9 Simple Steps to Create a More Cyber-Secure Security System

Cybersecurity is more than just a trending topic; it’s a set of protocols and strategies designed to protect every device that is connected to the Internet. IP video surveillance systems are not immune to cyber risks, but taking simple steps toward protecting and strengthening your networks and network devices will make them less susceptible to attacks. Below are some tips and recommendations from Dahua on how to create a more cyber-secured solution:

Update Firmware

  • One basic way to keep your devices secured from attack is to ensure that your NVR, DVR, and IP cameras firmware are up-to-date at all times.
  • Some IP devices are now made with the capability to check for available security patches and updates, safeguarding against attacks and unauthorized software.
  • Instructions:https://dahuawiki.com/Firmware/Update_Firmware_via_USB

Use Strong Passwords and Change Frequently

  • The number one reason a system gets “hacked” is due to weak or default passwords.
  • Dahua recommends never using a default password, and instead creating a strong and unique password for your system.
  • What is considered a “strong” password? It should be at least 8 characters and is made up of a combination of special characters, numbers, and upper and lower case letters.
  • Regularly change the credentials to your devices to help ensure that only authorized users are able to access the system.
  • Instructions:http://dahuawiki.com/NVR/Basic_Setup/Change_User_Name_or_Password

Change ONVIF Password

Enable IP Filter

  • Enabling the IP filter will prevent everyone, except those with specified IP addresses, from accessing the system.
  • Work with your integrator to “Allow List” specific IP and MAC addresses to ensure that only those devices/locations can access the system.
  • Instructions:http://dahuawiki.com/NVRiSettingNetwork#IP_Filter

Check the Log

  • If you suspect that someone has gained unauthorized access to your system, you can always check the system log.
  • This log will show you which IP addresses were used to login to your system and what was accessed.
  • Instructions:http://dahuawiki.com/NVRiInfoLog

Physically Lock Down the Device

  • Ideally, you want to prevent any unauthorized physical access to your security system. The best way to achieve this is to install the recorder in a lockbox, locking server rack, or in a room that has controlled access .
  • This will deter any physical sabotage to the system.

Use a Different Username and Password for SmartPSS

  • In the event that your social media, bank, email, or any other account is compromised, you would not want someone collecting those passwords and trying them out on your video surveillance system.
  • Using a different username and password for your security system will make it more difficult for someone to guess your credentials

Limit Features of Guest Accounts

How to Create a More Cyber-Secure Security System for Your End-Users

Cybersecurity is more than just a trending topic; it’s a set of protocols and strategies designed to protect every device that is connected to the Internet. IP video surveillance systems are not immune to cyber risks, but taking simple steps toward protecting and strengthening your client’s networks and network devices will make them less susceptible to attacks. Below are some tips and recommendations from Dahua on how to create a more cyber-secured solution:

Disable UPNP

  • Universal Plug and Play (UPNP) permits networked devices to seamlessly discover each other’s presence on a network and establish a functional connection. While this may allow for easy installation, it can leave network devices vulnerable.
  • UPNP will automatically try to forward ports in a router or modem. Normally this would be helpful. However, if the system automatically forwards the ports, and you leave the credentials defaulted, you may end up with unwanted visitors.
  • Dahua suggests manually forwarding the HTTP and TCP ports in your router/modem and disable UPNP.
  • Instructions: http://dahuawiki.com/Remote_Access/UPNP_Function

Disable P2P

  • P2P is used to remotely access a system via a serial number.
  • While the possibility of someone hacking into a system using P2P is highly unlikely since a user name and password are also required, this should be disabled as a precaution.
  • Instructions: http://dahuawiki.com/NVRiSettingNetwork#P2P_Setting

Disable SNMP

  • Simple Network Management Protocol (SNMP) should be disabled if the end-user will not be using it.
  • Educate your customers on this security measure and let them know that if they plan to use SNMP to only enable it temporarily for tracing and testing purposes. When not in use, this function should be disabled.
  • Instructions: http://dahuawiki.com/SNMP

Enable HTTPS/SSL

Change ONVIF Password

Enable IP Filter

  • Enabling the IP filter will prevent everyone, except those with specified IP addresses, from accessing the system.
  • Ask your clients which devices they will be accessing their system on, and “Allow List” those IP addresses to ensure only those set devices can access the system.
  • Instructions: http://dahuawiki.com/NVRiSettingNetwork#IP_Filter

Disable Multicast

  • Multicast is used to share video streams between two recorders. Currently there are no known issues involving Multicast.
  • However, Dehua suggests that Multicast functionality be disabled if your client is not planning on using this feature
  • Instructions: http://dahuawiki.com/NVRiSettingNetwork#Multicast

Change Default HTTP and TCP Ports

  • Change default HTTP and TCP ports for Dahua systems. These are the two ports used to communicate and to view video feeds remotely.
  • These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports reduces the risk of outsiders being able to guess which ports your clients are using.
  • Instructions: http://dahuawiki.com/NVRiSettingNetwork#Connection

Forward Only Ports You Need

  • Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of numbers to the device. Do not DMZ the device’s IP address.
  • You do not need to forward any ports for individual cameras if they are all connected to a recorder on site; just the NVR is needed.
  • Instructions: http://dahuawiki.com/Remote_Access/Remote_Access_Setup_Port_Forwarding

Disable Auto-Login on SmartPSS

  • If you clients are using SmartPSS to view their system and are on a computer that is used by multiple people, make sure auto-login is disabled.
  • This adds a layer of security to prevent users without the appropriate credentials from accessing the system despite the ability to access the computer.

Use a Different Username and Password for SmartPSS

  • Inform your clients of the dangers associated with reusing common usernames and passwords for their surveillance system.
  • Have them create unique credentials so that in the event their social media, bank, email, or other accounts are compromised it will still be difficult for someone to guess their login information.

Limit Features of Guest Accounts

  • If multiple users will be accessing the system, ask your clients what features or functions each will need to perform their job and limit their account to only those actions.
  • Instructions: https://dahuawiki.com/NVRiSettingSystem#Account

Isolate IP Camera Network

  • Work with your clients on isolating their NVR and IP cameras from their public network.
  • The network that the NVR and IP cameras resides on should completely separate. This will prevent any visitors or unwanted guests from getting access to the same network the security system needs in order to function properly. It may be undesirable to isolate the NVR from the public network if you wish to remotely connect via Internet. In that case, at least connect the IP Cameras to the PoE Ports on the back of an NVR. Cameras connected this way cannot be accessed from the portion of the network with Internet access, significantly reducing the risk of an attack.
  • Instructions: http://dahuawiki.com/NVR/Basic_Setup/Connect_IPC_to_NVR