Security Analysis of Dahua/EmpireTech NVR Web Plugin

[Mike A.]

Yeah, it's disappointing that they did that. Even if you can work around it, it's just very poor practice. Can't imagine why they'd need to install and have a service running like that.

The Omada stuff is pretty good overall but unfortunately it isn't very strong as far as that kind of thing goes. They did add some packet capture tools and IDS recently but it's very limited. No good interface to monitor things.

 

[H. Swanson]

Yeah, it's disappointing that they did that. Even if you can work around it, it's just very poor practice. Can't imagine why they'd need to install and have a service running like that.

The Omada stuff is pretty good overall but unfortunately it isn't very strong as far as that kind of thing goes. They did add some packet capture tools and IDS recently but it's very limited. No good interface to monitor things.

I’m actually using ESET host firewall to do it all. It blocks and allows down to the application level and alerts whatever you want. It’s slick. Windows Defender firewall will do similar I believe but doesn’t have the monitoring detail that ESET does.

Agreed the plugin is irritating.

 

[Mike A.]

Understand, was just commenting since you'd mentioned looking at what Omada could do. It can't do that. ; )

I was actually surprised to see that could be done at all with modern browsers (other than maybe with some non-default setup). But apparently so if the user OKs the access when it asks. Most are going to just blow past that without thinking about it.

 

[H. Swanson]

Agreed about Omada. It’s way better than consumer grade stuff but it’s not Cisco either.

Luckily host firewalls can do what I did, which I believe to be a fairly good mitigation, and everyone with Windows has a host firewall. I’m open to further suggestions.