IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
October 11, 2019
Sign up to free email newsletters
Nothing found. Please check your show/episode id.
Download
State of Physical Access Trend Report 2024
cybersecurity
Hikvision launches first ‘Secure by Default’ product ranges
Hikvision UK & Ireland has unveiled the first Hikvision product ranges to be self-certified under a pioneering initiative that encourages manufacturers to make network cameras cyber-secure ‘out of the box’.
Hikvision was instrumental in Secure by Default’s development, along with Axis Communications, Bosch, Hanhwa Techwin and Milestone Systems.
In an interview with IFSEC Global shortly before the scheme was launched, Tony Porter said: “We think it may be a global first for this kind of guidance and approach. We believe that there is a greater burden on manufacturers to support the security of end users.
“It’s simple to follow, and manufacturers will be held to account both by the public and internally. So I think it’s a good thing, and provides an opportunity for greater security [and reassurance] that their kit [is resilient against] being hacked.”
Products must meet 25 criteria, set by Tony Porter’s office, to qualify for certification – including:
Default passwords – to be changed on initial power-up, have strength indicator, do not allow insecure passwords
Hardcoded passwords – no hard-coded usernames and passwords
Protocols and ports – only necessary protocols enabled, enabled ports documented, strategy to fix any identified vulnerabilities in place, appropriate notification scheme for fixes
Encryption – appropriate encryption considered, HTTPS in use, TLS for communications, baseline encryption for data stored at rest
ONVIF protocol – ONVIF disabled at bootup, video streaming disabled until new username and password created
Remote access – remote access disabled by default, user consent required for vendor-controlled network services, no access to other connected network services, workstations and servers locked down
Software patching and firmware upgrades – community resource in place for patches/upgrades, critical updates proactively notified, advisory service for user subscription
Penetration/fuzz testing – security testing process in place, vulnerable components and devices subject to development before live use
IEEE 802.1x – Products are IEEE 802.1x capable
The first Hikvision products to be certified under the Secure by Default requirements include:
Anti-corrosion camera series 5.6.0 firmware or above
ATEX camera series 5.5.84 firmware or above
DeepInView 7 camera series 5.6.0 firmware or above
Fisheye camera series 5.5.73 firmware or above
Pro camera series0+, 3.0 and 4.0 ranges v.5.6.0 firmware or above
Pan, tilt and zoom camera series 5.6.0 firmware or above
Thermal camera series 5.5.18 firmware or above
Ultra camera 5 series 6.0 firmware or above
“Installers and integrators should, where possible, offer products that are certified to the Secure by Default requirement,” said Gary Harmer, UK & Ireland sales director for Hikvision. “This offers them, and their customers, an assurance that those products are provided to them in the most hardened, cyber-security-optimal form possible, with default settings which provide minimal vulnerabilities on first use.”
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
Hikvision launches first ‘Secure by Default’ product rangesLaunched by Surveillance Camera Commissioner Tony Porter at IFSEC 2019, Secure by Default is a set of minimum requirements for making network video security products as secure as possible in their default settings.
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Exclusive: Hikvision publishes response to Surveillance Camera Commissioner Office – Categorically denies claim it asked for an NDA
Hikvision reaffirms commitment to UK market following ‘extensive engagement’ with Government
Hikvision responds to BBC Panaroma investigation on cyber security vulnerabilities