CELLULAR MONITORING

1.- LOCATION IN CASE OF EMERGENCY

- ​ Missing person.-(Make known through social networks and chat), (Shout - zone or
perimeter), 2 kilometer alert - to users.
- ​ Kidnapping.-(GPS – Panic button), (cell phone) – Controlled Routing.
- ​ Assault the Robot.-(Panic button) – the ability to report the incident via a website,
any cell phone, text message, or phone, or GPS devices with a panic button.
- ​ Accidents.- Make your situation or emergency known (Location)
a. At work: Burns, frostbite, immersion, electrocution, etc.
b. At home: Poisoning, burns, sprains, suicide attempts, fire, falls.
c. Traffic: collisions, crashes, run-overs, rollovers, ravines.
d. To pedestrians: Falls, run over, assault, robbery, dog bites, kidnappings,
etc.
e. Emergency.- Heart attack, fainting, illness (everything related to health) locate, evacuate
to the nearest hospital or contact ambulances, and inform the COMPETENT AUTHORITIES
FOR ASSISTANCE.
f. In the field: Falls, animal attacks, traffic accidents, fires, etc.
g. In childhood: falls, poisoning and burns.
h. At school: Falls, injuries.
i. Elderly people with Alzheimer's.-(GPS monitoring – Panic button – cell phones or special
button).
2.- WHEN USING THE PANIC BUTTON OR TRYING TO TURN OFF THE CELL PHONE

​ - Location

​ - Photography

​ - Audio

​ - Video

3.- SIMPLIFY THE NOTICE OR EMERGENCY IN THE ICONS OR ORGANIZATION OF THE APPLICATION

OBSERVATIONS
1. ​ As a company,When receiving a panic alert (EMERGENCY CRY or HELP), make it
known and inform the police authorities for assistance.
2. ​ When the client(AFFECTED PERSON) reports a robbery or event suffered, the
company immediately activates the silence switch and begins the search and informs the
police.
4.- AVOID CELL PHONE THEFT

- ​ Silent shutdown.- allows tracking of the cell phone and its location.
- ​ Password in the application.- (avoid uninstallation), turning off the cell phone when
the user is using it.
- ​ User code

THE SYSTEM WILL BE ABLE TO PROVIDE SECURITY AND MONITORING IN THE

FOLLOWING:
- ​ VEHICLE THEFT:Application of technical means (personal GPS, fixed GPS in the car,
panic button on mobility, cell phone).
- ​ SEARCH FOR PEOPLE:Provide drone overflights in floods, fires, and natural disasters.
(Pending)
- ​ HOME: Another activity to be carried out with the company is to provide security
to homes and businesses, with the installation of security cameras, alarms, and panic
buttons in case of theft, robbery, etc.
- ​ DOMESTIC VIOLENCE:By installing panic buttons, the wife or female partner will be
able to access the SCREAM through her cell phone, website, text message, or telephone,
with the added advantage that she is the only one who knows about the devices.
- ​ PANIC BUTTON:Panic button for the family, for all members, in case of emergency
(robbery, mugging, accident, etc.) and the objective is to provide a prompt reaction, the
REAL COORDINATES of the addresses must be determined.
- ​ MONITORING CHILDREN:Whether at home or at school, it is to provide a GPS and
the routing of their activities, providing security instructions (such as the password)

Alcance Functional

​ -​ The system must allow access to large amounts of data at the same
time, such as alerts, messages, audio and video.

​ -​ The system must register users by their first name, last name, telephone
number, email address, and ID number.

​ -​ The system must log in users using their phone number, email address,
and ID card.

​ -​ The user system sends a panic alert to the control panel with certain
data such as the location of the cell phone (theft).
Contingency Plan for Surveillance System Security

1. Access Control:

- Implement multi-factor authentication for all user accounts accessing the system.

- Establish clear user roles and permissions to limit access to sensitive functionality.

- Regularly review and audit user access to ensure only authorized personnel can
access the system.

2. Data Encryption:

- Encrypt all data, both at rest and in transit, using industry-standard encryption
algorithms (e.g., AES, RSA).

- Ensure encryption keys are securely managed and rotated on a regular basis.

- Implement secure key storage and access control mechanisms to protect

encryption keys.

3. Network Security:

- Implement a firewall to control and monitor incoming and outgoing network

traffic.

- Use VPNs or secure communication protocols (e.g., HTTPS) for remote access to
the system.

- Regularly scan the network for vulnerabilities and apply necessary security
patches.

- Segregate the surveillance system network from other internal networks to limit
the attack surface.

4. System Hardening:
 - Ensure all software components, including the operating system, are up-to-date
with the latest security patches.

- Disable or remove unnecessary services, ports, and software to minimize the

attack surface.

- Implement strict file system permissions and access controls to prevent

unauthorized modifications.

