Cybersecurity Recommendations III
Only forward the HTTP and TCP ports that you need to use. Do not forward a huge
range of numbers to the device. Do not DMZ the device's IP address.
You do not need to forward any ports for individual cameras if they are all connected to
a recorder on site; just the NVR is needed.
Disable Auto-Login on SmartPSS:
Those using SmartPSS to view their system and on a computer that is used by multiple people
should disable auto-login. This adds a layer of security to prevent users without the appropriate
credentials from accessing the system.
Use a Different Username and Password for SmartPSS:
In the event that your social media, bank, email, etc. account is compromised, you would not
want someone collecting those passwords and trying them out on your video surveillance
system. Using a different username and password for your security system will make it more
difficult for someone to guess their way into your system.
Limit Features of Guest Accounts:
If your system is set up for multiple users, ensure that each user only has rights to features and
functions they need to use to perform their job.
UPnP:
● UPnP will automatically try to forward ports in your router or modem. Normally this
would be a good thing. However, if your system automatically forwards the ports and
you leave the credentials defaulted, you may end up with unwanted visitors.
● If you manually forwarded the HTTP and TCP ports in your router/modem, this
feature should be turned off regardless. Disabling UPnP is recommended when the
function is not used in real applications.
SNMP:
Disable SNMP if you are not using it. If you are using SNMP, you should do so only temporarily,
for tracing and testing purposes only.
Multicast:
Multicast is used to share video streams between two recorders. Currently there are no known
issues involving Multicast, but if you are not using this feature, deactivation can enhance your
network security.
Check the Log:
If you suspect that someone has gained unauthorized access to your system, you can check
the system log. The system log will show you which IP addresses were used to login to your
system and what was accessed.
Physically Lock Down the Device:
Ideally, you want to prevent any unauthorized physical access to your system. The best way to
achieve this is to install the recorder in a lockbox, locking server rack, or in a room that is
behind a lock and key.
Connect IP Cameras to the PoE Ports on the Back of an NVR:
Cameras connected to the PoE ports on the back of an NVR are isolated from the outside world
and cannot be accessed directly.
Isolate NVR and IP Camera Network
The network your NVR and IP camera resides on should not be the same network as your
public computer network. This will prevent any visitors or unwanted guests from getting access
to the same network the security system needs in order to function properly.
To Next Page
Loading...
Need help?
General
