Network Security Audit App (March Networks) Examined

By Brian Karas, Published Dec 01, 2016, 12:37pm EST

Verifying one's video surveillance devices are locked down against common cybersecurity vulnerabilities is increasing important, as hacks using video surveillance have become more prominent.

March Networks has released an enhanced mobile app to audit these issues.

Can you verify your recorder is locked down against common cybersecurity exploits? 

In this note, we examine the app, and identify what it checks, and what it overlooks, when it comes to enhancing the network security of their products.

GURU *** ********

*****'* **** *** ** ******** ** ** a ******* ******* **** tool, ****** ******* ********** and *********** **** **** end-users. ***** *** *** documentation *** *************** **** from *** ***, ****** a ******* ******, ** use ** ** ******* a ******* *** ** necessary. *** *** ***** to ** ** *** same *** ** *** recorder, ***** ** ******* done ** ******** * wifi ****** **** *** recorder ** ****** * local **** ******* *** the ***** ******* *** app ** ******* **.

* ********* ***** **** March ******** **** **** the ******* *** ********* and *********:

Security ***** *************

***** ********* * ******** audit ******** [**** ** longer *********] ** ** update ** ****, ***** performs * ***** ****** check, ******* ** *** criteria **** **:

  • ***** *** ***-******* ***** password
  • ***** *** ***-******* ****** connection *****
  • ***** **** *** **** is ****** (*** ** sometimes ******* *********** *** provisioning *** ********)
  • ***** **** **** ** disabled
  • ***** *** *** **** sync ** *****

*** *** ******** ****/*******/*** status *** ******* **********, depending ** **** ** finds. ***** *** **** create * *** ****** to ***** ***,**** ** * ****** PDF ** ** ***** check.

Limitations ** ***** ***

*** **** ******** ***** does *** ******* *** direct ***** ** *** recorder, ** ****** ****** on *** ******** ** report *** *************. *** recorders **** **** *** ability ** ****** ******* that ***** ** ****** and ******* ** ****** back ** *** ***. This ***** **** * recorder ***** **** *** audit ***** *****, *** still ** ******* **** form ** ****** ********, or ******** ********* **** out ** ** ******** server. ** ******, *** chances ** * ******** being ****** ** *** recommendations *** ******** *** quite *****, ** ** important ** **** **** a **** "****" **** the *** **** *** mean *** ****** ** guaranteed immune ** *******, *** it **** ******** **** it ** ** ***** not ** **** ******.

******* *** *** *** only ** **** ** a ***** *******, *********** can *** *** **** to ************ ***** ** on ********* *** ********* to ****** **** ** network ******** ******** **** been ******* ** ****** security *****.

Good ***** **** 

**** **** *** *********** noted *****, **** ** still * **** **** on *****'* **** ** help *********** ****** ******, and ******, ***** *********. We ***** *** *** app ******** ** ******* more ******, **** ** a ******** ********* ***** to ****** **** ** rogue ******** *** **** installed ** *** ********, and ***** *** ********* to ** **** **** will *********** **** ******** into ****** ******** *** improvements.

What ***** ***** ************* **?

**** ******** ************ *** uncommon ** ***** ************. Some ********* ************ ***** this **** ***** *******:

  • **** ****-**** ** ******** verify ***** *** ****** and ***** *** ***** open ***** **** *** be **** ***************
  • ******-***** ********** ** ***** that ****** ***** *** opened *** **** ******* simple ********* *****
  • ******** (*** ********** *******) configured ******** **** **** not **** **** ** 30/60/90 ****

*** **** *********** ** the ******** ***** *** audit **** *** ************.

Comments (2)

Michael Miller

12/01/16 06:16pm

It would be nice to have a universal tool to scan networks to see if default user/passwords are used on a customers IP camera network. Basically the Mirai virus minus the malicious part.

Agree: 3
Disagree
Informative
Unhelpful
Funny: 1

Undisclosed #1

IPVMU Certified | 12/01/16 07:33pm

...GURU security audit does not perform any direct tests on the recorder, it simply relies on the recorder to report its configuration

So this is for March equipment only? Too bad.

If its propreitery and they are going to take the recorder's word for it, why not have the nvr email you in the event that the status goes to BAD?

Agree: 3
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 6,904 reports, 921 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports