manualshive.com logo in svg

Bosch 7100i-2MP OC, Quick Start Manual

Introducing the Bosch 7100i-2MP OC - the perfect surveillance solution for your security needs. Ensure a seamless installation process with our comprehensive Quick Start Manual, included for free with your purchase. Download the manual today from our website, manualshive.com, and get started with your Bosch 7100i-2MP OC in no time.

Share
Download
background image

 

 

IP Camera Hardening and Cybersecurity Guide | 

Secure Configuration and Operation 

1 | 

14

 

Data subject to change without notice | August 22 

Security Systems / Video Systems 

 

 

 

IP Camera Hardening and Cybersecurity Guide 

Secure Configuration and Operation of IP Cameras 

 

Summary of Contents for 7100i-2MP OC

Page 1: ...ersecurity Guide Secure Configuration and Operation 1 14 Data subject to change without notice August 22 Security Systems Video Systems IP Camera Hardening and Cybersecurity Guide Secure Configuration and Operation of IP Cameras ...

Page 2: ...eature Description and Hardening Decisions 5 Defense in Depth 8 Firmware protection 8 Authentication Access Control 8 Network Layer 9 Operational Environment 10 Physical Security 10 Network Separation 10 Network Authentication 10 Central configuration 10 SIEM System 11 PKI 11 AD FS 11 Security Maintenance Activities 12 Checking of Log files 12 Check for Updates 12 Check for Security Advisories 12 ...

Page 3: ...ings to allow easy integration into existing environments Even though it is recommended to reach the settings as shown below Level 2 there can be limitations of the operational environment that mandates the use of a certain protocol or feature which is less secure e g SNMPv1 The Reasoning chapter describes why a certain protocol should be enabled or disabled to allow a better informed choice Harde...

Page 4: ...led Discovery Enabled Enabled Disabled ONVIF discovery Enabled Enabled Disabled GBT 28181 Disabled Disabled Disabled Password reset mechanism Enabled Disabled Disabled Ping response Enabled Enabled Disabled RTSPS Enabled Enabled Enabled Network Network Access Minimum TLS version 1 0 1 2 1 2 HSTS Disabled Enabled Enabled Network Advanced 802 1x Disabled Optional Enabled Syslog Disabled TCP TLS Netw...

Page 5: ...s is the configuration protocol for Bosch IP cameras Plain RCP is unencrypted so settings are transferred unencrypted All Bosch tools now use RCP over HTTPS communication for some time but it might be needed for 3rd party integration tools or scripting tools still relying on this protocol Recommendation Disable RCP if not used by 3rd party tools or legacy systems SNMPv1 SNMP is the common network ...

Page 6: ...eeded it is recommended to disable this feature Ping Response Configures if the camera answers to ping requests in the network Can help with debugging in a high secure network this can be disabled to avoid device enumeration via ping sweep although there are several other means of device discovery that can be used by an attacker Recommendation Risk based approach can be disabled for high security ...

Page 7: ...rk subnets can be defined that are allowed to access the camera It is recommended to define the computers or networks accessing the camera here Recommendation It is recommended to use the IP filter to define allowed hosts or networks Date Time For having the correct timestamp on logs and video data is it recommended to sync the time to a central timeserver Both SNTP and TLS date can be used to ach...

Page 8: ...ware root of trust This prevents an attacker to modify bootloader or firmware on the device Authentication Access Control 3 2 1 User Authentication Bosch IP cameras support different methods of authentication Pre configured is password based authentication with three different roles that can be assigned to a user Optional certificate based authentication or ADFS integration into an active director...

Page 9: ...traffic when using HTTPS HSTS HTTP Strict Transport Security HSTS protects against man in the middle attacks and protocol downgrade attacks For more details see chapter 1 RTSPS RTSPS is the encrypted variant of RTSP providing a secure means of transporting video data 3 3 2 Least Protocol It is recommended to activate only the protocols that are needed for operation of the camera All other protocol...

Page 10: ...ation The network in which the cameras are operated should support network authentication with 802 1x to allow only valid devices and actors on the network Central configuration The cameras can not only be configured locally via web based interface but there are several possibilities to centralize management 4 4 1 Configuration Manager The Configuration Manager offers the possibility to manage one...

Page 11: ...ntication with 802 1x user authentication with certificates and other encryption functions custom certificates can be installed on the camera The most secure variant of certificate deployment is to generate a signing request on the camera and request a certificate from an internal or external CA certification authority This way the private key of the certificate never leaves the device and is secu...

Page 12: ... it is advised to send the logs of the camera to a syslog server or a SIEM system as each camera will reserve a fixed space for logging internally but will overwrite older logs if that space is filled Check for Updates The device should be always updated to the latest firmware version to include security or functional fixes To get more information about the release cycle of firmware versions as we...

Page 13: ...tificates and the respective keys that were stored in the TPM or secure element will also be deleted It is recommended to set devices to factory default also in case that they must be moved into another installation that may use other credentials or certificates Reporting Security Vulnerabilities It is an essential part of the Bosch Quality Promise that we provide product security and protect our ...

Page 14: ...cure Configuration and Operation 14 14 Data subject to change without notice August 22 Security Systems Video Systems Bosch Sicherheitssysteme GmbH Robert Bosch Ring 5 85630 Grasbrunn Germany www boschsecurity com Bosch Sicherheitssysteme GmbH 2022 ...

Reviews:

No comments

Related manuals for 7100i-2MP OC

Super Circuits PC88WR Operation Manuals preview
PC88WR
Brand: Super Circuits Pages: 2
D-Link DCS-5010L Quick Install Manual preview
DCS-5010L
Brand: D-Link Pages: 2
D-Link DCS-936L Quick Install Manual preview
DCS-936L
Brand: D-Link Pages: 8
OCO 2 Instruction preview
2
Brand: OCO Pages: 11
Ultrative A1 Quick User Manual preview
A1
Brand: Ultrative Pages: 9
FED 5 Owner'S Manual preview
5
Brand: FED Pages: 5
LARSON EXPCMR-ALG-OZ-IC-1080PLE1-1227-250C-QD-15C-12.4 Quick Installation And User Manual preview
EXPCMR-ALG-OZ-IC-1080PLE1-1227-250C-QD-15C-12.4
Brand: LARSON Pages: 4
Canon VB-C300 Guía De Inicio preview
VB-C300
Brand: Canon Pages: 54
Canon VB-C300 Start Manual preview
VB-C300
Brand: Canon Pages: 54
Canon Vb-C60 - Ptz Network Camera Start Manual preview
Vb-C60 - Ptz Network Camera
Brand: Canon Pages: 76
D-Link DCS-820L Quick Install Manual preview
DCS-820L
Brand: D-Link Pages: 16
D-Link DCS-2530L Technical Support Setup Procedure preview
DCS-2530L
Brand: D-Link Pages: 6
D-Link DCS-2136L Quick Install Manual preview
DCS-2136L
Brand: D-Link Pages: 8
D-Link DSH-C310 Quick Start Manual preview
DSH-C310
Brand: D-Link Pages: 2
D-Link DCS-820L Manual preview
DCS-820L
Brand: D-Link Pages: 4
D-Link DCS-8330LH User Manual preview
DCS-8330LH
Brand: D-Link Pages: 41
D-Link DCS-932L Install Manual preview
DCS-932L
Brand: D-Link Pages: 40
D-Link DCS-930L Quick Install Manual preview
DCS-930L
Brand: D-Link Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands