Securing Hikvision system for May 2018

S

showlow

Young grasshopper
May 3, 2018
32
6
Two years ago there was a major security lapse reported about Hikvision IP cameras and other products. Today I am being spec'd to work with DS-2CD2135FWD-I(3MP h.265+ dome) & DS-7608NI-I2/8P (8 PoE port NVR).

Upgrading the firmware of DS-2CD2135FWD-I to 5.5.4 (released 01/30/2018) and DS-7608NI-I2 to 4.1.11 (released 03/14/2018) would be my 1st step. Changing the default username and password would be what I would do next to curtail outside tampering.

With those two done what else can I do to lock down my system further?
 
showlow said:
Two years ago there was a major security lapse reported about Hikvision IP cameras and other products. Today I am being spec'd to work with DS-2CD2135FWD-I & DS-7608NI-I2/8P.

Upgrading the firmware of DS-2CD2135FWD-I to 5.5.4 (released 01/30/2018) and DS-7608NI-I2 to 4.1.11 (released 03/14/2018) would be my 1st step. Changing the default username and password would be what I would do next to curtail outside tampering.

With those two done what else can I do to lock down my system further?
Click to expand...
all useless...you must place the NVR on a vlan and setup vpn as the only access from outside.
 
  • Like
Reactions: munkiep
Would be nice if the default "admin" username could be removed completely and replaced with a custom admin username.
 
  • Like
Reactions: e007
fenderman said:
its really pointless because the exploits avoid the need for the username or password.
Click to expand...

OK, I thought hacks were using the admin to gain access but if not then, yea pointless.
 
fenderman said:
its really pointless because the exploits avoid the need for the username or password.
Click to expand...
It would work against bruteforce attacks.

EDIT: actually it's as useful as better password but it's still more difficult to crack because nobody expects the username would have been changed.
 
e007 said:
It would work against bruteforce attacks.

EDIT: actually it's as useful as better password but it's still more difficult to crack because nobody expects the username would have been changed.
Click to expand...
you should never have these cameras exposed to the internet, use a vpn...with a proper password it would take years of brute force to crack it...the issue is, there is no brute force needed if there is an exploit every few months...
 
Last edited:
  • Like
Reactions: e007 and 58chev
i had mine connected to the internet for about 30 minutes to upgrade the firmware on the nvr and the cameras, before knowing i could load the file to a usb stick. never connected it afterwards. waiting on my asus router to show up in the mail, should i worry about anything once i set up my VPN and reconnect the nvr, now that its already been exposed to the internet? it is a DS-7604NI-E1/4P nvr and two DS-2CD2042WD-I cameras
 
@munkiep
If you can still login to your cameras, I wouldn't worry about it. hackers would have to be scanning for cameras while there were connected. Most instances they change the password on you.

You could check in the logs of the ASUS when you have it all setup to see if your cameras are trying to get out on their own.

You could download the firmware to your computer/nvr and remote to your camera/nvr HTML and load it that way.
 
  • Like
Reactions: munkiep
You must log in or register to reply here.
Top Bottom