114
Measures Suitable to the Users' Environment 1: User Management
"Administrator", "authorized user", and "guest user" are the three types of accounts that are able to access the camera.
The administrator account has authority over all of the camera’s settings and operations. Administrator is the only account
which is able to access the Settings Page. Therefore, in order to prevent leaks to unauthorized users, it is important to
strictly manage information on the administrator account.
The "authorized user" and "guest user" are able to access the camera from such as controllers. Understand what the
"authorized user" and "guest user" are able to do, and set the minimum necessary authorization level and users.
"Authorized Users" Means Users Who Require Authentication
To allow only specific users, except the administrator, to control the camera and distribute the video, set up an authorized
user. In the authorized user settings, register account information (user name and password) and grant privileges (allow
video distribution only, allow camera control, etc.). The same authority is given to all authorized users, therefore it is
necessary to be careful to give authority to authorized users. Regularly review and manage the authorized users, and set
the minimum necessary authorization level and users.
It is important to disable all the authorities of the guest users, which is described later, when wanting to restrict access to
only authorized users. Unless these are disabled, access from the guest users will not be restricted.
"Guest Users"
Guest user means a guest account which does not need a user name and password. By enabling authorities for the guest
users, anyone will be able to access the camera without requiring user authentication. Also, this would allow camera control
and video distribution commands without authentication. Therefore, guest users authority should be set only when security
is ensured, for example, if used within the network that prohibits the external access, etc., otherwise disable all authority of
the guest users.
When allowing access by guest users, grant only the minimum necessary privileges to them, since the same privileges are
given to all guest users, just as to all the authorized users.
User management is set on the camera's Settings Page (P. 70).
Measures Suitable to the Users' Environment 2: Host Access Restrictions
By specifying the hosts that can access the camera, the risk of unauthorized access can be reduced.
In order to restrict hosts to access the camera, allow communication with only specified hosts, and prohibit all other
communication. Oppositely, there is also the method of prohibiting communication with specified hosts and allowing
communication with all others.
Depending on the user's environment, the range of access restriction can be grouped on a network basis, or it can be set
for each host. However, if mistakenly setting the administrator's IP address to prohibit communication, access from the
administrator to the camera will be prohibited and there will be no other way than to restore to the factory default settings.
Caution is needed when setting the access restrictions.
Host access restrictions are set on the camera's Settings Page (P. 72).
Measures Suitable to the Users' Environment 3: Setting to the Digest
Authentication
When accessing the cameras via [HTTP Server] and [RTP Server], select [Digest Authentication] for the authentication
method. When [Basic Authentication] is selected, the password can be easily leaked to unauthorized parties because the
password will be sent on the network without being encrypted.
It is necessary to set the authentication method of the HTTP Server and the RTP Server respectively. Authentication method
is set on the camera's Settings Page respectively (P. 56, 57). Confirm that the application supports the Digest
Authentication.