manualshive.com logo in svg

Bosch 7100i-2MP OC, Quick Start Manual

Introducing the Bosch 7100i-2MP OC - the perfect surveillance solution for your security needs. Ensure a seamless installation process with our comprehensive Quick Start Manual, included for free with your purchase. Download the manual today from our website, manualshive.com, and get started with your Bosch 7100i-2MP OC in no time.

Share
Download
background image

 

 

IP Camera Hardening and Cybersecurity Guide | 

Secure Configuration and Operation 

3 | 

14

 

Data subject to change without notice | August 22 

Security Systems / Video Systems 

 

 

Introduction

 

Cybersecurity is an important topic for IP cameras as they are used to show and record data protection relevant data that 

can be easily misused. Additionally, the environment in which cameras are used transforms from a traditional closed 

network (CCTV: Closed Circuit TeleVision) to a connected space using IoT (Internet of Things) devices connected to cloud 

services or reachable via the Internet, requiring additional security measures. 

 

The following document can be used as a system-hardening recommendation for Bosch Video Surveillance Cameras 

describing secure settings as well as hardening recommendations for the environment and security features of the 

cameras. 

 

 

 

IP Camera Hardening

 

The following section shows and outlines desirable camera settings for better cyber and data security in an integrated 
scenario, as the camera is delivered with mostly compatibility settings to allow easy integration into existing environments.  
 
Even though, it is recommended to reach the settings as shown below (Level 2), there can be limitations of the operational 
environment that mandates the use of a certain protocol or feature which is less secure (e. g. SNMPv1). The Reasoning 
chapter describes why a certain protocol should be enabled or disabled to allow a better-informed choice. 

 

Hardening Levels 

The default configuration of devices is mostly defined by compatibility to different environments, therefore enabling some 
features that might impact security. Depending on the target environment and its intended security level, some hardening 
might be required. 
 
There are two levels of hardening defined, namely ’elevated’ and ‘strict’. Hardening level ‘strict’ features the most secure 
means of setting up a device but might be limiting the usage of the device as features like auto discovery of a device are 
disabled. For each feature it should be evaluated if ‘elevated’ settings or ‘strict’ settings can be applied. For helping with the 
decision, a description of each feature can be found in chapter 2.3. 
 
The section below gives an overview in how to achieve these levels. The table below uses the following color coding: 
 

Disabled 

Optional

 

Enabled

 

 
 

 

Summary of Contents for 7100i-2MP OC

Page 1: ...ersecurity Guide Secure Configuration and Operation 1 14 Data subject to change without notice August 22 Security Systems Video Systems IP Camera Hardening and Cybersecurity Guide Secure Configuration and Operation of IP Cameras ...

Page 2: ...eature Description and Hardening Decisions 5 Defense in Depth 8 Firmware protection 8 Authentication Access Control 8 Network Layer 9 Operational Environment 10 Physical Security 10 Network Separation 10 Network Authentication 10 Central configuration 10 SIEM System 11 PKI 11 AD FS 11 Security Maintenance Activities 12 Checking of Log files 12 Check for Updates 12 Check for Security Advisories 12 ...

Page 3: ...ings to allow easy integration into existing environments Even though it is recommended to reach the settings as shown below Level 2 there can be limitations of the operational environment that mandates the use of a certain protocol or feature which is less secure e g SNMPv1 The Reasoning chapter describes why a certain protocol should be enabled or disabled to allow a better informed choice Harde...

Page 4: ...led Discovery Enabled Enabled Disabled ONVIF discovery Enabled Enabled Disabled GBT 28181 Disabled Disabled Disabled Password reset mechanism Enabled Disabled Disabled Ping response Enabled Enabled Disabled RTSPS Enabled Enabled Enabled Network Network Access Minimum TLS version 1 0 1 2 1 2 HSTS Disabled Enabled Enabled Network Advanced 802 1x Disabled Optional Enabled Syslog Disabled TCP TLS Netw...

Page 5: ...s is the configuration protocol for Bosch IP cameras Plain RCP is unencrypted so settings are transferred unencrypted All Bosch tools now use RCP over HTTPS communication for some time but it might be needed for 3rd party integration tools or scripting tools still relying on this protocol Recommendation Disable RCP if not used by 3rd party tools or legacy systems SNMPv1 SNMP is the common network ...

Page 6: ...eeded it is recommended to disable this feature Ping Response Configures if the camera answers to ping requests in the network Can help with debugging in a high secure network this can be disabled to avoid device enumeration via ping sweep although there are several other means of device discovery that can be used by an attacker Recommendation Risk based approach can be disabled for high security ...

