Securing Hikvision system for May 2018

showlow

Young grasshopper
Joined
May 3, 2018
Messages
32
Reaction score
6
Two years ago there was a major security lapse reported about Hikvision IP cameras and other products. Today I am being spec'd to work with DS-2CD2135FWD-I(3MP h.265+ dome) & DS-7608NI-I2/8P (8 PoE port NVR).

Upgrading the firmware of DS-2CD2135FWD-I to 5.5.4 (released 01/30/2018) and DS-7608NI-I2 to 4.1.11 (released 03/14/2018) would be my 1st step. Changing the default username and password would be what I would do next to curtail outside tampering.

With those two done what else can I do to lock down my system further?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Two years ago there was a major security lapse reported about Hikvision IP cameras and other products. Today I am being spec'd to work with DS-2CD2135FWD-I & DS-7608NI-I2/8P.

Upgrading the firmware of DS-2CD2135FWD-I to 5.5.4 (released 01/30/2018) and DS-7608NI-I2 to 4.1.11 (released 03/14/2018) would be my 1st step. Changing the default username and password would be what I would do next to curtail outside tampering.

With those two done what else can I do to lock down my system further?
all useless...you must place the NVR on a vlan and setup vpn as the only access from outside.
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
Would be nice if the default "admin" username could be removed completely and replaced with a custom admin username.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Would be nice if the default "admin" username could be removed completely and replaced with a custom admin username.
its really pointless because the exploits avoid the need for the username or password.
 

e007

Young grasshopper
Joined
Jun 2, 2017
Messages
72
Reaction score
15
Location
Rovaniemi, Finland
its really pointless because the exploits avoid the need for the username or password.
It would work against bruteforce attacks.

EDIT: actually it's as useful as better password but it's still more difficult to crack because nobody expects the username would have been changed.
 

Mr_D

Getting comfortable
Joined
Nov 17, 2017
Messages
596
Reaction score
527
Location
Southern California
It would work against bruteforce attacks.

EDIT: actually it's as useful as better password but it's still more difficult to crack because nobody expects the username would have been changed.
Putting an extra lock on the front door doesn't help when there's an open window right next to it.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
It would work against bruteforce attacks.

EDIT: actually it's as useful as better password but it's still more difficult to crack because nobody expects the username would have been changed.
you should never have these cameras exposed to the internet, use a vpn...with a proper password it would take years of brute force to crack it...the issue is, there is no brute force needed if there is an exploit every few months...
 
Last edited:

munkiep

Young grasshopper
Joined
Apr 13, 2018
Messages
31
Reaction score
13
Location
Florida
i had mine connected to the internet for about 30 minutes to upgrade the firmware on the nvr and the cameras, before knowing i could load the file to a usb stick. never connected it afterwards. waiting on my asus router to show up in the mail, should i worry about anything once i set up my VPN and reconnect the nvr, now that its already been exposed to the internet? it is a DS-7604NI-E1/4P nvr and two DS-2CD2042WD-I cameras
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
@munkiep
If you can still login to your cameras, I wouldn't worry about it. hackers would have to be scanning for cameras while there were connected. Most instances they change the password on you.

You could check in the logs of the ASUS when you have it all setup to see if your cameras are trying to get out on their own.

You could download the firmware to your computer/nvr and remote to your camera/nvr HTML and load it that way.
 
Top