- Enable logging and monitoring mechanisms to detect and respond to security

incidents.

5. Backup and Disaster Recovery:

- Implement a regular backup strategy for all critical data and system
configurations.

- Test the backup and restoration process to ensure data can be recovered in the
event of a system failure or security incident.

- Establish a disaster recovery plan to ensure the timely restoration of the

surveillance system in case of a major incident.

6. Incident Response and Reporting:

- Develop and regularly review an incident response plan to address various

security incidents, such as data breaches, system failures, and unauthorized access
attempts.

- Train personnel on incident response procedures and ensure they are aware of
their roles and responsibilities.

- Establish a communication plan to notify relevant stakeholders, authorities, and

customers in the event of a security incident.

- Conduct regular security audits and penetration testing to identify and address
vulnerabilities.

7. Continuous Improvement:
 - Monitor industry trends, best practices, and emerging threats to stay informed
and proactively update the security measures.

- Regularly review and update the contingency plan to ensure it remains relevant
and effective.

- Provide ongoing security awareness training to employees to foster a culture of

security within the organization.

This contingency plan outlines key security measures to be implemented for the
surveillance system software. It covers access control, data encryption, network
security, system hardening, backup and disaster recovery, incident response, and
continuous improvement. Regularly reviewing and updating this plan is crucial to
maintain the overall security of the surveillance system.

Project: Surveillance System with Cameras and Application

Security

Introduction

This document presents a comprehensive project for the implementation of a

surveillance camera system connected to a mobile application

security. The goal is to provide users with an effective tool

to monitor your environment and send alerts to authorities in situations

of danger. The proposal covers the installation and configuration of

cameras to cybersecurity and device integration

mobile phones.

1. Project Description

The proposed system consists of the following main components:

1. Surveillance Cameras: IP cameras with high definition capabilities and

night vision.

2. Mobile Application: Application available on iOS and Android platforms, which

allows real-time monitoring and/or the issuance of alerts.

3. Central Server: Cloud infrastructure for storage and

data analysis.

4. Integration with Authorities: Direct communication system with services

emergency.

2. Cybersecurity Plan

Security is a critical component of the project. The following is

presents a detailed plan to ensure data protection and

system integrity.

2.1. Vulnerability Detection

Identifying and mitigating vulnerabilities is essential to protecting the system

against cyberattacks. Key areas of vulnerability include:

1. Wi-Fi Connections and Routers:

- Risk: Unauthorized access through insecure Wi-Fi networks.

- Solution: Use WPA3 encryption for Wi-Fi connections and configuration

secure router setup, including disabling non-essential services and

change default passwords.

2. Passwords and Authentication:

- Risk: Use of weak or unencrypted passwords.

- Solution: Implementation of strong password policies and

robust hashing techniques (e.g. bcrypt or Argon2) to protect

stored passwords. Also consider implementing

multi-factor authentication (MFA) for access to cameras and the application.

3. Firmware Updates:

- Risk: Exploitation of vulnerabilities in outdated firmware.

- Solution: Implementation of an automatic update system

and continuous monitoring for new vulnerabilities. Developers should

ensure that updates are digitally signed to prevent

installation of malicious firmware.

4. Remote Access:

- Risk: Unauthorized access to cameras and servers via the Internet.

- Solution: Use VPN and two-factor authentication (2FA) for the

Remote access. Configuring access control lists (ACLs) and

network segmentation to limit access.

5. Data Exchange:

- Risk: Interception of data in transit.

- Solution: Encrypt data in transit using TLS/SSL to protect

communications between the cameras, the server and the mobile application.

6. Mobile Application:

- Risk: Vulnerabilities in the mobile application code that can

be exploited to gain unauthorized access or manipulate data.

- Solution: Performing security tests on the code of the

application, such as static and dynamic analysis, and use of techniques such as

code obfuscation to make reverse engineering difficult.

2.2. Shell Scripting for Security

Using shell scripts can automate critical security tasks and

maintenance. Examples of use include:

1. Network Monitoring:

- Function: Detect suspicious activities on the network.

- Script Example: A script to scan ports and detect

unusual connections, using tools such as nmap or netstat.

2. Backup and Recovery:

- Function: Perform automatic backups and ensure the

data recovery.

- Script Example: A script to schedule backups

periodic and verify their integrity using rsync and tar.

3. Update Management:

- Function: Ensure that all software is up to date.

- Script Example: A script that checks for and applies updates to

security for the operating system and applications, using apt-get or

yum.

3. Technical Implementation

3.1. Camera Installation and Configuration

- Camera Selection: Evaluation and selection of cameras with characteristics

such as HD resolution, night vision, motion detection and resistance to

environmental conditions.

- Initial Configuration: Configuring cameras to connect to the network

secure and static IP assignment for easy management.

