MARGIN
GUIDES
Stay within the yellow
box. Do not let text go
beyond, instead move
to the next column or
start a new page.
9
|
www.icrealtime.com
●
Change Default HTTP and Other Service Ports. It is
recommended to change default HTTP and other service
ports into any set of numbers between 1024~65535,
reducing the risk of outsiders being able to guess which
ports you are using.
●
Enable HTTPS. It is recommended to enable HTTPS, so
that you visit Web service through a secure
communication channel.
●
Enable Whitelist. It is recommended to enable whitelist
function to prevent everyone, except those with
specified IP addresses, from accessing the system.
Therefore, please be sure to add your computer’s IP
address and the accompanying equipment’s IP address to
the whitelist.
●
MAC Address Reservation/ Binding. It is recommended
to bind the IP and MAC address of the gateway to
the equipment, thus reducing the risk of ARP spoofing.
●
Assign Accounts and Privileges Responsibly. In
accordance to business and management requirements,
add users and assign a minimum set of permissions to
them.
●
Disable Unnecessary Services and Choose Secure Modes.
If not needed, it is recommended to turn off some services
such as SNMP, SMTP, UPnP, etc., to reduce risks. If
necessary, it is highly recommended that you use safe
modes, including but not limited to the following services:
SNMP: Choose SNMP v3, and set up strong encryption
passwords and authentication passwords. SMTP: Choose
TLS to access mailbox server. FTP: Choose SFTP, and set
up strong passwords. AP hotspot: Choose WPA2-PSK
encryption mode, and set up strong passwords
●
Audio and Video Encrypted Transmission. If your audio
and video data contents are very important or sensitive,
we recommend that you use encrypted transmission
function to reduce the risk of audio and video data being
stolen during transmission. Reminder: encrypted
transmission will cause some loss in transmission
efficiency.
●
Secure Auditing. Check online users: we suggest that
you check online users regularly to see if the device is
logged in without authorization. Check equipment log: By
viewing the logs, you can know the IP addresses that were
used to log in to your devices and their key operations.
●
Network Log. Due to the limited storage capacity of the
equipment, the stored log is limited. If you need to save the
log for a long time, it is recommended that you enable the
network log function to ensure that the critical logs are
synchronized to the network log server for tracing
●
Construct a Safe Network Environment. In order to
better ensure the safety of equipment and reduce
potential cyber risks, we recommend:
○
Disable the port mapping function of the router to
avoid direct access to the intranet devices from
external network.
○
The network should be partitioned and isolated
according to the actual network needs. If there are
no communication requirements between two
sub networks, it is suggested to use VLAN,
network GAP and other technologies to partition
the network, so as to achieve the network isolation
effect.
○
Establish the 802.1x access authentication system
to reduce the risk of unauthorized access to private
networks.
