Hardening **********
********* **** ** ****** *************** *** increase *** ******** ** *******. ********* guides *** ******* ** ** *** growing ** ***** ************ ** ***** seek ***** ** ******* ******** ** the ******* **** ******. *** *******, here *******'* ***** ** ****** ***** *** Devices ******* ************** ********* *****.
Port ********** *****
**** ********** ***** ***** ***** ********* to *** ****** ********. ***** **** makes ** **** *** *** **** to *** ****** ****** ** ***** devices, ** **** ****** ********* / hackers ** ***** / ****** ***** devices. ** ***** *** *************** *** the ****** (*.*.,*********'* ****** ********, *** **** ***** ** ******* passwords, ***., ******** *** ************* ** exposed ***** **** ****, **** ****, etc.), **** ********** ***** ** **** to ******* ****. ******, ********* ******* this,******* ************* ***** **** *********** **** **** *********** ******* ** port **********.
**** ********** ** * ******* / easier *********** ** ***** * *** (e.g., *** **** ** *** ** *** ***** Statistics) *** **** ********** ** *** a *** ** '******' * ****** or * *******. ** ** *** thing *** * ************ ** ******* how ** *** **** ********** *** another ** ********* ** ** ** a ******** ************* ** *********.
HikConnect ***?
*************, *********'* ********* ***** *** *** mention***-*******, ***** *** / ***** *******, ***** ********** *** **** *** port ********** *** ** * ******* they *** ********* ** * *********** to ***** **** ********.
*******, ***-******* ******** ****** ********* ****** to * ****'* ******** ******* / LAN, ***** ****** *** *** *** of **** ***** *********'* ************* ***** record *** ******* ********** *********.
Cisco *** ****** ****?
********* ********* ** **** ***** ************* seriousness, ********* ****** ****** *** ******** ****** *****. *******, ***** *** ****** *** surely *** ************ **** ********** ** a '******** *************' ** '*********'.
** *** ***** ****, ** ** hard ** ***** ***** *** ****** since **** ** *** ******* **** ever **** ***** **** **** *** providing ** ********* ****** ***** ********.
Featuring ******* *******?
*******, *** ****** ** ******* ******* as *********'* ********* ******* ** ********.

******* ******* ***, ** ***** *** design, ******** ** **** *** *** users. *** ******* *******, **** *********,**** *** ***** *** ******* ******** issues.
******* ** ***, ** ********* ** Hikvision ***** *** ******* ***** ********* their ******* / ********, **** ********** Linksys ******* ** *** * **** way ** ** ****.
Comments (18)
Jon Dillabaugh
06/09/17 11:29am
I must have missed the memo where Cisco sold Linksys to Belkin? I was going to comment that most Linksys gear was now labeled Cisco, hence the Hikvision connection (a reach, I know), but even that is now bunked.
My only guess is the Linksys is sort of a de facto standard for SOHO routers, which if you need their advice for port forwarding, you likely aren't running a Sonicwall, pFsense, or anything corporate above these SMB routers.
So, I guess if you are trusting Hikvision for your network hardening, you probably wouldn't know better than to use a Linksys router anyways.
Create New Topic
Undisclosed Integrator #1
Installed my first Hikvision, I started getting random invalid login attempts at all hours of the day and night in the first week! Now half the cameras stopped working. Ugh, why did I bother.
Create New Topic
Undisclosed Distributor #3
The biggest thing in this article that jumps out at me is that they are not recommending P2P. P2P was going to be the end-all, be-all answer in the easy setup nirvana but now I guess they see the inevitable hacks and distrust for them as a reason to go away from it. Anyway, that was my take on it. And oh yeah, using an older SOHO router was just funny, like they told someone to make a hardening guide with the stuff he could find in the basement.
Create New Topic
Sean Nelson
06/09/17 05:22pm
I took a brief look at their entire hardening guide and I think if you did every single step on their it would be pretty secure. I would have added that one should change port 80 to something else and should have put more of an emphasis of only opening the ports needed for the DVR (to avoid the risk of someone DMZ'ing)
People want to see their cameras remotely. So from a practical standpoint, are you alluding that, Hikvision, the #1 manufacturer in the world, should recommend setting up a VPN to anyone installing a Hik device? Or how/what else should have they mentioned instead. Regardless of the manufacturer, I would think port forwarding is a more secure setup than any P2P setup?? Or nay?
Create New Topic
Michael Gonzalez
06/09/17 09:24pm
Trust us for all of your cyber security needs.
Create New Topic
Sean Nelson
06/09/17 10:00pm
Understand, I just think you have to blend practicality in with your instructions to your customer and I think telling the millions of Hikvision customers, whether they are advanced or not, to setup a VPN is not at all practical. I mean if you really want to truely harden your system you can include these instructions "You see that network cable that is connected to the back of your device, unplug it!"
I too am a little confused why they didn't mention P2P though. To me this would be the most practical situation. We still however do not get the full remote management features through P2P like we do with normal port forwarding. Its also "slower" than port forwarding.
Create New Topic