Developers must ensure that cameras use methods

authentication and encryption insurance.

- Server Integration: Configuring cameras to send data

video to the central server using secure protocols (e.g. RTSP

with SSL/TLS encryption). Data retention policies must be established and

ensure that video storage is protected from access

unauthorized.

3.2. Mobile Application Development

In mobile app development, it is crucial to consider both the

functionality and security. Key areas are detailed below:

1. User Interface:

- Design: The interface should be intuitive and easy to use, allowing the

real-time viewing of cameras and quick access to functions

security.

- Usability Testing: Performing usability tests to ensure

that users can navigate and use the application without difficulty.

2. Alert Functionality:

- Implementation: Development of a panic button that, when pressed,

sends an alert to the authorities, recording location points based

on cell towers and nearby Wi-Fi networks. This is crucial in areas with

limited connectivity.

- Security: Ensure that alerts are sent securely and that the

location data is protected against unauthorized access.

3. Notifications and Communication:

- Push Notifications: Configure push notifications for alerts

motion detected and two-way communication with the server.

- Encryption: Use of encryption to protect communications between the

mobile application and server.

4. User Data Management:

- Privacy: Implementation of clear policies on the use and

storage of users' personal data.

- Data Protection: Encryption of sensitive data stored in the

application and on the server. Application of session management practices

secure to prevent misuse of user accounts.

5. Security Tests:

- Code Analysis: Performing static and dynamic code analysis

to identify vulnerabilities.

- Penetration Testing: Simulating attacks to test security

of the application.

4. Testing and Validation

4.1. Security Tests

- Penetration Testing: Simulation of attacks to identify possible

Security breaches. Common attacks such as SQL injection should be included.

XSS and brute force attacks.

- Code Audits: Comprehensive review of application code and scripts

configuration to detect vulnerabilities. This should include reviewing

of dependencies and external libraries used in the project.

4.2. Functionality Tests

- User Testing: Evaluating user experience and effectiveness

the application's functionalities. These tests should include scenarios of

realistic usage to ensure that all functionalities behave as expected

as expected.

- Performance Testing: Measuring the system's ability to handle

multiple video streams and simultaneous user requests. They must be

perform stress and load testing to ensure the system can

withstand intensive use conditions.

5. Maintenance and Support

- Continuous Monitoring: Use of monitoring tools to ensure

system availability and performance. Developers must

implement alerts to detect performance or security issues in

real time.

- Security Updates: Regular release of updates for

address new threats and improve functionality. The following should be followed:

best practices for vulnerability management and ensuring that all

system components are kept up to date.

- Technical Support: Provision of 24/7 technical support for users and management

of incidents. The support team must be trained to handle

security incidents and respond to user queries in a timely manner

efficient.

6. Legal and Privacy Considerations

To ensure legal compliance and protect user privacy,

It is essential to address the following areas:

6.1. Local and National Regulations

The system must comply with all relevant regulations of the country in which it is
operated.

to be implemented. This includes, but is not limited to:

1. Protection of Personal Data:

- Requirements: Comply with local data protection laws

personal. In many Latin American countries, there are specific laws that

regulate how personal data should be handled and protected.

- Example: Law on the Protection of Personal Data Held by the

Individuals in Mexico, or the Personal Data Protection Law in Peru.

- Implementation: Developers must ensure that the

collection, storage and processing of personal data is

carried out in accordance with these laws, including the explicit consent of

users and the right to access and delete their data.

2. Video Recording and Monitoring:

- Requirements: Comply with the regulations governing video surveillance and

Recording in public and private places. This includes proper notification

to the people being recorded.

- Example: In many countries, it is mandatory to inform people who

are being monitored through security cameras.

- Implementation: Placement of visible notices in monitored areas and

clear documentation on how the video is used and stored.

3. Interaction with Authorities:

- Requirements: Ensure that alerts and data shared with the

authorities comply with local laws and regulations.

- Example: Specific protocols for cooperation with the forces of the

order, ensuring legality and the protection of data privacy.

- Implementation: Development of procedures and agreements with authorities

premises for alert management and incident response.

4. Consent and Transparency:

- Requirements: Provide users with clear and accessible information about

how your data is collected, used and protected.

- Example: Detailed and accessible privacy policies within the

application.
- Implementation: The application must include clear terms and conditions,

as well as a privacy policy that explains how data is handled

of the user.

6.2. Data Management and Privacy

1. Data Encryption:

- Requirements: All sensitive data must be encrypted both in transit

as if at rest.

- Implementation: Use of advanced encryption (e.g. AES-256) to

protect stored data and TLS to secure communications.

2. Data Minimization:

- Requirements: Only strictly necessary data should be collected and stored.

necessary for the operation of the system.

- Implementation: Regular audits to review and justify the need

of the data collected.

