01304 827609 info@use-ip.co.uk Find us

Tips for hardening Hikvision devices against cyber attacks - my tuppence on Passwords

Phil

Phil

Administrator
Staff member
Messages
5,156
Points
113
Hikvision have recently posted the below new article with five tips to help you harden your Hikvision devices against cyber attack:

Five tips for hardening your security devices and networks


I just want to add my thoughts to their point number 1 - Passwords.

a) The UK NCSC do NOT encourage routinely changing passwords:
The problems with forcing regular password expiry

It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis.
Click to expand...


b) Use a password tool to generate (and remember for you) long, strong and unique passwords for every site, device, service that you access - we at use-IP have long used LastPass:
#1 Password Manager & Vault App with Single-Sign On & MFA Solutions | LastPass

Hackers are taking advantage and exploiting human vulnerabilities more than ever. The types of attacks have shifted given the large number of people working remotely and spending more time online. According to the 2021 Data Breach Investigations Report (DBIR), cybercriminals are increasingly targeting individuals and their devices.
Click to expand...
 

Attachments

Last edited:
Thanks for the link. However if HikVision wanted to improve security they should not force you to use the "admin" user for everything. HikVision don't allow you to lock the admin account and create an admin account under a different name. To access a device you only need the username and password and hackers already know 50% of that information!
 
Last edited by a moderator:
Good point.
I think we become inured to some longstanding details.
I'll raise it with Hik Support UK.
 
I have raised a query and drawn their attention to the Secured by Design document issued by the UK's Surveillance commissioner (attached) and the rationale on page six that default user names and passwords should be changed at deployment.

1652869544897.png
 

Attachments

You must log in or register to reply here.

Similar threads

macman
Hik-Connect Devices are disappearing from my Hik-Connect account?
Replies
5
Views
3K
macman
macman
JB1970
Monday 26-06-23 - Tonights BBC Panorama Program
Replies
3
Views
3K
Phil
Phil
Kyle
  • Locked
  • Article Article
How-to: How to set up motion detection and alerts on a Hikvision NVR
Replies
0
Views
2K
Kyle
Kyle
Kyle
  • Locked
  • Article Article
How-to: How do I reset the password of my Hikvision device?
Replies
0
Views
6K
Kyle
Kyle
Kyle
  • Locked
  • Article Article
How-to: How do I set up DDNS on my Hikvision IP device?
Replies
0
Views
11K
Kyle
Kyle
Back
Top