IPVM Site Goes All HTTPS, Largest 3 Manufacturers Do Not [Axis, Dahua Fixed]

Author: John Honovich, Published on Jul 12, 2016

IPVM.com now serves all pages over HTTPS to improve security and privacy. However, a number of video surveillance manufacturers do not, including the largest 3. We review both of these items, including notable manufacturers lack of support in this report.

Moving to All HTTPS

HTTPS encrypts connections between a visitor and a server / site like IPVM. This reduces risk against attacks, tampering and eavesdropping when visiting a site.

HTTPS everywhere is a rising trend. Historically, HTTPS was used only for specific pages on a site, such as login / authentication and sending of specific sensitive information. Over the last few years, technology leaders have increasingly shifted to using HTTPS for all connections. In particular, Google is campaigning for "HTTPS Everywhere".

Adding EV Certificate

In addition to serving all IPVM.com pages over HTTPS, we have obtained an Extended Validation (EV) Certificate. This goes beyond simply using an HTTPS connection, adding an identity validation process (where a certificate authority manually verifies an organization) to provide further assurances to our visitors.

Now, IPVM pages show an additional Green bar on Chrome, signifying our EV certificate, before the URL entry like so:

This is similar to the security / assurances large corporations provide, e.g., here is Bank of America:

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Benefits

While there are always cyber security risks and HTTPS is not a cure all, we expect implementing HTTPS site wide and adding an EV certificate to improve security and privacy when viewing IPVM.

For those wanting more direct benefits, Google indicates potential SEO / search traffic improvements for sites using HTTPS.

Moreover, the process of doing this was not particularly hard. Even a site with as many sections / elements as IPVM took less than 40 hours total to do the migration, solve any bugs in the transition and get the EV certificate added.

Industry Support

However, quite a number of large industry players do not.

No Default HTTPS

Of the manufacturers IPVM most frequently covers, here are those who do NOT default to HTTPS:

This includes the 3 biggest manufacturers in the world, companies one would expect to be on the forefront of things like that (Hikvision and their 5,000 engineers, Axis and their cybersecurity marketing, etc.)

UPDATE and Axis Warning

Not only does Axis not use HTTPS by default, they do not use HTTPS on their login page. This presents a risk of one's password being stolen before it is submitted via HTTPS. This is demonstrated at StealMyLogin. [Hat tip U1, who called this out in the comments]

Unfortunately and ironically, Axis requires this insecure login to access firmware to solve their critical security vulnerability (which we strongly recommend you do).

[Update Nov 2016: Axis has added HTTPS for their login page.]

[Update April 2017: Dahua has added HTTPS for their website]

Yes Default HTTPS

By contrast, here are some manufacturers that DO default to HTTPS:

Distributors

Both ADI and Anixter default to HTTPS. Surprisingly, PSA Security, who is heavily marketing cybersecurity, has not. Additionally, Tri-Ed has not either.

Associations

ASIS defaults to HTTPS and has an EV certificate but SIA, who is also heavily marketing cybersecurity, has not.

Trade Magazines

None of the 7 trade magazines we checked had defaulted to HTTPS though, in fairness, they are still focused on print.

Outlook

Larger organizations that have lots of customers should default to HTTPS. We definitely expect many more manufacturers to do so.

If you have more information or you company has moved to site-wide HTTPS, leave a comment so it is noted.

Comments (43) : PRO Members only. Login. or Join.

Related Reports on Marketing

Hikvision Source Code Transparency Center Examined on May 14, 2018
Following criticism of Hikvision's Chinese government ownership and Hikvision's IP camera backdoor, the company has responded with a series of...
March Networks Targets Cannabis Market on May 10, 2018
Will the next March Networks customer appreciation event be held a steakhouse or at a Taco Bell at 2 am? Can March sell the types of systems to the...
Integrators Divided On Website Importance to Business (Statistics) on May 04, 2018
Are websites important? Still quite a number of integrators have no websites.  New IPVM statistics show that nearly half of all integrators find a...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
Best and Worst ISC West 2018 on Apr 16, 2018
ISC West 2018 had strong attendance, modest overall new products, and a surge in Artificial Intelligence marketing. First, here are 20+...
Hikvision Hires Ex-Herbalife MLM Scheme PR Director on Apr 09, 2018
Hikvision has hired Michael Gutierrez, a 'crisis management excellence' award-winning PR director for his work at Herbalife, as Gutierrez...
Hikvision Hires Ex-Milestone Head To Lead Global PR on Apr 06, 2018
Hikvision has PR problems. From its failed attempt at hiring a crisis communication writer to their failed anti-IPVM blog series to the increasing...
VMS New Developments Spring 2018 (Avigilon, Exacqvision, Genetec, Hikvision, Milestone, Network Optix) on Apr 04, 2018
What's new with VMS software? In this report, we examine new features and releases for Spring 2018 to track different areas of potential...
Stats: Disclosing Vulnerabilities Responsibility? Researcher or Manufacturer on Mar 30, 2018
Getting prompt and appropriate information on vulnerabilities is important for integrators and end users to ensure that their systems are best...
Hanwha / Kaspersky Vulnerability Dispute Examined on Mar 29, 2018
IT media ran numerous reports in the past month featuring two prominent companies - Hanwha (previously part of mega manufacturer Samsung) Techwin...

Most Recent Industry Reports

Software Only VMS vs NVR Appliances on May 23, 2018
Should you buy your own PC/server and load VMS software on it or get a turnkey appliance (both hardware and software, e.g., NVR, Hybrid DVR) from a...
Buy Arecont: Top Bid $10 Million Cash on May 22, 2018
Last year, Arecont had a deal for a purchase price of $170 million (see Failed Arecont China Acquisition). This year, Arecont has a deal for a...
Installing Box Cameras Indoors Tutorial on May 22, 2018
This tutorial starts our physical installation for video surveillance series, starting with Box Cameras, one of the oldest and most basic types....
The Hikvision Smart Classroom Behavior Management System on May 22, 2018
Hikvision's rapidly growing offering of analytics, which we most recently examined with Hikvision's ethnic minority analytics, is now going into...
Dahua Intrusion Analytics And VMD Tested on May 21, 2018
Dahua ships basic analytics on practically all their cameras, ranging from low cost to high end. To see how these analytics work in real world...
Exacq Improving Technical Support, Responding To Integrator Complaints on May 21, 2018
Exacq had been a long-term favorite of integrators, but since their 2014 Tyco acquisition, Exacq has fallen in IPVM integrator studies (though...
Best Manufacturer Technical Support 2018 on May 21, 2018
While 5 manufacturers made the worst technical support 2018 list, only 3 stood out as providing the best technical support to 190+ integrators in...
Stealth / UCIT - Remote Video Monitoring Provider Profile on May 18, 2018
Can 2 remote video monitoring companies, Stealth Monitoring from the US and UCIT from Canada combine to impact the market and compete in a changing...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Forced Entry / Duress Access Tutorial on May 17, 2018
Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact