Secure Connections🔗
To ensure proper data protection, Eocortex permits to use SSL/TLS security certificates for encrypting data being transferred between the system components.
It is possible to set secure connections using the SSL/TLS security certificates for the following:
Connecting Eocortex server to IP cameras;
Connecting Eocortex Configurator application to Eocortex server;
Connecting Eocortex Client, Eocortex Web Client, Mobile Android client Eocortex video surveillance, Mobile iOS client Eocortex video surveillance client applications to Eocortex server.
At the same time, the insecure connection is used for the following connections:
Data transfer between Eocortex servers in a multiserver system;
Data transfer between Eocortex components and third-party systems, if the secure connection feature has not been implemented specifically during the process of integration with such systems;
Multicasting of streaming video by Eocortex server for its use in Eocortex Client application.
Particularities of the secure connection of Eocortex server to cameras
Any SSL/TLS certificates are accepted, i.e. Eocortex does not check whether these certificates are trusted or not.
The secure connection capability is available for the limited list of models. However, certain features may not be available when using secure connection with some models of cameras that support secure connection.
The upgrade of Eocortex software to provide a capability of secure connection to certain camera models is performed per special request in accordance with the existing procedures.
Should the Eocortex Configurator application fail to establish the secure connection to the Eocortex servers, such servers will be marked as unavailable in the list of servers. A situation can also occur when in the course of adding a new server using the secure connection it is not possible to properly finalize the addition procedure. This issue may appear due to the inability of the server to launch using a secure port – it may be occupied by another application or made unavailable in the settings of the environment. In this case, it is required to free the corresponding port and ensure network access to it.
If the server’s secure port is not available from the client application, the broadcasting from the cameras assigned to this server will stop, the archive of these cameras will not be played back, no reports on these cameras will be created in the client application, etc.
If the insecure connection to server is prohibited, the Eocortex Client and Eocortex Web Client applications connected to it will be automatically restarted using the secure connection. At the same time, the Mobile Android client Eocortex video surveillance and Mobile iOS client Eocortex video surveillance will not be restarted in this situation. The Eocortex Configurator application will not be restarted either (otherwise, the control over the server could be lost). When prohibiting the insecure connection to the server, such prohibition will become valid for all the new connections from the Eocortex Client, Eocortex Web Client, Mobile Android client Eocortex video surveillance and Mobile iOS client Eocortex video surveillance applications. At that, the Eocortex Client application will use a secure connection in a compulsory manner even in case of an attempt to establish an insecure connection.
The particularities of the SSL/TLS certificates being installed on the server are as follows
The confirmation of a certificate is required for each individual user of the operating system on each device that uses the certificate.
The reliable (trusted) certificate is the one that is issued by a well-recognized (trusted) certification authority.
For each secure connection to the server from the Eocortex Web Client application, the verification of reliability of the certificate used for the encryption of the session is performed in the web browser. If it is not possible to confirm the certificate’s reliability, the user gets an insecure connection warning.
In case that in the course of establishing a secure connection to server from the Eocortex Configurator and Eocortex Client applications it will be detected that the certificate being used is not a trusted one, the dialog box with a question regarding the trustworthiness of this certificate will appear. In this dialog box, the user will be able to forbid the connection or allow one-time or permanent use of the certificate. If the permission to use the certificate is permanent, the warning will not appear again.
The verification of the certificate’s authenticity is performed every time when a secure connection to server is established from the Eocortex Configurator and Eocortex Client applications. If the certificate is not trusted, the user will see a dialog box with the information about the certificate and with the possibility to reject the connection or confirm the use of the certificate. In case of the latter choice, the certificate will be considered trusted and its further confirmation will not be required. However, after the expiration of the certificate’s validity period the confirmation to use it will be required for each new session.
If a third-party security certificate for the server is not installed or it has been impossible to load it during the launch of the server, the self-signed TLS certificate will be used for establishing secure connections with the server. Such certificate is generated on the server in the process of creating a new configuration of the video surveillance system. The self-signed TLS certificate has the following disadvantages:
The certificate can be replaced by an insecure one within the network; the user may not even notice that, confirming the insecure connection.
The users of the web application will have to confirm the insecure connection every time; it may lead to the distrust of the users.
The particularities of the use of certificates in the Eocortex Client application are as follows
During the use of the Eocortex Client application in a multiserver system, the verification of the security certificate may be performed in the course of operation. At that, when the untrusted certificates are detected, the corresponding notifications are shown in the lower right corner of the screen, and the connection with the servers using such certificates is blocked until the user makes a corresponding decision.
All the events of accepting the security certificates are registered in the event log of a video surveillance system.
In case of using the Eocortex Client application in the multi-display mode, the notification regarding the insecure connection will appear on the main display only.
It is possible to disable the verification of the security certificates for the Eocortex Client application using the special launch parameter.