Secure your security surveillance
Surveillance systems offer home and business owners peace of mind, knowing that their property and valuables are protected from criminals. But during Surveillance installation owners / responsible person couldn’t change default password of product, like: DVR. NVR, IP Camera, IP Intrusion Panel, Router, Access Point etc. Many users sometimes call me and ask “my DVR data is formatted, but I couldn’t share DVR password”, “I lost my NVR password, how to retrieve the same” etc. etc.
I have seen 80% of users will not change the default username and password for their IP cameras. Electronic Security Surveillance footage is useful in conducting investigations. IP video surveillance is not immune to cyber risks, but taking basic steps toward protecting and strengthening networks and networked appliances will make them less susceptible to attacks. Below are some tips.
1. Change default passwords and used strong word:
You can find the default username and password from either user-manual or the product sticker on the product. Sometime your installer share password. Default passwords makes your system easier to hack. It’s like leaving the door already half open for smart hackers. The most used default account for IP camera is admin/admin. You may need to reset your device before. After reset, user settings and account information will return to their factory settings. Below are the top 10 passwords
a. 12345
b. Password
- 12345678
- qwerty
- abc123
- 987654321
- 111111
- 1234567
- iloveyou
- adobe123
Almost all cameras sold today have a web-based graphical user interface (GUI), and come with a default username and password which is published on the internet. Using a strong password is the vital step to protect your IP camera from unauthorized accessing or hacking. The strong password must contain more than eight characters and at least include four types of characters - uppercase letter, lowercase, numbers and special characters.
2. Change Passwords Regularly:
Regularly change the credentials to your devices to help ensure that only authorized users are able to access the system. Most cameras offer at least some form of basic authentication. It may not be super robust, but at least it is better than nothing at all. Protect your camera feeds with a username and a strong password and change it periodically. Set high quality passwords and do password enforcement and account deletion when staff changes.
3. Rename the Default Admin Account and set a new Admin Password
Your camera's default admin name and password, set by the manufacturer, is usually available by visiting their website and going to the support section for your camera model. If you haven't changed the admin name and password then even the most novice hacker can quickly look up the default password and view your feeds and/or take control of your camera.
4. Limitation of Guest Accounts
If your system is set up for multiple users, ensure that each user only has rights to features and functions they need to use to perform their job.
5. Change ONVIF Password
On older IP Camera firmware (applicable for limited product), the ONVIF password does not change when you change the system’s credentials. You will need to either update the camera’s firmware to the latest revision or manually change the ONVIF password.
6. Manage your camera settings
Including a camera in a home security system is a must these days. It can allow you to view online what’s happening at home even if you’re on the other side of the world. However, with the same feature, you can also be exposing yourself to potential hackers.
A security camera is set for remote online monitoring by default during your purchase. This feature makes it possible for you to keep an eye on your home in real time through a specific app or website. It also makes it a possibility for hackers to use your own camera to spy on your home. Scary, right?
If you can go by without remote online monitoring, turn this feature off. However, if you feel that it’s a necessity to keep the feature, then guard your home and your system by a strong password. It can also help if you strictly position the cameras to face only the areas they’re supposed to monitor. Avoid including your living room or your bedroom entirely.
7. If Your Camera is Wireless, Turn on WPA2 Encryption
If your camera is wireless capable, you should only join it to a WPA2-encrypted wireless network so that wireless eavesdroppers can't connect to it and access your video feeds.
8. Enable HTTPS/SSL:
Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your devices and Storage.
Many cloud vendors provide connection encryption, but it is variable. Confirm with your cloud vendor how their system handles this.
9. Protect your router.
Like your security system, you can also make your home more secure by protecting your router with an effective password. You can use the same ideas as above. However, make sure you don’t use the same access codes for your system and router.
You can also try hiding your router by manipulating its configuration to make it invisible. However, you have to keep in mind that doing so doesn’t completely make your router invisible. Instead, it only makes your network not easily seen on basic and automatic searches. If a hacker is too advanced, he can simply look for a tool and use it to find your network.
10. Avoid using public wi-fi.
As much as possible, try not to access your automation devices at home using public wi-fi connections. This makes you more prone to hackers getting access to your personal informations. You can try using your mobile data service or find a more secured connection before you click connect.
11. Enable IP Filter:
Enabling your IP filter will prevent everyone, except those with specified IP addresses, from accessing the system.
12. Check the Log
Most of the time, the easiest way to know if someone has been messing around with your system is by checking your camera logs. There are several security cameras that can show you the IP addresses that accessed your cameras. If you find a suspicious one on your log, immediately change your access codes and notify proper authorities.
13. Disable UPNP:
UPNP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports, and you leave the credentials defaulted, you may end up with unwanted visitors.
If you manually forwarded the HTTP and TCP ports in your router/modem this feature should be turned off regardless.
