Loading...

Security Recommendations

Mandatory Network Security Recommendations

We recommend two mandatory actions to be taken towards securing your product if it is connected to the network.

Change Passwords and Use Strong Passwords

The number one reason systems get hacked is due to having weak or system default passwords. It is recommended to change default passwords immediately and choose a strong password whenever possible. A strong password should be made up of at least 8 characters and a combination of special characters, numbers and lower-case letters. We also highly recommend that you do not share your password with anyone and that you change your passwords regularly.

Update Device Firmware Regularly

As is standard practice in the IT industry, we recommend keeping NVR, DVR and IP Camera firmware’s up-to-date to ensure the system is current with the latest security patches and fixes You can see our support page for the latest firmware and or contact our support team to obtain the latest firmware for your device

Additional Security Measures

In addition to the above two mandatory security measures, you can further secure your device by implementing the below

Isolate NVR & IP Camera Network

We highly recommend that the network that your NVR and IP camera resides on should not be the same network as your public computer network. This will prevent any visitors or unwanted guests from getting access to the same network that the security system is on.

Physically Lock Down the Device

Ideally, you want to prevent any unauthorised physical access to your system. The best way to achieve this is to install the recorder in a lockbox, secured server rack and / or in a room that is behind a lock and key.

Change the default HTTP & TCP Ports

These two ports are used to communicate and to view video feeds remotely. These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports reduces the risk of outsiders being able to guess which ports you are using.

Limiting the amount of ports that you forward

Only forward the ports that you need to use. Do not forward a large range of numbers to the device. Under no circumstances should you use DMZ to the device IP address. You do not need to forward any ports for IP individual cameras if they are all connected to a NVR.

UPnP

UPnP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports and you leave the credentials defaulted, you may end up with unwanted visitors. If you have manually forwarded the HTTP and TCP ports in your router/modem, this feature should be turned off regardless. Disabling UPnP is recommended when the function is not used.

SNMP

Disable SNMP if it is not in use. If you are using SNMP, you should only do so temporarily for tracing and testing purposes only.

Multicast

Multicast is used to share video streams between recorders. Currently there are no known issues involving Multicast. but if you are not using this feature you should disable the feature to further protect your network security.

Enable HTTPS/SSL

Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your devices and recorder.

Enable IP Filter

Enabling the IP filter will prevent everyone, except those with specified IP addresses from accessing the system.

Change ONVIF Password

On older IP Camera firmware, the ONVIF password does not change when you change the system credentials. You will need to either update the camera firmware to the latest revision or manually change the ONVIF password.

Disable Auto-Login on SmartICRSS

Those using SmartPSS to view their system and on a computer, that is used by multiple people should disable auto-login. This adds a layer of security to prevent users without the appropriate credentials from accessing the system.

Limit Features of Guest Accounts:

If your system is set up for multiple users, ensure that each user only has rights to features and functions they need to use to perform their job.

Check the Log:

If you suspect that someone has gained unauthorised access to your system, you can check the system log. The system log will show you which IP addresses were used to login to your system and what was accessed.

Contact

Call Us
0818 903 365
00353 1 4268275
Address
12 Knockmitten Lane, Western Industrial Estate,
Dublin 12, Ireland.
Call Us
+44 (0) 1483 685460
Address
Surrey Technology Centre, 40 Occam Road, Surrey Research Park, Guildford GU2 7YG, United Kingdom.

Please trust us, we will never send you spam