PDF《Bosch IP Video and Data Security》

Bosch IP Video and Data Security Guidebook en Bosch IP Video and Data Security Guidebook Table of contents | en

3 Bosch Sicherheitssysteme GmbH 2017.

03 | V 1.0 | DOC Table of contents

1 Introduction

5 2 Bosch IP video devices

6 3 Assigning IP addresses

7 3.1 Managing DHCP

9 4 User accounts and passwords

10 4.1 Applying passwords

10 4.2 Device web page

11 4.3 Configuration Manager

13 4.4 DIVAR IP

2000 / DIVAR IP

5000 13 4.5 VRM stand-alone installation

14 4.6 Bosch Video Management System

15 4.6.1 Bosch VMS / DIVAR IP

3000 / DIVAR IP 7000: device password protection

15 4.6.2 Bosch VMS / DIVAR IP

3000 / DIVAR IP 7000: default password protection

15 4.6.3 Bosch VMS configuration and VRM settings

16 4.6.4 Bosch VMS / DIVAR IP

3000 / DIVAR IP 7000: encrypted communication to cameras

17 5 Hardening device access

19 5.1 General network port usage and video transmission

19 5.1.1 HTTP, HTTPS and video port usage

20 5.1.2 Video software and port selection

20 5.1.3 Telnet Access

21 5.1.4 RTSP: Real Time Streaming Protocol

21 5.1.5 UPnP: Universal Plug and Play

22 5.1.6 Multicasting

22 5.1.7 IPv4 filtering

23 5.1.8 SNMP

24 5.2 Secure time basis

25 5.3 Cloud-based Services

26 6 Hardening Storage

28 7 Hardening Servers

29 7.1 Windows Servers

29 7.1.1 Server Hardware recommended settings

29 7.1.2 Windows Operating System recommended security settings

29 7.1.3 Windows updates

29 7.1.4 Installation of anti-virus software

29 7.1.5 Windows Operating System recommended settings

29 7.1.6 Activate User Account Control on the server

30 7.1.7 Deactivate AutoPlay

30 7.1.8 External Devices

30 7.1.9 Configuration of user rights assignment

31 7.1.10 Screen saver

32 7.1.11 Activate password policy settings

32 7.1.12 Disable non-essential Windows Services

32 7.1.13 Windows Operating System user accounts

33 7.1.14 Enable firewall on the server

34 8 Hardening Clients

35 8.1 Windows Workstations

35 8.1.1 Windows Workstation hardware recommended settings

35 8.1.2 Windows Operating System recommended security settings

35 4 en | Table of contents Bosch IP Video and Data Security Guidebook 2017.03 | V 1.0 | DOC Bosch Sicherheitssysteme GmbH 8.1.3 Windows Operating System recommended settings

35 8.1.4 Activate User Account Control on the server

35 8.1.5 Deactivate AutoPlay

36 8.1.6 External Devices

36 8.1.7 Configuration of user rights assignment

37 8.1.8 Screen saver

38 8.1.9 Activate password policy settings

38 8.1.10 Disable non-essential Windows Services

38 8.1.11 Windows Operating System user accounts

39 8.1.12 Enable firewall on the workstation

40 9 Protecting network access

41 9.1 VLAN: Virtual LAN

41 9.2 VPN: Virtual Private Network

41 9.3 Disable unused switch ports

42 9.4 802.1x protected networks

42 9.4.1 Extensible Authentication Protocol - Transport Layer Security

42 10 Creating trust with certificates

43 10.1 Secured in a safe (Trusted Platform Module)

43 10.2 TLS certificates

44 10.2.1 Device web page

44 10.2.2 Configuration Manager

44 11 Video Authentication

46 Bosch IP Video and Data Security Guidebook Introduction | en

5 Bosch Sicherheitssysteme GmbH 2017.03 | V 1.0 | DOC

1 Introduction While every organization in today'

s environment may have cyber security procedures and policies in place, standards may vary from organization to organization based on many factors such as size, region, and industry. In February 2014, The National Institute of Standards and Technology (NIST) introduced the Cyber Security Framework. This framework is based on Executive Order