It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.
Network Security Audit App (March Networks) Examined
Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.
March Networks has released an enhanced mobile app to audit these issues.
Can you verify your recorder is locked down against common cybersecurity exploits?
In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.
GURU *** ********
*****'* **** *** ** ******** ** ** * ******* purpose **** ****, ****** ******* ********** and *********** **** **** ***-*****. ***** can *** ************* *** *************** **** from *** ***, ****** * ******* ticket, ** *** ** ** ******* a ******* *** ** *********. *** app ***** ** ** ** *** same *** ** *** ********, ***** is ******* **** ** ******** * wifi ****** **** *** ******** ** create * ***** **** ******* *** the ***** ******* *** *** ** connect **.
* ********* ***** **** ***** ******** goes **** *** ******* *** ********* and *********:
Security ***** *************
***** ********* * ******** ***** ******** [link ** ****** *********] ** ** update ** ****, ***** ******** * basic ****** *****, ******* ** *** criteria **** **:
- ***** *** ***-******* ***** ********
- ***** *** ***-******* ****** ********** *****
- ***** **** *** **** ** ****** (SSH ** ********* ******* *********** *** provisioning *** ********)
- ***** **** **** ** ********
- ***** *** *** **** **** ** setup
*** *** ******** ****/*******/*** ****** *** checked **********, ********* ** **** ** finds. ***** *** **** ****** * PDF ****** ** ***** ***,**** ** * ****** *** ** an ***** *****.
Limitations ** ***** ***
*** **** ******** ***** **** *** perform *** ****** ***** ** *** recorder, ** ****** ****** ** *** recorder ** ****** *** *************. *** recorders **** **** *** ******* ** detect ******* **** ***** ** ****** and ******* ** ****** **** ** the ***. **** ***** **** * recorder ***** **** *** ***** ***** fully, *** ***** ** ******* **** form ** ****** ********, ** ******** sensitive **** *** ** ** ******** server. ** ******, *** ******* ** a ******** ***** ****** ** *** recommendations *** ******** *** ***** *****, it ** ********* ** **** **** a **** "****" **** *** *** does *** **** *** ****** ** guaranteed immune ** *******, *** ** **** indicate **** ** ** ** ***** not ** **** ******.
******* *** *** *** **** ** used ** * ***** *******, *********** can *** *** **** ** ************ check ** ** ********* *** ********* to ****** **** ** ******* ******** settings **** **** ******* ** ****** security *****.
Good ***** ****
**** **** *** *********** ***** *****, this ** ***** * **** **** on *****'* **** ** **** *********** better ******, *** ******, ***** *********. We ***** *** *** *** ******** to ******* **** ******, **** ** a ******** ********* ***** ** ****** that ** ***** ******** *** **** installed ** *** ********, *** ***** has ********* ** ** **** **** will *********** **** ******** **** ****** releases *** ************.
What ***** ***** ************* **?
**** ******** ************ *** ******** ** video ************. **** ********* ************ ***** this **** ***** *******:
- **** ****-**** ** ******** ****** ***** are ****** *** ***** *** ***** open ***** **** *** ** **** unintentionally
- ******-***** ********** ** ***** **** ****** ports *** ****** *** **** ******* simple ********* *****
- ******** (*** ********** *******) ********** ******** that **** *** **** **** ** 30/60/90 ****
*** **** *********** ** *** ******** below *** ***** **** *** ************.
...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration
So this is for March equipment only? Too bad.
If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?