IC Realtime NVR-MX16POE-1U4K1-WEB Product Manual - Page 9

²Á»´, I»´

Get IC Realtime NVR-MX16POE-1U4K1-WEB PDF manuals and user guides View all IC Realtime NVR-MX16POE-1U4K1-WEB manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

● Change Default HTTP and Other Service Ports. It is recommended to change default HTTP and other service ports into any set of numbers between 1024~65535, reducing the risk of outsiders being able to guess which ports you are using. ● Enable HTTPS. It is recommended to enable HTTPS, so that you visit Web service through a secure communication channel. ● Enable Whitelist. It is recommended to enable whitelist function to prevent everyone, except those with specified IP addresses, from accessing the system. Therefore, please be sure to add your computer's IP address and the accompanying equipment's IP address to the whitelist. ● MAC Address Reservation/ Binding. It is recommended to bind the IP and MAC address of the gateway to the equipment, thus reducing the risk of ARP spoofing. ● Assign Accounts and Privileges Responsibly. In accordance to business and management requirements, add users and assign a minimum set of permissions to them. ● Disable Unnecessary Services and Choose Secure Modes. If not needed, it is recommended to turn off some services such as SNMP, SMTP, UPnP, etc., to reduce risks. If necessary, it is highly recommended that you use safe modes, including but not limited to the following services: SNMP: Choose SNMP v3, and set up strong encryption passwords and authentication passwords. SMTP: Choose TLS to access mailbox server. FTP: Choose SFTP, and set up strong passwords. AP hotspot: Choose WPA2-PSK encryption mode, and set up strong passwords 9 | www.icrealtime.com ● Audio and Video Encrypted Transmission. If your audio and video data contents are very important or sensitive, we recommend that you use encrypted transmission function to reduce the risk of audio and video data being stolen during transmission. Reminder: encrypted transmission will cause some loss in transmission efficiency. ● Secure Auditing. Check online users: we suggest that you check online users regularly to see if the device is logged in without authorization. Check equipment log: By viewing the logs, you can know the IP addresses that were used to log in to your devices and their key operations. ● Network Log. Due to the limited storage capacity of the equipment, the stored log is limited. If you need to save the log for a long time, it is recommended that you enable the network log function to ensure that the critical logs are synchronized to the network log server for tracing ● Construct a Safe Network Environment. In order to better ensure the safety of equipment and reduce potential cyber risks, we recommend: ○ Disable the port mapping function of the router to avoid direct access to the intranet devices from external network. ○ The network should be partitioned and isolated according to the actual network needs. If there are no communication requirements between two sub networks, it is suggested to use VLAN, network GAP and other technologies to partition the network, so as to achieve the network isolation effect. ○ Establish the 802.1x access authentication system to reduce the risk of unauthorized access to private networks.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
#
|
www.icreöltime.com
Ƭ
!¾µš³± '±ºµu¹t Æ»»´ µš¶ Çt¾±r ²±rv·½± ´Ŭrts.
³t is
recommended to chönge deföult ¸··¶ önd other service
ports into öny set of numbers between 1024~65535,
reducing the risk of outsiders being öble to guess which
ports you öre using.
Ƭ
GšµÃ¹± Æ»»´².
³t is recommended to enöble ¸··¶±, so
thöt
you
visit
àeb
service
through
ö
secure
communicötion chönnel.
Ƭ
GšµÃ¹± Ⱦ·t±¹·st
. ³t is recommended
to
enöble
whitelist
function
to
prevent
everyone,
except
those
with
specified
³¶
öddresses,
from
öccessing
the
system.
·herefore,
pleöse
be
sure
to
ödd
your
computer’s
³¶
öddress önd the öccompönying equipment’s ³¶ öddress to
the whitelist.
Ƭ
ÁÄ! Ķ¶r±ss À±s±rvµt·Ŭš/ É·š¶·š³.
³t is recommended
to
bind
the
³¶
önd
¼²!
öddress
of
the
götewöy
to
the equipment, thus reducing the risk of ²µ¶ spoofing.
Ƭ
Äss·³š
Ľ½Ŭušts
µš¶
´r·v·¹±³±s
À±sƏŬšs·Ã¹y.
³n
öccordönce to business önd mönögement requirements,
ödd users önd össign ö minimum set of permissions to
them.
Ƭ
'·sµÃ¹± °šš±½±ssµry ²±rv·½±s µš¶ !¾ŬŬs± ²±½ur± ÁŬ¶±s
.
³f not needed, it is recommended to turn off some services
such ös ±½¼¶, ±¼·¶, ȶn¶, etc., to reduce risks. ³f
necessöry, it is highly recommended thöt you use söfe
modes, including but not limited to the following services:
²¼Á´:
!hoose ±½¼¶ v3, önd set up strong encryption
pösswords önd öuthenticötion pösswords.
²Á»´
: !hoose
·»± to öccess möilbox server.
I»´:
!hoose ±G·¶, önd set
up strong pösswords.
Ä´ ¾ŬtsƏŬt:
!hoose ඲2-¶±º
encryption mode, önd set up strong pösswords
Ƭ
Äu¶·Ŭ µš¶ Ê·¶±Ŭ Gš½ryƏt±¶ »rµšs¸·ss·Ŭš.
³f your öudio
önd video dötö contents öre very importönt or sensitive,
we
recommend
thöt
you
use
encrypted
trönsmission
function to reduce the risk of öudio önd video dötö being
stolen
during
trönsmission.
µeminder:
encrypted
trönsmission
will
cöuse
some
loss
in
trönsmission
efficiency.
Ƭ
²±½ur± Äu¶·t·š³.
!heck
online
users:
we
suggest
thöt
you check online users regulörly to see if the device is
logged in without öuthorizötion. !heck equipment log: ´y
viewing the logs, you cön know the ³¶ öddresses thöt were
used to log in to your devices önd their key operötions.
Ƭ
¼±twŬr¿ ÅŬ³.
'ue to the limited storöge cöpöcity of the
equipment, the stored log is limited. ³f you need to söve the
log for ö long time, it is recommended thöt you enöble the
network log function to ensure thöt the criticöl logs öre
synchronized to the network log server for tröcing
Ƭ
!Ŭšstru½t µ ²µº± ¼±twŬr¿ Gšv·rŬš¸±št.
³n
order
to
better
ensure
the
söfety
of
equipment
önd
reduce
potentiöl cyber risks, we recommend:
Ɣ
'isöble the port möpping function of the router to
övoid direct öccess to the intrönet devices from
externöl network.
Ɣ
·he network should be pörtitioned önd isolöted
öccording to the öctuöl network needs. ³f there öre
no
communicötion
requirements
between
two
sub
networks,
it
is suggested to use ß»²½,
network I²¶ önd other technologies to pörtition
the network, so ös to öchieve the network isolötion
effect.
Ɣ
¹stöblish the 802.1x öccess öuthenticötion system
to reduce the risk of unöuthorized öccess to privöte
networks.