Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
October 11, 2019

Sign up to free email newsletters

Download

The Intruder Alarm Report 2020

cybersecurity

Hikvision launches first ‘Secure by Default’ product ranges

Hikvision UK & Ireland has unveiled the first Hikvision product ranges to be self-certified under a pioneering initiative that encourages manufacturers to make network cameras cyber-secure ‘out of the box’.

Launched by Surveillance Camera Commissioner Tony Porter at IFSEC 2019, Secure by Default is a set of minimum requirements for making network video security products as secure as possible in their default settings.

Hikvision was instrumental in Secure by Default’s development, along with Axis Communications, Bosch, Hanhwa Techwin and Milestone Systems.

In an interview with IFSEC Global shortly before the scheme was launched, Tony Porter said: “We think it may be a global first for this kind of guidance and approach. We believe that there is a greater burden on manufacturers to support the security of end users.

“It’s simple to follow, and manufacturers will be held to account both by the public and internally. So I think it’s a good thing, and provides an opportunity for greater security [and reassurance] that their kit [is resilient against] being hacked.”

Products must meet 25 criteria, set by Tony Porter’s office, to qualify for certification – including:

  • Default passwords – to be changed on initial power-up, have strength indicator, do not allow insecure passwords
  • Hardcoded passwords – no hard-coded usernames and passwords
  • Protocols and ports – only necessary protocols enabled, enabled ports documented, strategy to fix any identified vulnerabilities in place, appropriate notification scheme for fixes
  • Encryption – appropriate encryption considered, HTTPS in use, TLS for communications, baseline encryption for data stored at rest
  • ONVIF protocol – ONVIF disabled at bootup, video streaming disabled until new username and password created
  • Remote access – remote access disabled by default, user consent required for vendor-controlled network services, no access to other connected network services, workstations and servers locked down
  • Software patching and firmware upgrades – community resource in place for patches/upgrades, critical updates proactively notified, advisory service for user subscription
  • Penetration/fuzz testing – security testing process in place, vulnerable components and devices subject to development before live use
  • IEEE 802.1x – Products are IEEE 802.1x capable

The first Hikvision products to be certified under the Secure by Default requirements include:

  • Anti-corrosion camera series 5.6.0 firmware or above
  • ATEX camera series 5.5.84 firmware or above
  • DeepInView 7 camera series 5.6.0 firmware or above
  • Fisheye camera series 5.5.73 firmware or above
  • Pro camera series 0+, 3.0 and 4.0 ranges v.5.6.0 firmware or above
  • Pan, tilt and zoom camera series 5.6.0 firmware or above
  • Thermal camera series 5.5.18 firmware or above
  • Ultra camera 5 series 6.0 firmware or above

“Installers and integrators should, where possible, offer products that are certified to the Secure by Default requirement,” said Gary Harmer, UK & Ireland sales director for Hikvision. “This offers them, and their customers, an assurance that those products are provided to them in the most hardened, cyber-security-optimal form possible, with default settings which provide minimal vulnerabilities on first use.”

The Seagate Surveillance Storage Survey Report 2018

IFSEC Global Exclusive: The State of Surveillance Storage

Download this eBook to begin navigating the fast-changing surveillance and security landscape, from the growing quantity of data to new innovations like Artificial Intelligence and machine learning.

Identify the challenges, and discover exactly what storage solutions need to offer to meet the evolving needs of security industry professionals, installers and integrators.

Related Topics

Leave a Reply

avatar
  Subscribe  
Notify of