User’s Manual
383
We suggest you to change default HTTP and other service ports into any set of numbers
between 1024~65535, reducing the risk of outsiders being able to guess which ports you are
using.
6.
Enable HTTPS
We suggest you to enable HTTPS, so that you visit Web service through a secure communication
channel.
7.
MAC Address Binding
We recommend you to bind the IP and MAC address of the gateway to the device, thus reducing
the risk of ARP spoofing.
8.
Assign Accounts and Privileges Reasonably
According to business and management requirements, reasonably add users and assign a
minimum set of permissions to them.
9.
Disable Unnecessary Services and Choose Secure Modes
If not needed, it is recommended to turn off some services such as SNMP, SMTP, UPnP, etc., to
reduce risks.
If necessary, it is highly recommended that you use safe modes, including but not limited to the
following services:
SNMP: Choose SNMP v3, and set up strong encryption passwords and authentication
passwords.
SMTP: Choose TLS to access mailbox server.
FTP: Choose SFTP, and set up strong passwords.
AP hotspot: Choose WPA2-PSK encryption mode, and set up strong passwords.
10.
Audio and Video Encrypted Transmission
If your audio and video data contents are very important or sensitive, we recommend that you
use encrypted transmission function, to reduce the risk of audio and video data being stolen
during transmission.
Reminder: encrypted transmission will cause some loss in transmission efficiency.
11.
Secure Auditing
Check online users: we suggest that you check online users regularly to see if the device is
logged in without authorization.
Check device log: By viewing the logs, you can know the IP addresses that were used to log
in to your devices and their key operations.
12.
Network Log
Due to the limited storage capacity of the device, the stored log is limited. If you need to save
the log for a long time, it is recommended that you enable the network log function to ensure
that the critical logs are synchronized to the network log server for tracing.
13.
Construct a Safe Network Environment
In order to better ensure the safety of device and reduce potential cyber risks, we recommend:
Disable the port mapping function of the router to avoid direct access to the intranet
devices from external network.
The network should be partitioned and isolated according to the actual network needs. If
there are no communication requirements between two sub networks, we recommend
you to use VLAN, network GAP and other technologies to partition the network, so as to
achieve the network isolation effect.
Содержание DH-XVR71 H-4K-I2 Series
Страница 24: ...User s Manual 15 Fasten screws...
Страница 67: ...User s Manual 58 TCP IP Configure the settings for network parameters...
Страница 103: ...User s Manual 94 Main menu...
Страница 114: ...User s Manual 105 Analog channel Digital channel Configure the settings for the image parameters...
Страница 189: ...User s Manual 180 Details Click Register ID Register ID Click to add a face picture...
Страница 212: ...User s Manual 203 Search results Click the picture that you want to play back Playback...
Страница 235: ...User s Manual 226 Search results Select the face that you want to play back Registered information...
Страница 239: ...User s Manual 230 Details Click Register ID Register ID Click to add a face picture...
Страница 254: ...User s Manual 245 Sensor pairing In the Access Type list select USB Gateway Click Add Add USB gateway Click Pair...
Страница 314: ...User s Manual 305 Main stream Sub stream...
Страница 347: ...User s Manual 338 Update Click Update Browse Click the file that you want to upgrade Click OK...
Страница 362: ...User s Manual 353 Legal information...
Страница 370: ...User s Manual 361 Abbreviations Full term VBR Variable Bit Rate VGA Video Graphics Array WAN Wide Area Network...
Страница 388: ...User s Manual 379 Appendix Figure 7 7 Check neutral cable connection...
Страница 394: ...User s Manual...