FreedomVMS

 

Securing your CCTV System against Cyber threats

The recommendations below outline best practice for securing and minimizing potential threats to your CCTV system.
Cyber Security Image



It is very important that your devices have the latest firmware installed. This cannot be emphasized enough, its recommended that you engage with your CCTV provider on a regular basis to perform annual cyber security updates to your CCTV system.

Never leave any device with its factory default password still in place, including the ‘admin’ and ‘888888’ accounts, which are known to have been exploited

Use strong, hard to guess passwords & change regularly, and don’t use the same passwords as your social media accounts

Disable Telnet access

Do NOT use the main account called ‘admin’ for normal operation, instead, create an additional User account for each User of the system, doing this makes the security auditing process more robust.

Don’t enable or use mouse pattern codes to login local recorder, these can easily be observed.

Don’t leave TCP or HTTP ports at their default values.

Disable P2P unless required

Disable ONVIF service unless required

Disable network UPnP and Multicast if not used

Disable Bonjour service unless required

Be diligent who you give passwords to, and how they are managed.

Know who should be using your system and when they should be using it. Using different logins for each user helps when performing a security audit on the system

Ensure your network devices including edge routers/gateways/Wifi access points have the most up-to-date firmware installed and passwords are NOT left at their default values and strong passwords are used. If these devices are compromised, hackers gain much more detailed information about network connected devices, which may facilitate a more targeted attack.

Ideally the recorder and network devices should be located in secure, locked location to restrict physical access to the system.

Ensure you have saved a CLEAN configuration backup for the device and it is stored in a secure location, this can be used to quickly restore the unit after an attack.

For existing clients, we recommend you contact us to arrange a cyber security check of your existing equipment. Because new threats are discovered on a semi regular basis, only regular checks can ensure your devices are at minimal risk of attack. These threats are often prevented by either a firmware update, configuration change, or on occasions, passwords changes or deletions.

Tasks after an attack

After an attack, it’s important to do the following, to mitigate future attacks.

Contact your I.T Department or ITC security advisor and get further advice.

Apply latest firmware or re-apply current firmware, this is an important step because some devices can be weaponised, where the hacker, installs a ‘custom’ firmware, that can be used to launch ‘Bot net’ and other types of DoS attacks, while the user of the device remains unaware of the hackers root access, which enables the hacker to remain hidden.

Reconfigure the device and change all passwords and ports on the devices. If the device is accessed remotely via NAT port-forwarding, change the TCP and HTTP ports values on the device. You will also need to replicate these port changes on your router and edit these device connection port changes on off-site Client software and apps

Your I.T provider should also check all internet edge devices (routers/gateways) have the latest firmware and is configured securely.

Further information about cyber security can be accessed from the Australian Cyber Security Centre. (www.cyber.gov.au)