Last edited:
I've 13 Hikvision Cameras that have the latest firmware in them, but firmware pre-dates Last September's Hikvision Security issues.... I do not have remote access turned on any cameras.. and even went so far as to enter an incorrect gateway....
With all this, the cameras work perfectly, locally via LAN, with their software, or, SS via NAS.. SS access to cams Works fine, local or remote.
Hikvision says the firmware I have is current.... but will not confirm it is still secure. That's what started this!
At the UK user's site, where information if more freely given.... they confirm that firmware I have 'should be' good, as long as remote access is not configured, and confirm that no further firmware version is available....
First Make Damn Sure: Block access of all cameras in Traffic Control....
So, anything else I do would do to improve this -- would have to be done at the Firewall..
So here's what I've done (Last September) as an extra: Make Damn Sure:
1. Cameras are all Static IP's ..
2. Extra DENY Rule in firewall to block camera IP's access to internet -- just to log for hits -- Nothing ever received.... good!
3. Extra DENY Rule in firewall to block camera IP's ICMP (PINGS) from cameras to internet -- just to log for hits -- Nothing ever received.... good!
3. Access list of IP's to Alllow Access to internet in firewall does not include any IP's of cameras... Which logs Lots of (expected) Hits...
With the 2 extra rules added to the firewall (that have yet to log even 1 hit) which is ABOVE the ALLOW INTERNET ACCESS Rule... That is my "Make Damn Sure"..... for the cameras... This was done last September... I think with this I'm OK..... This is something that will be shared by others: dealing with security issues that may show up on gear that the Manufacturer has “Walked away from” !You're Comments....
End of First question....
So today was browsing and saw a conversation on blocking all Pings originating from the internet .... That Sounded interesting.... but would have thought that router would have done that automatically...
So I added a new DENY Rule: ICMP, Internet, ALL, ..., ALL, ALL, ..., DENY
and that is placed at top of firewall list... An hour later, no Hits...
Comments on this.... also....
With all this, the cameras work perfectly, locally via LAN, with their software, or, SS via NAS.. SS access to cams Works fine, local or remote.
Hikvision says the firmware I have is current.... but will not confirm it is still secure. That's what started this!
At the UK user's site, where information if more freely given.... they confirm that firmware I have 'should be' good, as long as remote access is not configured, and confirm that no further firmware version is available....
First Make Damn Sure: Block access of all cameras in Traffic Control....
So, anything else I do would do to improve this -- would have to be done at the Firewall..
So here's what I've done (Last September) as an extra: Make Damn Sure:
1. Cameras are all Static IP's ..
2. Extra DENY Rule in firewall to block camera IP's access to internet -- just to log for hits -- Nothing ever received.... good!
3. Extra DENY Rule in firewall to block camera IP's ICMP (PINGS) from cameras to internet -- just to log for hits -- Nothing ever received.... good!
3. Access list of IP's to Alllow Access to internet in firewall does not include any IP's of cameras... Which logs Lots of (expected) Hits...
With the 2 extra rules added to the firewall (that have yet to log even 1 hit) which is ABOVE the ALLOW INTERNET ACCESS Rule... That is my "Make Damn Sure"..... for the cameras... This was done last September... I think with this I'm OK..... This is something that will be shared by others: dealing with security issues that may show up on gear that the Manufacturer has “Walked away from” !You're Comments....
End of First question....
So today was browsing and saw a conversation on blocking all Pings originating from the internet .... That Sounded interesting.... but would have thought that router would have done that automatically...
So I added a new DENY Rule: ICMP, Internet, ALL, ..., ALL, ALL, ..., DENY
and that is placed at top of firewall list... An hour later, no Hits...
Comments on this.... also....