Network Security Audit App (March Networks) Examined

By: Brian Karas, Published on Dec 01, 2016

Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.

March Networks has released an enhanced mobile app to audit these issues.

Can you verify your recorder is locked down against common cybersecurity exploits? 

In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.

GURU *** ********

*****'* **** *** ** ******** ** ** a ******* ******* **** tool, ****** ******* ********** and *********** **** **** end-users. ***** *** *** documentation *** *************** **** from *** ***, ****** a ******* ******, ** use ** ** ******* a ******* *** ** necessary. *** *** ***** to ** ** *** same *** ** *** recorder, ***** ** ******* done ** ******** * wifi ****** **** *** recorder ** ****** * local **** ******* *** the ***** ******* *** app ** ******* **.

* ********* ***** **** March ******** **** **** the ******* *** ********* and *********:

Security ***** *************

***** ********* * ******** audit ******** [**** ** longer *********] ** ** update ** ****, ***** performs * ***** ****** check, ******* ** *** criteria **** **:

  • ***** *** ***-******* ***** password
  • ***** *** ***-******* ****** connection *****
  • ***** **** *** **** is ****** (*** ** sometimes ******* *********** *** provisioning *** ********)
  • ***** **** **** ** disabled
  • ***** *** *** **** sync ** *****

*** *** ******** ****/*******/*** status *** ******* **********, depending ** **** ** finds. ***** *** **** create * *** ****** to ***** ***,**** ** * ****** PDF ** ** ***** check.

Limitations ** ***** ***

*** **** ******** ***** does *** ******* *** direct ***** ** *** recorder, ** ****** ****** on *** ******** ** report *** *************. *** recorders **** **** *** ability ** ****** ******* that ***** ** ****** and ******* ** ****** back ** *** ***. This ***** **** * recorder ***** **** *** audit ***** *****, *** still ** ******* **** form ** ****** ********, or ******** ********* **** out ** ** ******** server. ** ******, *** chances ** * ******** being ****** ** *** recommendations *** ******** *** quite *****, ** ** important ** **** **** a **** "****" **** the *** **** *** mean *** ****** ** guaranteed immune ** *******, *** it **** ******** **** it ** ** ***** not ** **** ******.

******* *** *** *** only ** **** ** a ***** *******, *********** can *** *** **** to ************ ***** ** on ********* *** ********* to ****** **** ** network ******** ******** **** been ******* ** ****** security *****.

Good ***** **** 

**** **** *** *********** noted *****, **** ** still * **** **** on *****'* **** ** help *********** ****** ******, and ******, ***** *********. We ***** *** *** app ******** ** ******* more ******, **** ** a ******** ********* ***** to ****** **** ** rogue ******** *** **** installed ** *** ********, and ***** *** ********* to ** **** **** will *********** **** ******** into ****** ******** *** improvements.

What ***** ***** ************* **?

**** ******** ************ *** uncommon ** ***** ************. Some ********* ************ ***** this **** ***** *******:

  • **** ****-**** ** ******** verify ***** *** ****** and ***** *** ***** open ***** **** *** be **** ***************
  • ******-***** ********** ** ***** that ****** ***** *** opened *** **** ******* simple ********* *****
  • ******** (*** ********** *******) configured ******** **** **** not **** **** ** 30/60/90 ****

*** **** *********** ** the ******** ***** *** audit **** *** ************.

Comments (2)

Michael Miller

12/01/16 06:16pm

It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.

Undisclosed #1

IPVMU Certified | 12/01/16 07:33pm

...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration

So this is for March equipment only? Too bad.

If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?

Login to read this IPVM report.

Related Reports

Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Surveillance Storage 101 on Mar 23, 2020
This guide teaches the fundamentals of video surveillance...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
VSaaS 101 on Mar 25, 2020
Video Surveillance as a Service (VSaaS) is the common industry term for cloud...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all...
30 Million Criminal Face Database Tested (Captis Intelligence) on Apr 27, 2020
30 million criminal mugshots are now available for facial recognition...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
U.S. Government Accountability Office Urges Facial Recognition Regulation on Aug 27, 2020
The US Government Accountability Office (GAO) is urging facial recognition...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
Keypads For Access Control Tutorial on Jul 28, 2020
Keypad readers present huge risks to even the best access systems. If...
NetApp Presents Hybrid Cloud Video Archive on May 11, 2020
NetApp presented its hybrid S3 cloud video archive at the April 2020 IPVM New...
Convergint Coronavirus Cuts on Mar 25, 2020
One of the world's largest security integrators, Convergint, has made a major...
Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Video Surveillance Business 101 on Mar 30, 2020
This report explains the fundamental elements of the video surveillance...
HID Presents Mercury Security & Aero Access Controllers on Aug 25, 2020
HID presented Mercury Security & Aero Access Controllers at the 2020 IPVM...

Recent Reports

Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Avigilon Elevated Temperature Detection Camera Tested on Sep 17, 2020
Avigilon has entered the temperature screening market with the release of...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...
X.Labs Sues FLIR on Sep 16, 2020
X.Labs, the maker of Feevr, has sued FLIR, the publicly traded thermal...
Video Surveillance 101 September Course - Last Chance on Sep 16, 2020
Today is the last chance to sign up for the Fall Video Surveillance 101...
No Blackbody Mistake, Half Million Dollar, Hikvision Fever Camera System in Georgia on Sep 16, 2020
A Georgia school district touted buying Hikvision fever screening "about...
Costar Technologies / Arecont H1 2020 Financials Examined on Sep 16, 2020
Costar's financial results have been hit by the coronavirus with the company...
Startup Cawamo Presents Live Alerts With Edge AI and Cloud VMS on Sep 15, 2020
Cawamo, an Israeli edge-to-cloud analytics and VMS startup, presented its...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Dangerous Hikvision Fever Screening Marketing In Africa on Sep 15, 2020
A multi-national African Hikvision distributor is marketing dangerously...
New Products Show Fall 2020 Announced - Register Now on Sep 14, 2020
IPVM's sixth online show will feature New Products from over 25...
Hanwha 8K / 33MP Camera Tested on Sep 14, 2020
Hanwha Techwin has released an 8K / 33MP resolution camera, the TNB-9000 with...
Gait Recognition Examined on Sep 14, 2020
Facial recognition faces increasing ethical and political criticisms while...