Network Security Audit App (March Networks) Examined

By Brian Karas, Published Dec 01, 2016, 12:37pm EST

Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.

March Networks has released an enhanced mobile app to audit these issues.

Can you verify your recorder is locked down against common cybersecurity exploits? 

In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.

GURU *** ********

*****'* **** *** ** ******** ** ** a ******* ******* **** tool, ****** ******* ********** and *********** **** **** end-users. ***** *** *** documentation *** *************** **** from *** ***, ****** a ******* ******, ** use ** ** ******* a ******* *** ** necessary. *** *** ***** to ** ** *** same *** ** *** recorder, ***** ** ******* done ** ******** * wifi ****** **** *** recorder ** ****** * local **** ******* *** the ***** ******* *** app ** ******* **.

* ********* ***** **** March ******** **** **** the ******* *** ********* and *********:

Security ***** *************

***** ********* * ******** audit ******** [**** ** longer *********] ** ** update ** ****, ***** performs * ***** ****** check, ******* ** *** criteria **** **:

  • ***** *** ***-******* ***** password
  • ***** *** ***-******* ****** connection *****
  • ***** **** *** **** is ****** (*** ** sometimes ******* *********** *** provisioning *** ********)
  • ***** **** **** ** disabled
  • ***** *** *** **** sync ** *****

*** *** ******** ****/*******/*** status *** ******* **********, depending ** **** ** finds. ***** *** **** create * *** ****** to ***** ***,**** ** * ****** PDF ** ** ***** check.

Limitations ** ***** ***

*** **** ******** ***** does *** ******* *** direct ***** ** *** recorder, ** ****** ****** on *** ******** ** report *** *************. *** recorders **** **** *** ability ** ****** ******* that ***** ** ****** and ******* ** ****** back ** *** ***. This ***** **** * recorder ***** **** *** audit ***** *****, *** still ** ******* **** form ** ****** ********, or ******** ********* **** out ** ** ******** server. ** ******, *** chances ** * ******** being ****** ** *** recommendations *** ******** *** quite *****, ** ** important ** **** **** a **** "****" **** the *** **** *** mean *** ****** ** guaranteed immune ** *******, *** it **** ******** **** it ** ** ***** not ** **** ******.

******* *** *** *** only ** **** ** a ***** *******, *********** can *** *** **** to ************ ***** ** on ********* *** ********* to ****** **** ** network ******** ******** **** been ******* ** ****** security *****.

Good ***** **** 

**** **** *** *********** noted *****, **** ** still * **** **** on *****'* **** ** help *********** ****** ******, and ******, ***** *********. We ***** *** *** app ******** ** ******* more ******, **** ** a ******** ********* ***** to ****** **** ** rogue ******** *** **** installed ** *** ********, and ***** *** ********* to ** **** **** will *********** **** ******** into ****** ******** *** improvements.

What ***** ***** ************* **?

**** ******** ************ *** uncommon ** ***** ************. Some ********* ************ ***** this **** ***** *******:

  • **** ****-**** ** ******** verify ***** *** ****** and ***** *** ***** open ***** **** *** be **** ***************
  • ******-***** ********** ** ***** that ****** ***** *** opened *** **** ******* simple ********* *****
  • ******** (*** ********** *******) configured ******** **** **** not **** **** ** 30/60/90 ****

*** **** *********** ** the ******** ***** *** audit **** *** ************.

Comments (2)

It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.

...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration

So this is for March equipment only? Too bad.

If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?

Read this IPVM report for free.

This article is part of IPVM's 6,653 reports, 896 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports