NVIP
-
2VE
-
4231/WL, NVIP
-
2H
-
4231/WL Quick start guide version 1.1
All rights reserved © AAT SYSTEMY BEZPIECZEŃSTWA Sp. z o.o.
11
START
-
UP AND INITIAL CONFIGURATION
2.7. Security recommendations for
network architecture and
configuration
WARNING!
Below are shown security recommendations for
network architecture and
configuration
of
CCTV
systems
that are connected to
the Internet
to
reduce the risk
of
unauthorized
interference with the
system
by a third party.
1.
Absolutely change the default
passwords
and
user
names
(if the device
gives
this possibility) of
all
applied
network devices (recorders,
cameras, routers,
network switches, etc.)
to
the
severely
complexity password.
Use lowercase and
uppercase letters,
numbers, and
special characters
if
there is such possibility.
2. Depending on the available functionality in the order to restrict access to the used network devices at
the administrator account level, it is recommended to configure the users accounts accordingly.
3. Do not use DMZ function (Demilitarized zone) in your router. Using that function you open the
access to recorder system from the Internet on all ports, which gives possibility for an unauthorized
interference with the system.
Instead of
DMZ
use
port forwarding
redirect only the ports which are
necessary for the performance
of
the
connection (detailed
information about ports of communication
in different
models of
recorders,
cameras,
etc.
can be found in the operating instructions).
4. Use routers with firewall function and make sure it is enabled and properly configured.
5. It is recommended to change the default network communication port numbers of used devices
if
there is such possibility.
6. If used
network devices
has
a
UPnP
feature
and
it is not
used,
turn it off.
7. If used
network devices
has
a
P2P
feature
and
it is not
used,
turn it off.
8. If used network devices support HTTPS protocol for connection, it is recommended to use it.
9. If used network devices support IP filtering for authorized connections function, it is recommended
to use it.
10. If used recorder has two network interfaces it is recommended to use both of them to physically
separate network for cameras and network for Internet connection. The only device in the system,
accessible from Internet will be recorder
-
there will be no physically access directly to any camera.