Adam Bannister

Editor, IFSEC Global

Author Bio ▼

Adam Bannister is editor of IFSEC Global. A former managing editor at Dynamis Online Media Group, he has been at the helm of the UK's leading fire and security publication since 2014.
October 11, 2019

Sign up to free email newsletters

Download

A Barbour guide to business continuity

cybersecurity

Hikvision launches first ‘Secure by Default’ product ranges

Hikvision UK & Ireland has unveiled the first Hikvision product ranges to be self-certified under a pioneering initiative that encourages manufacturers to make network cameras cyber-secure ‘out of the box’.

Launched by Surveillance Camera Commissioner Tony Porter at IFSEC 2019, Secure by Default is a set of minimum requirements for making network video security products as secure as possible in their default settings.

Hikvision was instrumental in Secure by Default’s development, along with Axis Communications, Bosch, Hanhwa Techwin and Milestone Systems.

In an interview with IFSEC Global shortly before the scheme was launched, Tony Porter said: “We think it may be a global first for this kind of guidance and approach. We believe that there is a greater burden on manufacturers to support the security of end users.

“It’s simple to follow, and manufacturers will be held to account both by the public and internally. So I think it’s a good thing, and provides an opportunity for greater security [and reassurance] that their kit [is resilient against] being hacked.”

Products must meet 25 criteria, set by Tony Porter’s office, to qualify for certification – including:

  • Default passwords – to be changed on initial power-up, have strength indicator, do not allow insecure passwords
  • Hardcoded passwords – no hard-coded usernames and passwords
  • Protocols and ports – only necessary protocols enabled, enabled ports documented, strategy to fix any identified vulnerabilities in place, appropriate notification scheme for fixes
  • Encryption – appropriate encryption considered, HTTPS in use, TLS for communications, baseline encryption for data stored at rest
  • ONVIF protocol – ONVIF disabled at bootup, video streaming disabled until new username and password created
  • Remote access – remote access disabled by default, user consent required for vendor-controlled network services, no access to other connected network services, workstations and servers locked down
  • Software patching and firmware upgrades – community resource in place for patches/upgrades, critical updates proactively notified, advisory service for user subscription
  • Penetration/fuzz testing – security testing process in place, vulnerable components and devices subject to development before live use
  • IEEE 802.1x – Products are IEEE 802.1x capable

The first Hikvision products to be certified under the Secure by Default requirements include:

  • Anti-corrosion camera series 5.6.0 firmware or above
  • ATEX camera series 5.5.84 firmware or above
  • DeepInView 7 camera series 5.6.0 firmware or above
  • Fisheye camera series 5.5.73 firmware or above
  • Pro camera series 0+, 3.0 and 4.0 ranges v.5.6.0 firmware or above
  • Pan, tilt and zoom camera series 5.6.0 firmware or above
  • Thermal camera series 5.5.18 firmware or above
  • Ultra camera 5 series 6.0 firmware or above

“Installers and integrators should, where possible, offer products that are certified to the Secure by Default requirement,” said Gary Harmer, UK & Ireland sales director for Hikvision. “This offers them, and their customers, an assurance that those products are provided to them in the most hardened, cyber-security-optimal form possible, with default settings which provide minimal vulnerabilities on first use.”

Why should you attend IFSEC International?

8–10 September 2020, ExCeL London

If thousands of products and solutions provided by hundreds of leading security suppliers doesn’t tempt you, why not consider:

  • The full programme of seminars and presentations from industry thought leaders?
  • The live on-stand demonstrations of the most innovative products?
  • Thousands of fellow professionals and ample spaces for networking?
  • The chance to expand your business and grow your network?
IFSECInternational_register please

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments