Intelligent video monitoring software utilizing the highest levels of available technology and providing best performance to suit any requirement.
DIGIFORT CYBER PROTECTED GUIDE
CPG-V.0918
Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks. Effective cyber security reduces the risk of cyber attacks, and protects organisations and individuals from the unauthorised exploitation of systems, networks and technologies.
ONE WAY ENCRYPTED
Every other password that is required by Digifort is also stored encrypted on the server so even if the configuration from the server is retrieved, the authentication keys are safe.
AUTHENTICATION KEYS
Every other password that is required by Digifort is also stored encrypted on the server so even if the configuration from the server is retrieved, the authentication keys are safe.
HERE ARE THE CYBER SECURITY FEATURES WE HAVE IN DIGIFORT
All user passwords are stored encrypted on the server.
All camera passwords are stored encrypted on the server.
The system has the option to block the user account if the password is wrong (after X tries, configurable by the admin).
Default ports can be changed (For example HTTP, HTTPS, RTSP), to obscure the open ports for a potential attacker (if the server is open on the internet).
Global IP filtering. Provides a list of the range of IPs that can access and range of IPs that can’t access the server.
The API and HTTP server supports HTTPS.
User-specific IP filtering. Provide a list of IPs from where a specified user can access. With user specific IP filtering, a given user can only access the system from a given IP address or the range of IP addresses.
Login times for users. This option allows the creation of a schedule to specify the times of when a given user can log in to the system, preventing unauthorized access at unauthorized times.
Auto expiry setup for temporary users.
Use digest authentication to cameras
Force encryption on exported video
SSL/TLS for Server to Native Clients communication (7.3)
UPDATE YOUR WEAK PASSWORD
In version 7.3 (to be released at the end of this year) we have the option to enforce strong password for users. The system can also force the user to update a previous weak password. For strong passwords the following rules apply:
Besides all security features implemented in the system, the environment also must be protected:
- Disabling of unused protocols and services (For example, disable RTSP server, disable HTTP server if they are not used)
- Use VLANs
- Prevent physical access to the servers
TIPS
NETWORK LAYER:
- Buy from reliable sources and brands
- Firewall
- Not use default IP ports
- Separate IT network from IP Surveillance network
- Use VLAN’s
- Use MAC address filters to lock down your network
- Avoid Cloud based services
- Avoid remote accessing from public WiFi
- Disable common access on switches
- Create unique subnet and IP address range for CCTV
- Use domain(s)
- Use VPN for remote users
SOFTWARE LAYER:
- Use anti-virus
- Update frequently
- Force strong password policies
- Use certificates if possible
END-POINTS
- Use strong passwords, delete default password !
- Change default ports
- Different password for every device
- Use HTTPS (SSL certificate)
- Switch off discovery services such as uPNP
- Install on physically separated network as the rest of the network
“The cyber security is also subject to the different network security policy levels using different layers of authentication and protections. Digifort works seamlessly with such secured network environment.
Digifort requiring a limited number of ports to open, it further limits the risk of random cyber attacks.