115
Measures Suitable to the Users' Environment 4: Changing the Port
Number
It is important to limit unspecified access to prevent unauthorized access to the camera. The port number is an entrance to
the communication between the camera and the external device, and a number is set for each communication protocol. A
common number is used for the port number and network devices can be connected easily. Thus, there is a risk of it being
used for intrusion by unauthorized parties.
In case there is a need to change the port number due to concern of security, make sure that the port numbers are not
redundant with those of other communication protocols, and set it within the specified range. If the port number is changed,
specify the port number in addition to the IP address in order to access the camera.
Example: Changing the Port Number
When connecting by the HTTPS, set "https://{Camera's IP address}:{Port Number}".
When the HTTPS port number is changed to 10443
https://192.168.100.1:10443
HTTP Port Numbers/HTTP
S
Port Numbers
HTTP/HTTPS port number is set on the camera's Settings Page (P. 56)
It is also possible to change the following port numbers:
• RTSP Port (P. 57)
• Multicast Port (P. 57)
Measures Suitable to the Users' Environment 5: Encrypting
Communication
In order to securely communicate between the camera and the external device, it is recommended that all communication
be via HTTPS connection (encrypted communication combining SSL/TLS and HTTP). SSL (Secure Sockets Layer)/TLS
(Transport Layer Security) is a technology to encrypt communication on the network and prevent hacking and tampering of
communication contents by an unauthorized party. Even if the data is hacked during communication, by encrypting the
communication in the proper way, the contents of the data are protected and safety can be secured.
S
elf-
S
igned Certificate and
S
erver Certificate
To encrypt communication via HTTPS connection, use a self-signed certificate or a server certificate issued from a CA
(Certificate Authority). Self-signed certificates are sufficient to do encryption, however, a warning screen will be displayed in
the web browser, and there is a risk of impersonation. Therefore, it is advised to use it in the cases for an operation test and
others.
It is recommended to acquire and install a server certificate issued from CA for a full-scale system operation.
Encrypting communications by HTTPS connection is set on the camera's Settings Page (P. 69).
Note
Even setting the HTTPS connection as mentioned above, the video delivered via RTP/RTSP cannot be encrypted. In order to securely
communicate the video to deliver, it is necessary to deal with the whole system.
Measures Suitable to the Users' Environment 6: Disabling Unused
Functions
The camera has functions to support various purposes and network environments. However, unless those functions are
properly set, there is a risk of unauthorized access from outside parties. In order to use the camera safely, it is also
necessary to disable the setting of unused functions.
The following describes the functions that need to be addressed in the operating environment and usage situation, such as
enabling only the necessary functions or disabling the functions after the setting is completed.
AutoIP
When [AutoIP] (P. 60) is enabled, even in environments where there is no DHCP server, IPv4 link-local addresses
(169.254.xxx.xxx) are assigned to the camera. Therefore, by assigning a computer to the same network as the IPv4 address
and using the Camera Search Tool, the camera can be detected and initial settings can be made.