Cybersecurity is more than just a buzzword: it’s something that pertains to every device that is connected to the internet. IP video surveillance is not immune to cyber risks, but taking basic steps toward protecting and strengthening networks and networked appliances will make them less susceptible to attacks. Below are some tips and recommendations on how to create a more secure security system.

  1. Update Firmware. This is one of the most important steps to have a secure security system. Keep your recorder or IP camera firmware up-to-date and ensure the firmware is the latest one with the security patches and fixes applied.
  2. Change the passwords and use a strong passwords. This should go without saying, but the number one reason a system gets “hacked” is due to weak or default passwords. We recommend never using a default password and choosing a strong password whenever possible. A strong password is at least 8 characters and is made up of a combination of special characters, numbers, and upper and lower case letters.
  3.  Change passwords regularly. Regularly change the credentials to your devices to help ensure that only authorized users are able to access the system.
  4. Disable UPNP. Universal Plug-n-Play will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports, and you leave the credentials default, you may end up with unwanted visitors. If you manually forwarded the HTTP and TCP ports in your router/modem this feature should be turned off regardless. There are softwares out there that randomly scan the network and try to access using the default password.
  5. Disable P2P. P2P (sometimes called QR code) is used to remotely access a system via a serial number. The possibility of someone hacking into your system using P2P is highly unlikely because the system’s user name, password, and serial number are also required. However, if the P2P is enabled and your account is on default password, it’s possible for someone to get in.
  6. Disable SNMP. Disable SNMP if you are not using it. If you are using SNMP, you should do so temporarily, for tracing and testing purposes only.
  7. Enable HTTPS/SSL. Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your devices and recorder.
  8. Enable IP Filter. Enabling your IP filter will prevent everyone, except those with specified IP addresses, from accessing the system.
  9. Change default HTTP and TCP (Server) ports. These are the two ports used to communicate and to view video feeds remotely. These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports reduces the risk of outsiders being able to guess which ports you are using.
  10. Check the log. If you suspect that someone has gained unauthorized access to your system, you can check the system log. The system log will show you which IP addresses were used to login to your system and what was accessed.
  11. Connect IP Cameras to the POE ports on the back of an NVR. Cameras connected to the POE ports on the back of an NVR are isolated from the outside world and cannot be accessed directly. Technically these cameras are on their on network and can only be accessed going through the NVR.
  12. Physically lock down the device. Ideally, you want to prevent any unauthorized physical access to your system. The best way to achieve this is to install the recorder in a lockbox, locking server rack, or in a room that is behind a lock and key.
  13. Forward only ports you need. Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of numbers to the device. Do not DMZ the device’s IP address. You do not need to forward any ports for individual cameras if they are all connected to a recorder on site; just the NVR is needed.
  14. Isolate NVR and IP camera network. The network your NVR and IP camera resides on should not be the same network as your public computer network. This will prevent any visitors or unwanted guests from getting access to the same network the security system needs in order to function properly.