When it comes to any piece of electronics that access the WWW, there is inherently a security risk accompanied by it. One has to keep up with the news as well as software and firmware upgrades in order to remain somewhat secure. Somewhat is used relatively since cannot know what other issues may occur in the future. Cyber Security is not to be taken lightly. Take a look at what happened recently with Equifax, a large corporation that lost a lot of sensitive data for 143 Million People. Computers, Mobile Phones, Smart Cars, Cars with remote connections and other products have been affected in different ways by these new forms of hacking. This hacking provides access to newer technology that allows hackers to find their target faster and exploit those affected, or with more and more devices connected to the internet as “Smart Devices”. With that said, if you are going to access your recorder without an NVR or DVR hack occurring, security is one topic that you must go over before you expose yourself by opening your ports.
7 ways to Protect your Security Recorder from being Hacked
- Use a VPN (Router or Server Based VPN)
- Keep Firmware Up to Date
- Check with the Manufacturer if there is still support for your current device ( EOD = End Of Life)
- Do not use Default ports
- Do not use UPnP or DMZ firewall rules
- Do not leave Default passwords or reuse another password from another device
#1 on the list goes without saying you will not get better security than a device that is not networked and not connected to an internet connection. This is considered to be air-gapped or air walled. The cons are that you will only have local access to the unit, and no remote connections.
2# One really Secure option is the use of a Virtual Private Network or VPN. This is a connection from your mobile phone or PC into your local network with a completely encrypted connection. Do not be confused with VPN services as these will simply grant you security by allowing you to use their servers to gain access to the Internet and allow no access to your home or business network and its devices.
Many Routers have the VPN option, but these can be upwards of $300+ with some of them needing custom firmware such as DD-WRT and Tomato and the use of OpenVPN. There is also the option of building your own VPN Server and accessing that. This not only protects you and your devices but allows you to utilize your phone in any insecure internet connection, allowing your traffic to flow through your home network. Keep in mind that there is a “keep alive” protocol that will consume some data if you leave this VPN connected to a metered connection, as well as using your DVR or NVR location’s bandwidth and data limits. We will soon be providing a VPN Tool that will help you become secure and still allow you access to your recorder and devices in your network.
#3 Maintaining your hardware is more than dusting off some fans and cases and keeping its firmware up to date. This is not only necessary with your recorder, but also your mobile phone, computers, and any other devices that carry an Operating System. Keep track of all of your devices by going to the manufacturer’s page or simply requesting the information by a phone call, chat, or email address. In many cases, a Serial Number, Current Firmware, and Model Number are required to obtain the file and any software needed to push the firmware to the device. If possible, have an experienced user push this firmware to ensure that the process is done properly and free of any issues, especially since a bad firmware upgrade can lead to a “bricked” device. In many cases, you can recover from this, but in some you cannot.
Moving on to #4 on our list is the End Of Life of your device, which means it may have vulnerabilities that cause the manufacturer to drop their support. This means that there will be no more Security Updates. This is similar to Windows XP and all of those Security Holes that it has, including many of those known as Zero Day Exploits. If you find that you are in this dilemma of having a product that is outdated then an upgrade is always the next option, one that will cover all of the security needs that you require.
#5 Products that are networked often come with their own ports for whatever services they provide. In the case of a DVR or NVR they will require the port forwarding of ports if a VPN is not utilized. This serves as a means to allow you a remote connection, but unfortunately anyone that knows your IP and scans for ports will eventually find your DVR or NVR. Obscuring this port to a non-default port helps, but not entirely. This is why it’s called “Security by Obscurity”. It is a simple help over the issue, but it does not resolve it completely.
#6 UPnP, or Universal Plug and Play is a dangerous feature for routers and devices. This is because if the UPnP field of the recorder or device contains ports such as the Telnet port (23) or the SSH Port (22). Both of these ports allow access to the unit via a shell. The DMZ protocol, Demilitarized Zone option will open any and all ports to a device. This is normally for servers or firewalls that have their own security.
#7 Passwords have been a means to secure devices, accounts, profiles etc…. We all know that passwords need to be lengthy with special characters and nothing that will tie the users with the password itself. Here are some password tips:
- Avoid Dictionary Words
- Don’t use Personal Information
- Avoid Common Sequences (123)
- Use Special Characters
- Longer is Better Than Short Passwords
- Do Not Use Sentences, a Phrase, a Poem or a Song Title
- Create Different Passwords for Different Accounts and Applications
Once you cover these you will now be Secure and can enjoy the peace of mind that a DVR or VNR can provide you. Please stay tuned for our Articles and Videos for future updates.