2.    Outline the importance of penetration testing the network and providing relevant patches and solutions for the organizations.3.    Explain the use of CCTV, its configuration and provide three reasons of pentesting CCTV.4.    Address the objective of this project, explain the purpose, the expected findings, and the test approach “methodology”.    Literature Review    1.    Describe the most relevant prior work and their key insights.2.    Critically analyzing existing literature in CCTV devices and penetration 3.    Discuss pros and cons of each methods found.    Experimental procedures    1.    Detailed description of CCTV network architecture, system design, few diagrams.2.    Specify the hardware used to investigate the simulation of the penetration.3.    Specify tools we will be using to forcefully penetrate the network.4.    Explain the proper procedures which are done in using penetration tools, scanning tools and CCTV devices.5.    Create a table of vulnerabilities found which includes impact (1-5), Likelihood (1-5), Risk (1-20)    Discussion    1.    State the security controls to prevent the detected vulnerabilities.2.    Recommend best practices of penetration testing for research enhancements    Conclusion and Future Work    1.    Summarize the key aspects of the research2.    Imply potential future work3.    Opinion on the research carried out    References    References will be taken based on the found readings    Appendix    All reports extracted from used tools will be attached “high, medium and low” Project Timeline    Tasks    Date    Research of penetration testing procedures and scanning tools.    Nov 2, 2021    Perform the scan    Nov 7, 2021    Attack the vulnerabilities     Nov 11, 2021    Patch the network and perform the best solution to secure it.    Nov 20, 2021    Finalize the Report    Dec 5, 2021