We recommend two mandatory actions to be taken towards securing your product if it is connected to the network.
The number one reason systems get hacked is due to having weak or system default passwords. It is recommended to change default passwords immediately and choose a strong password whenever possible. A strong password should be made up of at least 8 characters and a combination of special characters, numbers and lower-case letters. We also highly recommend that you do not share your password with anyone and that you change your passwords regularly.
As is standard practice in the IT industry, we recommend keeping NVR, DVR and IP Camera firmware’s up-to-date to ensure the system is current with the latest security patches and fixes You can see our support page for the latest firmware and or contact our support team to obtain the latest firmware for your device
In addition to the above two mandatory security measures, you can further secure your device by implementing the below
We highly recommend that the network that your NVR and IP camera resides on should not be the same network as your public computer network. This will prevent any visitors or unwanted guests from getting access to the same network that the security system is on.
Ideally, you want to prevent any unauthorised physical access to your system. The best way to achieve this is to install the recorder in a lockbox, secured server rack and / or in a room that is behind a lock and key.
These two ports are used to communicate and to view video feeds remotely. These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports reduces the risk of outsiders being able to guess which ports you are using.
Only forward the ports that you need to use. Do not forward a large range of numbers to the device. Under no circumstances should you use DMZ to the device IP address. You do not need to forward any ports for IP individual cameras if they are all connected to a NVR.
UPnP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports and you leave the credentials defaulted, you may end up with unwanted visitors. If you have manually forwarded the HTTP and TCP ports in your router/modem, this feature should be turned off regardless. Disabling UPnP is recommended when the function is not used.
Disable SNMP if it is not in use. If you are using SNMP, you should only do so temporarily for tracing and testing purposes only.
Multicast is used to share video streams between recorders. Currently there are no known issues involving Multicast. but if you are not using this feature you should disable the feature to further protect your network security.
Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your devices and recorder.
Enabling the IP filter will prevent everyone, except those with specified IP addresses from accessing the system.
On older IP Camera firmware, the ONVIF password does not change when you change the system credentials. You will need to either update the camera firmware to the latest revision or manually change the ONVIF password.
Those using SmartPSS to view their system and on a computer, that is used by multiple people should disable auto-login. This adds a layer of security to prevent users without the appropriate credentials from accessing the system.
If your system is set up for multiple users, ensure that each user only has rights to features and functions they need to use to perform their job.
If you suspect that someone has gained unauthorised access to your system, you can check the system log. The system log will show you which IP addresses were used to login to your system and what was accessed.