Cybersecurity Recommendations II
Cybersecurity Recommendations
Mandatory actions to be taken towards cybersecurity
1. Change Passwords and Use Strong Passwords:
The number one reason systems get “hacked” is due to having weak or default passwords. It is
recommended to change default passwords immediately and choose a strong password whenever
possible. A strong password should be made up of at least 8 characters and a combination of special
characters, numbers, and upper and lower case letters.
2. Update Firmware
As is standard procedure in the tech-industry, we recommend keeping NVR, DVR, and IP camera
firmware up-to-date to ensure the system is current with the latest security patches and fixes.
“Nice to have” recommendations to improve your network security
1. Change Passwords Regularly
Regularly change the credentials to your devices to help ensure that only authorized users are able to
access the system.
2. Change Default HTTP and TCP Ports:
● Change default HTTP and TCP ports for systems. These are the two ports used to communicate and
to view video feeds remotely.
● These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports
reduces the risk of outsiders being able to guess which ports you are using.
3. Enable HTTPS/SSL:
Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your devices
and recorder.
4. Enable IP Filter:
Enabling your IP filter will prevent everyone, except those with specified IP addresses, from accessing
the system.
5. Change ONVIF Password:
On older IP Camera firmware,
the ONVIF password does not change when you change the system’s
credentials. You will need to either update the camera’s firmware to the latest revision or manually
change the ONVIF password.
6. Forward Only Ports You Need:
● Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of numbers
to the device. Do not DMZ the device's IP address.
● You do not need to forward any ports for individual cameras if they are all connected to a recorder on
site; just the NVR is needed.
7. Disable Auto-Login on SmartPSS:
Those using SmartPSS to view their system and on a computer that is used by multiple people should
disable auto-login. This adds a layer of security to prevent users without the appropriate credentials from
accessing the system.
8. Use a Different Username and Password for SmartPSS: