Canon CR-N500 Remote Camera Settings Guide - Page 115
Measures Suitable to the Users' Environment 4: Changing the Port Number
View all Canon CR-N500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 115 highlights
Measures Suitable to the Users' Environment 4: Changing the Port Number It is important to limit unspecified access to prevent unauthorized access to the camera. The port number is an entrance to the communication between the camera and the external device, and a number is set for each communication protocol. A common number is used for the port number and network devices can be connected easily. Thus, there is a risk of it being used for intrusion by unauthorized parties. In case there is a need to change the port number due to concern of security, make sure that the port numbers are not redundant with those of other communication protocols, and set it within the specified range. If the port number is changed, specify the port number in addition to the IP address in order to access the camera. Example: Changing the Port Number When connecting by the HTTPS, set "https://{Camera's IP address}:{Port Number}". When the HTTPS port number is changed to 10443 https://192.168.100.1:10443 HTTP Port Numbers/HTTPS Port Numbers HTTP/HTTPS port number is set on the camera's Settings Page (P. 56) It is also possible to change the following port numbers: • RTSP Port (P. 57) • Multicast Port (P. 57) Measures Suitable to the Users' Environment 5: Encrypting Communication In order to securely communicate between the camera and the external device, it is recommended that all communication be via HTTPS connection (encrypted communication combining SSL/TLS and HTTP). SSL (Secure Sockets Layer)/TLS (Transport Layer Security) is a technology to encrypt communication on the network and prevent hacking and tampering of communication contents by an unauthorized party. Even if the data is hacked during communication, by encrypting the communication in the proper way, the contents of the data are protected and safety can be secured. Self-Signed Certificate and Server Certificate To encrypt communication via HTTPS connection, use a self-signed certificate or a server certificate issued from a CA (Certificate Authority). Self-signed certificates are sufficient to do encryption, however, a warning screen will be displayed in the web browser, and there is a risk of impersonation. Therefore, it is advised to use it in the cases for an operation test and others. It is recommended to acquire and install a server certificate issued from CA for a full-scale system operation. Encrypting communications by HTTPS connection is set on the camera's Settings Page (P. 69). Note Even setting the HTTPS connection as mentioned above, the video delivered via RTP/RTSP cannot be encrypted. In order to securely communicate the video to deliver, it is necessary to deal with the whole system. Measures Suitable to the Users' Environment 6: Disabling Unused Functions The camera has functions to support various purposes and network environments. However, unless those functions are properly set, there is a risk of unauthorized access from outside parties. In order to use the camera safely, it is also necessary to disable the setting of unused functions. The following describes the functions that need to be addressed in the operating environment and usage situation, such as enabling only the necessary functions or disabling the functions after the setting is completed. AutoIP When [AutoIP] (P. 60) is enabled, even in environments where there is no DHCP server, IPv4 link-local addresses (169.254.xxx.xxx) are assigned to the camera. Therefore, by assigning a computer to the same network as the IPv4 address and using the Camera Search Tool, the camera can be detected and initial settings can be made. 115