IP Camera Hardening and Cybersecurity Guide |
Secure Configuration and Operation
9 |
14
Data subject to change without notice | August 22
Security Systems / Video Systems
Network Layer
3.3.1
Transport Security
To ensure the privacy of passwords, settings and video data, only encrypted network protocols should be used.
HTTPS
For encrypting the communication with the camera (either web-based interface, API or video streaming), HTTPS is
supported to guarantee the proper encryption of data.
TLS 1.2 and 1.3
TLS 1.2 and 1.3 are secure protocol variants that are supported by the camera to ensure a proper encryption of the
traffic when using HTTPS.
HSTS
HTTP Strict Transport Security (HSTS) protects against man-in-the-middle attacks and protocol downgrade
attacks. For more details see chapter 1.
RTSPS
RTSPS is the encrypted variant of RTSP providing a secure means of transporting video data.
3.3.2
Least Protocol
It is recommended to activate only the protocols that are needed for operation of the camera. All other protocols should be
disabled. For a complete list of recommendations and reasonings which protocols to enable and disable, please see
chapter 1.
3.3.3
Network Authentication
802.1x can be used to authenticate the camera in the network, allowing only devices in the network that provide proper
authentication.
3.3.4
IPv4 Filter
The IPv4 filter restrict the access to the device to well-known IP addresses (hosts or networks).
