Protect Windows XP PRO CCTV System Being Hacked?

Hi Guys,

I have been searching for advice on how to protect an old CCTV system using Windows XP Pro SP3 platform (yes, I know it is old, but my customer cannot afford to upgrade it to Windows 7) from being hacked in. Since the CCTV VMS software comes with built-in web server.

The system is publicly access on the Internet using DDNS service. I looked into Google and found some information.

I read the information given on this link above and follow the steps as much as I can. So, apart from installing anti virus and firewall software on the system, is there anyting else that I can do to make the system hack-proof? May be or at least to be as secure as possible.

Most appreciated. Thank you.

Marcus

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

** * **** ******* **** **** *** *** ** ******** the ****** ******* **** ** ******* **.

** *** **** *** ************, *** ***** ******* ******** ******* on *** ***** **** ****'* ************ ***** **** *** *** VMS ********. ****-***** ** ******* ******, *** *****'* *********** **** the ****** **** ***** ******. ********** ***** ** ** *** to **** ** ** ****-*****, *** ************* **** *** ******* one ** *** ******* ** **** *** ** *** ******** at **** *****.

** * **** ******* **** **** *** *** ** ******** the ****** ******* **** ** ******* **.

** *** **** *** ************, *** ***** ******* ******** ******* on *** ***** **** ****'* ************ ***** **** *** *** VMS ********. ****-***** ** ******* ******, *** *****'* *********** **** the ****** **** ***** ******. ********** ***** ** ** *** to **** ** ** ****-*****, *** ************* **** *** ******* one ** *** ******* ** **** *** ** *** ******** at **** *****.

****** *** *** ******, * **** ********* * ******** ******** and ******* ******** *****, ****** ***** ***** **** ** *** VMS.

*** **** **** ****** ***** / ***** ******* * ** than **? ****'* *** **** ** *******?

*** **** **** ****** ***** / ***** ******* * ** than **? ****'* *** **** ** *******?

***, *** **** ** ******* *** ***** ******* *** ** terms ** ******** **********, ** **** * *** ******* ******* to ****** *** ******* * *** ** *** **** * few ******* ******* ** ****** ******, ***** ** ****** ****** that ** *** **** ** *** ****** ******* ** ******. So ** *** ***, ** ****** ******* *** ** *******, besides, *** ** ** ****** ***** ** ** **/* ************ operation, ** ** *** ***** **** *** ***** ***** *** web ******** *** ******** ******.

** ***'** ************ * ********, ******** **********, ** ********* ***** and ***** **** **** ** *** ** ********* **** *** Print ******** **** *** ******* *******, *** ***** **** ******** the ****** ******* ** ********.***, ***'** **** ****** *** *** can ** **** ** ******* ** ***********. *** ******, ****'* a *** *** * ***** **** **** ******.

*** ******** ************* ** * ******** ** *** **'* **** and *** ******* ** *** ****** ***** **. **** ** supposed ** ** * *** ******. *** *******'* ***********. ****'** not ******** ** ** *** ******** **** *****'* **** ******** to ** **** *** ******** ** *** ************ ** **. They're *** ******** ** ** ***** ** *** *****.

*****'* ****** ********* **** *** *** **; *** ****** **** on *** ** ****** ****. ** ***'** **** **** *** said, ***** **** **** * *********, * ***** ****'* ******.

** ***'** *********** * ********, ******** **********, ** ********* ***** and ***** **** **** ** *** ** ********* **** *** Print ******** **** *** ******* *******, *** ***** **** ********* the ****** ******* ** ********.***, ***'** **** ****** *** *** can ** **** ** ******* ** ***********. *** ******, ****'* a *** *** * ***** **** **** ******.

*** ******** ************* ** * ******** ** *** **'* **** and *** ******* ** *** ****** ***** **. **** ** supposed ** ** * *** ******. *** *******'* ***********. ****'** not ******** ** ** *** ******** **** *****'* **** ******** to ** **** *** ******** ** *** ************ ** **. They're *** ******** ** ** ***** ** *** *****.

*****'* ****** ********* **** *** *** **; *** ****** **** on *** ** ****** ****. ** ***'** **** **** *** said, ***** **** **** * *********, * ***** ****'* ******.

** ****** *** *** ******, * ***** * ***** **** of ****** **** ******* ** ****** *** ******* ** **** system. ** *** ***, *** **** ****** ** *** ***** used ** *** *** ** *** *****. * ****** **** question, ******* * ** ******* ******* *** **** ** ********* extraordinary *** ******* ** ******** *** ** ******* *** ****** even *******.