3. Data Retention and Deletion:

- Requirements: Data must be retained only for as long as necessary and

must be disposed of safely after this period.

- Implementation: Clear data retention policies and procedures

secure disposal to comply with legal and privacy requirements.

4. Data Access:

- Requirements: Restricted access to sensitive data to authorized personnel only

and record of all access activities.

- Implementation: Robust access control systems and audits

regular data access activities.

7. Considerations for Developers

To ensure successful implementation of the system and its security, the

Developers should consider the following practices:

1. Secure Software Development:

- Practices: Adopt secure development methodologies that integrate

security reviews at each stage of the software lifecycle.

- Implementation: Use of code security analysis tools

(SAST and DAST), continuous security testing and peer code review

with a focus on security.

2. Dependency Management:

- Practices: Actively monitor and manage all dependencies and

third-party libraries used in the project.

- Implementation: Maintain an updated inventory of dependencies and

proactively apply security patches and updates.

3. Secure Infrastructure:

- Practices: Ensure that the underlying infrastructure (servers, networks,

databases) is configured and maintained with best practices

security.

- Implementation: Use of cloud services with security capabilities

advanced, firewall configuration, network segmentation and monitoring

continuous security.

4. Resilience and Recovery:

- Practices: Design the system to be resilient to failures and capable of

recover quickly from incidents.

- Implementation: Disaster recovery plans, redundancy of

critical systems and regular testing of recovery procedures.

5. Compliance with Regulations:

- Practices: Ensure that all system components comply with

legal regulations and industry standards.

- Implementation: Regular compliance audits and maintain

Complete and up-to-date documentation on security practices and

compliance.

8. Considerations for Mobile Application Security

In implementing the mobile application, it is crucial to address the following

security areas to protect both the user and the system in general:

1. Authentication and Authorization:

- Requirements: Implement robust authentication and security systems

authorization to protect access to the application and its data.

- Implementation: Use of multi-factor authentication (MFA), secure management

of session tokens and role-based access control (RBAC).

2. Protection against Exploitation:

- Requirements: Protect the application against common exploitation techniques,

such as code injection, permission abuse, and brute force attacks

gross.

- Implementation: Validation and sanitization of entries, safe handling of

App permissions and protection against brute force attacks

through attempt limits and temporary account blocking.

3. Communications Security:

- Requirements: Ensure that all communications between the application

mobile and server are encrypted and secure.

- Implementation: Use HTTPS/TLS for all connections, and

valid and up-to-date certificates.

4. Secure Data Storage:

- Requirements: Protect data stored on the mobile device against

unauthorized access.

- Implementation: Use of data encryption in local storage and

secure handling of sensitive data, such as user credentials and

security settings.

5. Protection against Reverse Engineering:

- Requirements: Make it difficult to reverse engineer the application code.

prevent the exposure of vulnerabilities.

- Implementation: Code obfuscation, emulator detection and

protection against runtime manipulation.

Future Considerations
In addition to the elements already detailed in the proposed project,

recommends taking into account the following improvements and considerations for

optimize the system in the long term:

1. Scalability and Load Management: Implement strategies to ensure

that the system can efficiently handle increases in the number of

cameras and concurrent users, maintaining a high level of performance and

availability.

2. Proactive Incident Management: Develop detailed procedures for

early identification and rapid response to potential incidents

security, including continuous monitoring and the ability to isolate and mitigate

potential threats.

3. Continuous Regulatory Compliance: Maintain a constant evaluation and

adaptation to local and national regulations related to the

privacy of personal data and the use of surveillance technologies.

4. Optimization of Infrastructure Resources: Periodically evaluate the

network and storage infrastructure capacity to ensure that

is aligned with system demands and user expectations.

5. Integration of Emerging Technologies: Research and adopt new technologies

technologies that can improve the accuracy and effectiveness of the system

surveillance, such as artificial intelligence for video analysis and recognition

ethical facial.
These improvements will not only strengthen the safety and operational efficiency of
the

system, but will also ensure its adaptability as

the needs and technologies of the security environment evolve.

Conclusion

In summary, the proposed project to implement a surveillance system

with cameras connected to a security mobile application represents a

comprehensive solution to monitor environments and improve response to

risk situations. From the initial installation of cameras to the

integration with advanced cybersecurity technologies, the project

It is designed to ensure the protection and privacy of users

while complying with current regulations.

Furthermore, the future considerations outlined here not only aim at

improve the scalability and operational efficiency of the system, but also to

maintain their relevance and effectiveness in a constantly changing technological

environment

evolution. That of emerging technologies and the proactive integration management

of

incidents ensure that the system can adapt and respond

effectively to future challenges.

With these elements in mind, we hope that this project will not only satisfy

current security needs, but also lays the foundation for

a more secure and adaptable future.