Page 7: ...rk subnets can be defined that are allowed to access the camera It is recommended to define the computers or networks accessing the camera here Recommendation It is recommended to use the IP filter to define allowed hosts or networks Date Time For having the correct timestamp on logs and video data is it recommended to sync the time to a central timeserver Both SNTP and TLS date can be used to ach...

Page 8: ...ware root of trust This prevents an attacker to modify bootloader or firmware on the device Authentication Access Control 3 2 1 User Authentication Bosch IP cameras support different methods of authentication Pre configured is password based authentication with three different roles that can be assigned to a user Optional certificate based authentication or ADFS integration into an active director...

Page 9: ...traffic when using HTTPS HSTS HTTP Strict Transport Security HSTS protects against man in the middle attacks and protocol downgrade attacks For more details see chapter 1 RTSPS RTSPS is the encrypted variant of RTSP providing a secure means of transporting video data 3 3 2 Least Protocol It is recommended to activate only the protocols that are needed for operation of the camera All other protocol...

Page 10: ...ation The network in which the cameras are operated should support network authentication with 802 1x to allow only valid devices and actors on the network Central configuration The cameras can not only be configured locally via web based interface but there are several possibilities to centralize management 4 4 1 Configuration Manager The Configuration Manager offers the possibility to manage one...

Page 11: ...ntication with 802 1x user authentication with certificates and other encryption functions custom certificates can be installed on the camera The most secure variant of certificate deployment is to generate a signing request on the camera and request a certificate from an internal or external CA certification authority This way the private key of the certificate never leaves the device and is secu...

Page 12: ... it is advised to send the logs of the camera to a syslog server or a SIEM system as each camera will reserve a fixed space for logging internally but will overwrite older logs if that space is filled Check for Updates The device should be always updated to the latest firmware version to include security or functional fixes To get more information about the release cycle of firmware versions as we...

Page 13: ...tificates and the respective keys that were stored in the TPM or secure element will also be deleted It is recommended to set devices to factory default also in case that they must be moved into another installation that may use other credentials or certificates Reporting Security Vulnerabilities It is an essential part of the Bosch Quality Promise that we provide product security and protect our ...

Page 14: ...cure Configuration and Operation 14 14 Data subject to change without notice August 22 Security Systems Video Systems Bosch Sicherheitssysteme GmbH Robert Bosch Ring 5 85630 Grasbrunn Germany www boschsecurity com Bosch Sicherheitssysteme GmbH 2022 ...

Reviews:

No comments

Related manuals for 7100i-2MP OC

Ziginte K900 User Manual preview
K900
Brand: Ziginte Pages: 18
U-Prox CLC Instruction Manual preview
CLC
Brand: U-Prox Pages: 29
U-Prox Keyfob B4 User Manual preview
Keyfob B4
Brand: U-Prox Pages: 3
AKO Electronica AKO-52044 Manual preview
AKO-52044
Brand: AKO Electronica Pages: 50
e-Watch CAM-301-5 Installation Manual preview
CAM-301-5
Brand: e-Watch Pages: 13
wavestore WV-12F-360M-AI Installation Manual preview
WV-12F-360M-AI
Brand: wavestore Pages: 15
V-Tec AT27SDTD7-V1 User Manual preview
AT27SDTD7-V1
Brand: V-Tec Pages: 16
Boly ScoutGuard BG330 User Manual preview
ScoutGuard BG330
Brand: Boly Pages: 17
Braun NVR 400 User Manual preview
NVR 400
Brand: Braun Pages: 44
SecurView VSCVI4MPDIR Quick Install Manual preview
VSCVI4MPDIR
Brand: SecurView Pages: 7
United Security Products AD-2000 Instructions Manual preview
AD-2000
Brand: United Security Products Pages: 16
Duevi PEPEROSSO Installation And Use Manual preview
PEPEROSSO
Brand: Duevi Pages: 19
Mini Gadgets Surveillance Detector User Manual preview
Surveillance Detector
Brand: Mini Gadgets Pages: 2
HIKVISION DS-2CD2065FWD-I User Manual preview
DS-2CD2065FWD-I
Brand: HIKVISION Pages: 6
CP Electronics MWS3A-PRM-2CH-NC Installation Manual preview
MWS3A-PRM-2CH-NC
Brand: CP Electronics Pages: 16
Velleman HAM212 User Manual preview
HAM212
Brand: Velleman Pages: 31
DBI SALA FSHRS Operator'S Manual preview
FSHRS
Brand: DBI SALA Pages: 28
FujiFilm XF10-24mmF4 R OIS Owner'S Manual preview
XF10-24mmF4 R OIS
Brand: FujiFilm Pages: 136

Brands by name

Popular brands

Load more brands