**** ** **** **** *** ******* *** ******* ** **** on *** *** ** ***** ****.

***** **** ** ***'* ** ******* *** **** ******** *******.

**, ***** *** *** *** ********, ******.

********* ****** **** ***, ** ******** ****** **** ******* ** Windows *.

****** ******* ***** *'* *********, ** ***** ***'* *** *******, would ** ** *** * ****** ******* *** *** *** the ******** - **** * ***** ***** ******** **** **** provide * ***** ** ******** ******** *** **** *** **** an ** ****'* *** ******** **********. ******* **** *** ********* ports ** **, *** **** **** *** *** ****** *** closed ** *** ******'* ********.

***, **** ** ***** ******* **** ****, ********* ** ******* 7 ** ******** *** ** ****** ******: ******* ****** ******* for *** ** ******, ***** *** ** ** ****** ******* for *** *** ****.

** ****,

***, **** *** **** ******* ** ******* **** * *** implemented **** *** *. ******** ** ** ****** * ***** dlink ******. ***** *** **** *** ****** ********* *** ********, and ******* ****. ******** ** *** **** ********** ****, * configured *** ****** ** ******** ** ** ******* **** ** the ******* **** ******. **. ******* ****---******** **----****. ** ******* matter, *** **** ****** ** *** ***** *** *** **** at ***. *** ****** ** ****** * *** ******.

*****, ** ******** **** ****** *** ****** ** ***** *** DDOS ******...*** *****, *** ***** *** ** ****. **, * would **** **** **** ******** ** ********, *** ****** ********* VPN ******** *** ****** *******, ** ** ********? *** ** customer *** * *** ******* ****** *** *** **** *** private ******* ** *** ****** ** ** ****** ******* *** playback ***** ******** ********?

***, * ***** **** ********* ******* *** **** ****** **** port **********. **** ********** ** **** *** ******** ************ ***** they ** *** **** * *** ** ***'* **** **** is, ***.

*** ******* ** **** ************ *** ****** ** **** ***** own *** ** *********. ***** *** ***** ******** ********** **** dynamic ** ********* ** * ******* ********. ***** ****** ******* IP ******* ** *** * ***** ****** ***** ******* *** service ** ********* ******, *******, ** ******* ** ********, ** my *******, ****** **** ******* ****** ********* ** ******* **** system *** ** ******* ***** **** ** ***** *** *****, may ****** ****** ** *** /***** ** *** ****** ****** traffic ** **** *** *** ******* ******* ** *******. **** the ****** *** **** *** ** *******, **** *** ***** CCTV ****** ** ********** ** ***** ******. *** ******* ******* am * *****? ******

***** *** * ****** ** **** ** ********* ***. *'** found * ****** ******* **** **-*** ******** ***** **** - it ******** **** *** **** *** ****** **********, ** *** can **** *** ** **** ***, *** **** **** ************* connect ** ******* ** ****** * ****** ******* *** *** networks. **** ****, *** *** *** ****** ** ***** *** remote *******, ******* ** **** *** * **** *** ** overhead.

**** ** ********* ** **** ****** **** * ****** ** - ** ********, ***'** *****, ******* *** ** ** (***********) changing ************, ****** **** ****** ***** *** ****. **** ***** said, *** *** *******-** ******* ****** ********: **** ** ***** ISP, *** *******, *'* *********** ** * ******* ******, *** my ** ****'* ******* ** *****... ****, ***** *** **** time * ******* ** ******, ******, ***** ** * ******** DHCP *****, *** *** **** ** *** *********'* *** *******. I *** ***** * ****** ** ** ** ** ****** changing ** ******'* *** *** *******, *** *** *** **** part, ** ***** ******.

* ****** ** ** *** *********** **** **** **** *********, either, ********* ** *** **** ** *******. *** *** *********** service ****, * *** *** ** *** ** ***** $**/**. I ******* ******** ********* ** **** *** *** *** ***** providers *** *** ** *** ** ***** $**/**. ** ******, if ***'** ** * ****-******* ********* ******* ** **** ****, that'll ******** **** * *** ****, *** ** **** ***** you're ******** ****** * ****** *** *** ******* ** *** first *****.

** *** **** ********'* ****** ***** ****: ** *** **** it *** * **** ** **** ******? ** ***** ** have ****** **** **** ******** *******?