Table of Contents
Advertisement
Best practices
Fine-tuning and best practice tips can help to run your FortiRecorder appliance securely and reliably.
While many features are optional, some practices are strongly recommended because they reduce complication, risk,
and potential issues.
Hardening security
FortiRecorder is designed to manage IP cameras and store video. While FortiRecorder does have some security
features, its primary focus is surveillance. It always should be protected by a network firewall, and physically kept in a
restricted access area.
Should you want to protect the appliance from accidental or malicious misuse from people within your private network,
this section lists tips to further enhance security.
Topology
To protect your surveillance system from hackers and unauthorized network access, install the FortiRecorder
l
appliance and cameras behind a network firewall such as a FortiGate. FortiRecorder is not a firewall. FortiRecorder
appliances are designed specifically to manage cameras and store video.
If remote cameras or people will be accessing the appliance via the Internet, through a virtual IP or port forward on
l
your router or FortiGate, configure your router or firewall to restrict access, allowing only their IP addresses.
Require firewall authentication for connections from network administrators and security guards.
Make sure traffic cannot bypass the FortiRecorder appliance in a complex network environment, accessing the
l
cameras directly.
If you do not need remote access while traveling or at home, do not configure it. If you do, however, apply strict
l
firewall policies to the connection, and harden all accounts and administrative access (see
page
138, and
Operator access on page
35). Keep the FortiRecorder software up-to-date, especially with security patches(see
page
37).
Disable all network interfaces that should not receive any traffic. (Set the
l
For example, if administrative access is typically through port1, cameras are connected to port2, and network file
storage and the Internet are connected to port3, then you would disable ("bring down") port4. This would prevent an
attacker with physical access from connecting a cable to port4 and thereby gaining access if the configuration
inadvertently allows it.
FortiRecorder 7.0.0 Administration Guide
Fortinet Inc.
This section includes only recommendations that apply to a combination of multiple features,
to the entire appliance, or to your overall network. For feature-specific recommendations, see
the tips in each feature's instructions.
138, and
Configuring the public port numbers and domain name on page
Administrative Status
Administrator access on
Updating the firmware on
Down .)
to
137
Advertisement
Table of Contents