14. Disable SNMP:
Disable SNMP if you are not using it. If you are using SNMP, you should do so temporarily, for tracing and testing purposes only.
15. Disable P2P:
P2P is used to remotely access a system via a serial number. The possibility of someone hacking into your system using P2P is highly unlikely because the system’s user name, password, and serial number are also required.
16. Disable Multicast:
Multicast is used to share video streams between two recorders. Currently there are no known issues involving Multicast, but if you are not using this feature, you should disable it.
17. Put up a firewall.
Make sure you have a firewall in your network to prevent unauthorized access to your devices. If you don’t have one, you can browse the internet to know your best options on firewall downloads.
For a cloud-based solution without port forwarding, an on-site firewall configuration is not needed. Speak with your integrator or system manufacturer to confirm this.
18. Change Default HTTP and TCP Ports:
Change default HTTP and TCP ports for Dahua systems. These are the two ports used to communicate and to view video feeds remotely.
These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports reduces the risk of outsiders being able to guess which ports you are using.
19. Forward Only Ports You Need:
Ideally, do NOT connect your unprotected server to the internet. If you do expose your system to the internet, then “port forward” as few ports as possible and utilize a next generation firewall which analyzes the protocol and blocks incorrect protocols sent over the wrong port. In an ideal situation, also deploy an IDS/IPS for further protection. Its applicable for IP Camera/ DVR/ NVR/ VMS.
The more secure cloud-based systems do not have port forwarding, so no vulnerability exists, and no incremental protection action is required. Ask your integrator or provider to verify this for any system you own or are considering acquiring.
20. Build a separate network
Mixing the cameras on a standard network without separation is a recipe for disaster. If your security camera system is connected to your main network, you are creating a doorway for hackers to enter your main network via your surveillance system, or to enter your physical security system through your main network. Some DVRs can even be shipped with a virus.
Ideally, place the security camera system on a physically separate network from the rest of your network. If you are integrating with a sophisticated IT environment, it is not always possible to separate the two systems physically.
In this event, you should use a VLAN.
21. Connect IP Cameras to the PoE Ports on the Back of an NVR:
Cameras connected to the PoE ports on the back of an NVR are isolated from the outside world and cannot be accessed directly.
22. Secure your smart phone
Most of today’s home security systems are controlled through smart mobile applications and this is what makes your smartphone very important for your home’s security. Keep it in mind to always have it protected.
For one, you should avoid logging in to your system while in public places. Someone near you could be waiting for your password. Also, make sure that no one else can access your phone by securing it with a password lock. You can also install a track app just in case you misplace or lost your phone.
If such event happens, make sure to immediately remove your phone’s access from your security system and report the incident right away.
23. Upgrade your apps and firmwares.
The reason why companies keep updating their firmwares is to fix bugs and glitches as well as to add security patches. By complying with the updates, you are arming yourself with better protection against hackers.
24. Disable Auto-Login on apps:
If you are using apps to view your system and you are on a computer that is used by multiple people, make sure auto-login is disabled. This adds a layer of security to prevent users without the appropriate credentials from accessing the system.
25. Use a Different Username and Password for apps:
In the event that your social media, bank, email, etc. account is compromised, you would not want someone collecting those passwords and trying them out on your security surveillance system. Using a different username and password for your security system will make it more difficult for someone to guess their way into your system. Set high quality passwords and do password enforcement and account deletion when staff changes.
Surveillance System Assessment, Deployment & Maintenance
Data breaches continue to accelerate throughout the world. With increasing Internet connectivity, physical security systems are very vulnerable to cyber-attacks, both as direct attacks and as an entrance to the rest of the network. Liabilities for these attacks are still being defined.
It is prudent to protect your company and your customers through preventative measures.
To maximize your cyber security, it is critical to define best practices for your own company, as part of your security camera system assessment, as well as its deployment and maintenance.
Security audit is another way to know system performance of your security Surveillance systems. You need to see what camera saw, Auditing of CCTV Video Easier and Efficient. Auditing helps in gaining better Situational Awareness and Actionable Intelligence.
Biography:
Arindam Bhadra is an eSecurity professional 11yr + in this industry. He is a good freelance blogger. His blog is now No 1. Blog in India. 2.9L page viewer globally. Mr. Bhadra is an Electronics & telecommunication Engineer from IETE, New Delhi. He is a member of FSAI from 2011 & Go Beyond security from 2008. His blog arindamcctvaccesscontrol.blogspot.com focuses on security. Apart from his job, he loved to spend all his time with eSecurity & Safety technology understanding and loves to help people. He is a Tech enthusiast and has written articles over the period in this Magazine & blog. You can follow him on Facebook, Twitter, LinkedIn & Google+ etc.
No comments:
Post a Comment