Tabla de contenido
Publicidad
6. Habilite HTTPS
Le sugerimos que habilite HTTPS, para que visite el servicio web a través de un canal de comunicación
seguro.
7. Enlace de dirección MAC
Le recomendamos que vincule la dirección IP y MAC de la puerta de enlace al dispositivo, reduciendo así el
riesgo de suplantación de ARP.
8. Asignar cuentas y privilegios de forma razonable
De acuerdo con los requisitos comerciales y de administración, agregue usuarios de manera razonable y
asígneles un conjunto mínimo de permisos.
9. Desactive los servicios innecesarios y elija los modos seguros
Si no es necesario, se recomienda apagar algunos servicios como SNMP, SMTP, UPnP, etc., para
reducir riesgos.
Si es necesario, se recomienda encarecidamente que utilice modos seguros, incluidos, entre otros, los
siguientes servicios:
SNMP: elija SNMP v3 y configure contraseñas de cifrado y contraseñas de autenticación
•
seguras.
SMTP: elija TLS para acceder al servidor de buzones de
•
correo. FTP: elija SFTP y configure contraseñas seguras.
•
AP hotspot: ChooseWPA2‑PSK encryption mode, and set up strong passwords.
•
10. Audio andVideo EncryptedTransmission
If your audio and video data contents are very important or sensitive, we recommend that you
use encrypted transmission function, to reduce the risk of audio and video data being stolen
during transmission.
Reminder: encrypted transmission will cause some loss in transmission efficiency.
11. Secure Auditing
Check online users: we suggest that you check online users regularly to see if the device is
•
logged in without authorization.
Check device log: By viewing the logs, you can know the IP addresses that were used to log in
•
to your devices and their key operations.
12. Network Log
Due to the limited storage capacity of the device, the stored log is limited. If you need to save the
log for a long time, it is recommended that you enable the network log function to ensure that
the critical logs are synchronized to the network log server for tracing.
13. Construct a Safe Network Environment
In order to better ensure the safety of device and reduce potential cyber risks, we recommend:
Disable the port mapping function of the router to avoid direct access to the intranet
•
devices from external network.
The network should be partitioned and isolated according to the actual network needs. If
•
there are no communication requirements between two sub networks, it is suggested to use
VLAN, network GAP and other technologies to partition the network, so as to achieve the
network isolation effect.
Establish the 802.1x access authentication system to reduce the risk of unauthorized access to
•
private networks.
Enable IP/MAC address filtering function to limit the range of hosts allowed to access the
•
device.
373
Manual de usuario
Publicidad
Tabla de contenido
