Dahua web 5.0 Operation Manual page 45

We recommend that you keep it enabled to ensure account security. If an attacker tries to
log in with the wrong password multiple times, the corresponding account and source IP
address will be locked.
5.
Change HTTP and other default service ports
We suggest that you change the default HTTP and other service ports to any number
series between 1024 and 65535, reducing the risk that outsiders can guess which ports
you are using.
6.
enable HTTPS
We suggest that you enable HTTPS so that you visit the web service through a secure
communication channel.
7.
MAC address binding
We recommend that you bind the IP and MAC address of the gateway to the
computer, reducing the risk of ARP redirection.
8.
Assign accounts and privileges reasonably
Based on business and management requirements, reasonably add users and assign
them a minimum set of permissions.
9.
Disable unnecessary services and choose safe modes
If they are not needed, it is recommended to disable some services such as SNMP,
SMTP, UPnP, etc., to reduce risks.
If they are needed, it is strongly recommended that you use safe modes, including but not
limited to the following services:
●
SNMP: Select SNMP v3 and set strong encryption passwords and authentication
passwords.
●
SMTP: Select TLS to access the mailbox server.
●
FTP: Select SFTP and set strong passwords.
●
AP access point: Select WPA2-PSK encryption mode and set strong
passwords.
10.
Encrypted audio and video transmission
If your audio and video data content is very important or sensitive, we recommend that
you use the encrypted transmission feature to reduce the risk of audio and video data
theft during transmission.
Remember: encrypted transmission will cause some loss in transmission efficiency.
eleven.
secure audit
●
Check online users: We suggest you check online users periodically to see if
someone has connected to the device without authorization.
●
Check equipment log: By checking the logs, you can learn the IP addresses that have
been used to log in to your devices and their key operations.
12.
network log
Due to the limited storage capacity of the computer, the stored record is limited. If you
need to save the log for a long time, we recommend that you enable the network log
function to ensure that important logs are synchronized with the network log server for
monitoring.
13.
Create a secure network environment
To better ensure the security of your computers and reduce potential cyber
risks, we recommend:
38
Operation Manual