It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.
Network Security Audit App (March Networks) Examined
Published Dec 01, 2016 17:37 PM
Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.
March Networks has released an enhanced mobile app to audit these issues.
Can you verify your recorder is locked down against common cybersecurity exploits?
In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.
GURU *** ********
*****'* **** *** ** ******** ** ** * ******* purpose **** ****, ****** ******* ********** and *********** **** **** ***-*****. ***** can *** ************* *** *************** **** from *** ***, ****** * ******* ticket, ** *** ** ** ******* a ******* *** ** *********. *** app ***** ** ** ** *** same *** ** *** ********, ***** is ******* **** ** ******** * wifi ****** **** *** ******** ** create * ***** **** ******* *** the ***** ******* *** *** ** connect **.
* ********* ***** **** ***** ******** goes **** *** ******* *** ********* and *********:
Security ***** *************
***** ********* * ******** ***** ******** [link ** ****** *********] ** ** update ** ****, ***** ******** * basic ****** *****, ******* ** *** criteria **** **:
- ***** *** ***-******* ***** ********
- ***** *** ***-******* ****** ********** *****
- ***** **** *** **** ** ****** (SSH ** ********* ******* *********** *** provisioning *** ********)
- ***** **** **** ** ********
- ***** *** *** **** **** ** setup
*** *** ******** ****/*******/*** ****** *** checked **********, ********* ** **** ** finds. ***** *** **** ****** * PDF ****** ** ***** ***,**** ** * ****** *** ** an ***** *****.
Limitations ** ***** ***
*** **** ******** ***** **** *** perform *** ****** ***** ** *** recorder, ** ****** ****** ** *** recorder ** ****** *** *************. *** recorders **** **** *** ******* ** detect ******* **** ***** ** ****** and ******* ** ****** **** ** the ***. **** ***** **** * recorder ***** **** *** ***** ***** fully, *** ***** ** ******* **** form ** ****** ********, ** ******** sensitive **** *** ** ** ******** server. ** ******, *** ******* ** a ******** ***** ****** ** *** recommendations *** ******** *** ***** *****, it ** ********* ** **** **** a **** "****" **** *** *** does *** **** *** ****** ** guaranteed immune ** *******, *** ** **** indicate **** ** ** ** ***** not ** **** ******.
******* *** *** *** **** ** used ** * ***** *******, *********** can *** *** **** ** ************ check ** ** ********* *** ********* to ****** **** ** ******* ******** settings **** **** ******* ** ****** security *****.
Good ***** ****
**** **** *** *********** ***** *****, this ** ***** * **** **** on *****'* **** ** **** *********** better ******, *** ******, ***** *********. We ***** *** *** *** ******** to ******* **** ******, **** ** a ******** ********* ***** ** ****** that ** ***** ******** *** **** installed ** *** ********, *** ***** has ********* ** ** **** **** will *********** **** ******** **** ****** releases *** ************.
What ***** ***** ************* **?
**** ******** ************ *** ******** ** video ************. **** ********* ************ ***** this **** ***** *******:
- **** ****-**** ** ******** ****** ***** are ****** *** ***** *** ***** open ***** **** *** ** **** unintentionally
- ******-***** ********** ** ***** **** ****** ports *** ****** *** **** ******* simple ********* *****
- ******** (*** ********** *******) ********** ******** that **** *** **** **** ** 30/60/90 ****
*** **** *********** ** *** ******** below *** ***** **** *** ************.
Comments (2)
MM
Michael Miller
Dec 01, 2016U
Undisclosed #1
Dec 01, 2016...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration
So this is for March equipment only? Too bad.
If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?