Network Security Audit App (March Networks) Examined

By Brian Karas, Published Dec 01, 2016, 12:37pm EST (Info+)

Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.

March Networks has released an enhanced mobile app to audit these issues.

Can you verify your recorder is locked down against common cybersecurity exploits? 

In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.

GURU *** ********

*****'* **** *** ** ******** ** ** * ******* purpose **** ****, ****** ******* ********** and *********** **** **** ***-*****. ***** can *** ************* *** *************** **** from *** ***, ****** * ******* ticket, ** *** ** ** ******* a ******* *** ** *********. *** app ***** ** ** ** *** same *** ** *** ********, ***** is ******* **** ** ******** * wifi ****** **** *** ******** ** create * ***** **** ******* *** the ***** ******* *** *** ** connect **.

* ********* ***** **** ***** ******** goes **** *** ******* *** ********* and *********:

Security ***** *************

***** ********* * ******** ***** ******** [link ** ****** *********] ** ** update ** ****, ***** ******** * basic ****** *****, ******* ** *** criteria **** **:

  • ***** *** ***-******* ***** ********
  • ***** *** ***-******* ****** ********** *****
  • ***** **** *** **** ** ****** (SSH ** ********* ******* *********** *** provisioning *** ********)
  • ***** **** **** ** ********
  • ***** *** *** **** **** ** setup

*** *** ******** ****/*******/*** ****** *** checked **********, ********* ** **** ** finds. ***** *** **** ****** * PDF ****** ** ***** ***,**** ** * ****** *** ** an ***** *****.

Limitations ** ***** ***

*** **** ******** ***** **** *** perform *** ****** ***** ** *** recorder, ** ****** ****** ** *** recorder ** ****** *** *************. *** recorders **** **** *** ******* ** detect ******* **** ***** ** ****** and ******* ** ****** **** ** the ***. **** ***** **** * recorder ***** **** *** ***** ***** fully, *** ***** ** ******* **** form ** ****** ********, ** ******** sensitive **** *** ** ** ******** server. ** ******, *** ******* ** a ******** ***** ****** ** *** recommendations *** ******** *** ***** *****, it ** ********* ** **** **** a **** "****" **** *** *** does *** **** *** ****** ** guaranteed immune ** *******, *** ** **** indicate **** ** ** ** ***** not ** **** ******.

******* *** *** *** **** ** used ** * ***** *******, *********** can *** *** **** ** ************ check ** ** ********* *** ********* to ****** **** ** ******* ******** settings **** **** ******* ** ****** security *****.

Good ***** **** 

**** **** *** *********** ***** *****, this ** ***** * **** **** on *****'* **** ** **** *********** better ******, *** ******, ***** *********. We ***** *** *** *** ******** to ******* **** ******, **** ** a ******** ********* ***** ** ****** that ** ***** ******** *** **** installed ** *** ********, *** ***** has ********* ** ** **** **** will *********** **** ******** **** ****** releases *** ************.

What ***** ***** ************* **?

**** ******** ************ *** ******** ** video ************. **** ********* ************ ***** this **** ***** *******:

  • **** ****-**** ** ******** ****** ***** are ****** *** ***** *** ***** open ***** **** *** ** **** unintentionally
  • ******-***** ********** ** ***** **** ****** ports *** ****** *** **** ******* simple ********* *****
  • ******** (*** ********** *******) ********** ******** that **** *** **** **** ** 30/60/90 ****

*** **** *********** ** *** ******** below *** ***** **** *** ************.

Comments (2)

Michael Miller

12/01/16 06:16pm

It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.

Agree: 3
Disagree
Informative
Unhelpful
Funny: 1

Undisclosed #1

IPVMU Certified | 12/01/16 07:33pm

...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration

So this is for March equipment only? Too bad.

If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?

Agree: 3
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports