IC Realtime IPFX-D80V-IRW1 Product Manual - Page 192

Disable Unnecessary Services and Choose Secure Modes

Get IC Realtime IPFX-D80V-IRW1 PDF manuals and user guides View all IC Realtime IPFX-D80V-IRW1 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 192 highlights

5. Change Default HTTP and Other Service Ports We suggest you to change default HTTP and other service ports into any set of numbers between 1024~65535, reducing the risk of outsiders being able to guess which ports you are using. 6. Enable HTTPS We suggest you to enable HTTPS, so that you visit Web service through a secure communication channel. 7. Enable Whitelist We suggest you to enable whitelist function to prevent everyone, except those with specified IP addresses, from accessing the system. Therefore, please be sure to add your computer's IP address and the accompanying equipment's IP address to the whitelist. 8. MAC Address Binding We recommend you to bind the IP and MAC address of the gateway to the equipment, thus reducing the risk of ARP spoofing. 9. Assign Accounts and Privileges Reasonably According to business and management requirements, reasonably add users and assign a minimum set of permissions to them. 10. Disable Unnecessary Services and Choose Secure Modes If not needed, it is recommended to turn off some services such as SNMP, SMTP, UPnP, etc., to reduce risks. If necessary, it is highly recommended that you use safe modes, including but not limited to the following services:  SNMP: Choose SNMP v3, and set up strong encryption passwords and authentication passwords.  SMTP: Choose TLS to access mailbox server.  FTP: Choose SFTP, and set up strong passwords.  AP hotspot: Choose WPA2-PSK encryption mode, and set up strong passwords. 11. Audio and Video Encrypted Transmission If your audio and video data contents are very important or sensitive, we recommend that you use encrypted transmission function, to reduce the risk of audio and video data being stolen during transmission. Reminder: encrypted transmission will cause some loss in transmission efficiency. 12. Secure Auditing  Check online users: we suggest that you check online users regularly to see if the device is logged in without authorization.  Check equipment log: By viewing the logs, you can know the IP addresses that were used to log in to your devices and their key operations. 13. Network Log Due to the limited storage capacity of the equipment, the stored log is limited. If you need to save the log for a long time, it is recommended that you enable the network log function to ensure that the critical logs are synchronized to the network log server for tracing. 14. Construct a Safe Network Environment In order to better ensure the safety of equipment and reduce potential cyber risks, we recommend:  Disable the port mapping function of the router to avoid direct access to the intranet devices from external network. Cybersecurity Recommendations 184

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
Cybersecurity Recommendations
184
5.
Change Default HTTP and Other Service Ports
We suggest you to change default HTTP and other service ports into any set of numbers
between 1024~65535, reducing the risk of outsiders being able to guess which ports you
are using.
6.
Enable HTTPS
We suggest you to enable HTTPS, so that you visit Web service through a secure
communication channel.
7.
Enable Whitelist
We suggest you to enable whitelist function to prevent everyone, except those with
specified IP addresses, from accessing the system. Therefore, please be sure to add your
computer’s IP address and the accompanying equipment’s IP address to the whitelist.
8.
MAC Address Binding
We recommend you to bind the IP and MAC address of the gateway to the equipment,
thus reducing the risk of ARP spoofing.
9.
Assign Accounts and Privileges Reasonably
According to business and management requirements, reasonably add users and assign a
minimum set of permissions to them.
10.
Disable Unnecessary Services and Choose Secure Modes
If not needed, it is recommended to turn off some services such as SNMP, SMTP, UPnP,
etc., to reduce risks.
If necessary, it is highly recommended that you use safe modes, including but not limited to
the following services:
SNMP: Choose SNMP v3, and set up strong encryption passwords and authentication
passwords.
SMTP: Choose TLS to access mailbox server.
FTP: Choose SFTP, and set up strong passwords.
AP hotspot: Choose WPA2
-
PSK encryption mode, and set up strong passwords.
11.
Audio and Video Encrypted Transmission
If your audio and video data contents are very important or sensitive, we recommend that
you use encrypted transmission function, to reduce the risk of audio and video data being
stolen during transmission.
Reminder: encrypted transmission will cause some loss in transmission efficiency.
12.
Secure Auditing
Check online users: we suggest that you check online users regularly to see if the
device is logged in without authorization.
Check equipment log: By viewing the logs, you can know the IP addresses that were
used to log in to your devices and their key operations.
13.
Network Log
Due to the limited storage capacity of the equipment, the stored log is limited. If you need
to save the log for a long time, it is recommended that you enable the network log function
to ensure that the critical logs are synchronized to the network log server for tracing.
14.
Construct a Safe Network Environment
In order to better ensure the safety of equipment and reduce potential cyber risks, we
recommend:
Disable the port mapping function of the router to avoid direct access to the intranet
devices from external network.