User's Manual

ManualsBrandsDahua Technology ManualsSecurity CamerasStarlight 5MP 5-in-1 Outdoor Network ePoE Dome Camera with Night Vision & Heater

Table Of Contents

Cybersecurity Recommendations VII

 Change ONVIF Password

Older IP camera firmware does not automatically change the ONVIF password when

the system credentials are changed. Update the camera’s firmware to the latest

revision or manually change the ONVIF password.

 Forward Only Ports You Need

Forward only the HTTP and TCP ports that are requited. Do not forward a wide range

of numbers to the device. Do not DMZ the device's IP address.

Do not forward any ports for individual cameras if they are all connected to a recorder

on site. Simply forward the NVR port.

 Disable Auto-Login on SmartPSS

Disable the Auto-Login feature on SmartPSS installed on a computer that is used by

multiple people. Disabling auto-login prevents users without the appropriate

credentials from accessing the system.

 Use a Different Username and Password for SmartPSS

Do not a username/password combination that you have in use for other accounts,

including social media, bank account, or email in case the account is compromised.

Use a different username and password for your security system to make it difficult for

an unauthorized user to gain access to the IP system.

 Limit Features of Guest Accounts

Ensure that each user has rights to features and functions they need to perform their

job.

 Disable Unnecessary Services and Choose Secure Modes

Turn off specific services, such as SNMP, SMTP, and UPnP, to reduce network

compromise from unused services.

It is recommended to use safe modes, including but not limited to the following

services:

SNMP: Choose SNMP v3 and set up strong encryption passwords and authentication

passwords.

SMTP: Choose TLS to access a mailbox server.

FTP: Choose SFTP and use strong passwords.

AP hotspot: Choose WPA2-PSK encryption mode and use strong passwords.

 Multicast

Multicast is used to share video streams between two recorders. Currently there are

no known issues involving Multicast. Deactivate this feature if not in use to enhance

network security.

 Check the Log

The information stored in the network log file is limited due to the equipment’s limited

storage capacity. Enable the network log function to ensure that the critical logs are

synchronized to the network log server if saving log files is required.

Check the system log if you suspect that someone has gained unauthorized access to

the system. The system log shows the IP addresses used to login to the system and

the devices accessed.

 Physically Lock Down the Device

Perform physical protection to equipment, especially storage devices. For example,

place the equipment in a special computer room and cabinet, and implement access

control permission and key management to prevent unauthorized personnel from

accessing the equipment.