01304 827609 info@use-ip.co.uk Find us

Tips for hardening Hikvision devices against cyber attacks - my tuppence on Passwords

Phil

Phil

Administrator
Staff member
Trusted Member
Messages
5,019
Points
113
Hikvision have recently posted the below new article with five tips to help you harden your Hikvision devices against cyber attack:

Five tips for hardening your security devices and networks


I just want to add my thoughts to their point number 1 - Passwords.

a) The UK NCSC do NOT encourage routinely changing passwords:
The problems with forcing regular password expiry

It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis.
Click to expand...


b) Use a password tool to generate (and remember for you) long, strong and unique passwords for every site, device, service that you access - we at use-IP have long used LastPass:
#1 Password Manager & Vault App with Single-Sign On & MFA Solutions | LastPass

Hackers are taking advantage and exploiting human vulnerabilities more than ever. The types of attacks have shifted given the large number of people working remotely and spending more time online. According to the 2021 Data Breach Investigations Report (DBIR), cybercriminals are increasingly targeting individuals and their devices.
Click to expand...
 

Attachments

  • Five Tips For Hardening Your Security Devices And Networks (May 2022).pdf
    38.4 KB · Views: 213
Last edited:
Thanks for the link. However if HikVision wanted to improve security they should not force you to use the "admin" user for everything. HikVision don't allow you to lock the admin account and create an admin account under a different name. To access a device you only need the username and password and hackers already know 50% of that information!
 
Last edited by a moderator:
Good point.
I think we become inured to some longstanding details.
I'll raise it with Hik Support UK.
 
I have raised a query and drawn their attention to the Secured by Design document issued by the UK's Surveillance commissioner (attached) and the rationale on page six that default user names and passwords should be changed at deployment.

1652869544897.png
 

Attachments

  • Secure_by_Default_Requirements_and_Guidance_FINAL 18-5-22.pdf
    201.2 KB · Views: 264
You must log in or register to reply here.

Similar threads

macman
Hik-Connect Devices are disappearing from my Hik-Connect account?
Replies
5
Views
2K
macman
macman
Olivia
  • Locked
  • Sticky
  • Article
Vivotek Cybersecurity
Replies
0
Views
1K
Olivia
Olivia
Kyle
  • Sticky
  • Article
FAQ Can I connect two network devices to my IP CCTV system using one ethernet cable?
Replies
0
Views
2K
Kyle
Kyle
Kyle
  • Locked
  • Sticky
  • Article
How-to: How to create an App Password for your Gmail account so that your CCTV equipment can send email notifications
Replies
0
Views
6K
Kyle
Kyle
J
  • Question
What's the best way for my app to access a remote Hikvision device?
Replies
2
Views
3K
jaden park
J
Back
Top