User Manual
Table Of Contents
- Read Before Use
- Overview
- Hardware Installation
- Accessing the Network Camera
- Using VIVOTEK Recording Software
- Main Page
- Client Settings
- Configuration
- System > General settings
- System > Homepage layout
- System > Logs
- System > Parameters
- System > Maintenance
- Media > Image
- Media > Video
- ■ Smart stream III
- Media > Audio
- Network > General settings
- Network > Streaming protocols
- Network > DDNS
- Network > SNMP (Simple Network Management Protocol)
- Network > FTP
- Security > User accounts
- Security > HTTPS (Hypertext Transfer Protocol over SSL/TLS)
- Security > Access List
- PTZ > PTZ settings
- Event > Event settings
- Applications > Motion detection
- Applications > DI and DO
- Applications > Tampering detection
- Applications > Audio detection
- Applications > VADP (VIVOTEK Application Development Platform)
- Recording > Recording settings
- Local storage > SD card management
- Local storage > Content management
- Appendix
VIVOTEK
112 - User's Manual
Security > Miscellaneous
The embedded TrendMicro utitlity provides the protection against Cross-Site Request
Forgery. Cross-site request forgery is also known as one-click attack or session riding and is
abbreviated as CSRF. CSRF is a type of malicious exploit of a website, in this case, the camera.
Unauthorized commands are transmitted from a user that the web application trusts, using the
mechanism of forging a trusted user's own request with a request containing his own cookies,
etc. Different ways can be used for a malicious website to transmit such commands. They can
be specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests. The malicious
attack can occur without users' interaction or even knowing it.