Premium Listed Companies

Riskmanager.ie - News - First Hikvision product ranges self-certified under new ‘Secure by Default’ initiative

First Hikvision product ranges self-certified under new ‘Secure by Default’ initiative

October 8, 2019

Hikvision UK & Ireland has unveiled the first of its product ranges to be self-certified under the pioneering Secure by Default initiative: a set of minimum requirements which provide a guarantee for users that network video security products are as secure as possible in their default settings out of the box.

Hikvision was a key contributor to the development of Secure by Default, alongside distributor Norbain, and four other major video surveillance software and manufacturing companies. Secure by Default was launched by UK Surveillance Camera Commissioner (SCC) Tony Porter in June this year.

In order to be certified, products submitted to the Secure by Default scheme must meet a set of 25 requirements prepared by the SCC Office. These include:

-      Default passwords – to be changed on initial power-up, have strength indicator, do not allow insecure passwords

-      Hardcoded passwords – do not use hardcoded usernames and passwords

-      Protocols and ports – only necessary protocols enabled, enabled ports documented, strategy to fix any identified vulnerabilities in place, appropriate notification scheme for fixes

-      Encryption – appropriate encryption considered, HTTPS in use, TLS for communications, baseline encryption for data stored at rest

-      ONVIF protocol – ONVIF disabled at bootup, video streaming disabled until new username and password created

-      Remote access – remote access disabled by default, user consent required for vendor-controlled network services, no access to other connected network services, workstations and servers locked down

-      Software patching and firmware upgrades – community resource in place for patches/upgrades, critical updates proactively notified, advisory service for user subscription

-      Penetration/fuzz testing – security testing process in place, vulnerable components and devices subject to development before live use

-      IEEE 802.1x – Products are IEEE 802.1x capable 

The first in the Hikvision family of products to be certified under the Secure by Default requirements are those currently on sale and up to date with the latest firmware, and include:

-      Anti-corrosion camera series v.5.6.0 firmware or above

-      ATEX camera series v.5.5.84 firmware or above

-      DeepInView 7 camera series v.5.6.0 firmware or above

-      Fisheye camera series v.5.5.73 firmware or above

-      Pro camera series 2.0+, 3.0 and 4.0 ranges v.5.6.0 firmware or above

-      Pan, tilt and zoom camera series v.5.6.0 firmware or above

-      Thermal camera series v.5.5.18 firmware or above

-      Ultra camera 5 series v5.6.0 firmware or above

Gary Harmer, UK & Ireland Sales Director for Hikvision, welcomed the Surveillance Camera Commissioner’s approval of Hikvision’s submitted products. “Installers and integrators should, where possible, offer products that are certified to the Secure by Default requirement,” Harmer said. “This offers them, and their customers, an assurance that those products are provided to them in the most hardened, cyber-security-optimal form possible, with default settings which provide minimal vulnerabilities on first use.”

Surveillance Camera Commissioner website: https://www.gov.uk/government/organisations/surveillance-camera-commissioner

Leave a Reply

Your email address will not be published. Required fields are marked *

UA-51134898-1

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.