Securing your CCTV System against Cyber threats
The recommendations below outline best practice for securing and minimizing potential threats to your CCTV system.
Never leave any device with its factory default password still in place, including the ‘admin’ and ‘888888’ accounts, which are known to have been exploited
Use strong passwords with a mixture of upper & lowercase and special character. Use at least 15 characters, avoid using names and change regularly
Enable the 'account lock' feature to minimize brute force attacks.
Don’t enable or use mouse pattern codes to login local recorder, these can easily be observed.
Be diligent who you give passwords to, and how they are managed.
Know who should be using your system and when they should be using it. Using different logins for each user helps when performing a security audit on the system
On a regular scheduled basis perform firmware updates. Also, audit any existing 'older' legacy devices whose vulnerabilities may pose a risk if not replaced and communicate this to stakeholders.
Unless required disable the following features: Telnet, Bonjour, UPnP, P2P, SNMP, SMTP
Do NOT use the main account called ‘admin’ for normal operation, instead, create an additional User account for each User of the system, doing this makes the security auditing process more robust.
Don’t leave TCP or HTTP ports at their default values.
Configure your CCTV devices on an isolated network
Ensure all network devices including edge routers, Access points have the most up-to-date firmware installed. If using Wifi, use strict WPA3 where possible.
Ideally the recorder and network devices should be located in secure, locked location to restrict physical access to the system.
Ensure you have saved a CLEAN configuration backup for the device and it is stored in a secure location, this can be used to quickly restore the unit after an attack.
For existing clients, we recommend you contact us to arrange a cyber security check of your existing equipment. Because new threats are discovered on a semi regular basis, only regular checks can ensure your devices are at minimal risk of attack. These threats are often prevented by either a firmware update, configuration change, or on occasions, passwords changes or deletions.
Tasks after an attack
After an attack, it’s important to do the following, to mitigate future attacks.
Contact your I.T Department or ITC security advisor and get further advice.
Apply latest firmware or re-apply current firmware, this is an important step because some devices can be weaponised, where the hacker, installs a ‘custom’ firmware, that can be used to launch ‘Bot net’ and other types of DoS attacks, while the user of the device remains unaware of the hackers root access, which enables the hacker to remain hidden.
Reconfigure the device and change all passwords and ports on the devices. If the device is accessed remotely via NAT port-forwarding, change the TCP and HTTP ports values on the device. You will also need to replicate these port changes on your router and edit these device connection port changes on off-site Client software and apps
Your I.T provider should also check all internet edge devices (routers/gateways) have the latest firmware and is configured securely.
Further information about cyber security can be accessed from the Australian Cyber Security Centre. (www.cyber.gov.au)