Fortinet black logo

Administration Guide

Home FortiRecorder 6.4.0 Administration Guide
6.4.0
7.2.0
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.0
6.0.0
2.7.2
2.7.1
2.7.0
2.6.0

Hardening Security

Hardening Security

FortiRecorder is designed to manage IP cameras and store video. While FortiRecorder does have some security features, its primary focus is surveillance. It always should be protected by a network firewall, and physically kept in a restricted access area.

Should you wish to protect the appliance from accidental or malicious misuse from people within your private network, this section lists tips to further enhance security.

Topology

  • To protect your surveillance system from hackers and unauthorized network access, install the FortiRecorder appliance and cameras behind a network firewall such as a FortiGate. FortiRecorder is not a firewall. FortiRecorder appliances are designed specifically to manage cameras and store video.
  • If remote cameras or people will be accessing the appliance via the Internet, through a virtual IP or port forward on your router or FortiGate, configure your router or firewall to restrict access, allowing only their IP addresses. Require firewall authentication for connections from network administrators and security guards.
  • Make sure traffic cannot bypass the FortiRecorder appliance in a complex network environment, accessing the cameras directly.
  • If remote access while traveling or at home is not necessary, do not configure “Configuring system timeout, ports, and public access”, and do not configure your Internet firewall to forward traffic to FortiRecorder. If you do require remote access, be sure to apply strict firewall policies to the connection, and harden all accounts and administrative access (see “Administrator access” and “Operator access”) as well as keeping the FortiRecorder software up-to-date (see “Patches”).
  • Disable all network interfaces that should not receive any traffic.



    For example, if administrative access is typically through port1, the Internet is connected to port2, and cameras are connected to port3, you would disable (“bring down”) port4. This would prevent an attacker with physical access from connecting a cable to port4 and thereby gaining access if the configuration inadvertently allows it.

Administrator access

  • As soon as possible during initial FortiRecorder setup, give the default administrator, admin, a password. This super-administrator account has the highest level of permissions possible, and access to it should be limited to as few people as possible.
  • Administrator passwords should be at least 8 characters long and include both numbers and letters.
  • Change all passwords regularly. Set a policy — such as every 60 days — and follow it.
  • Instead of allowing administrative access to the FortiRecorder appliance from any source, restrict it to trusted internal hosts. On those computers that you have designated for management, apply strict patch and security policies. Always password-encrypt any FortiRecorder configuration backup that you download to those computers to mitigate the information that attackers can gain from any potential compromise. If your computer’s operating system does not support this, you can use third-party software to encrypt the file.
  • Do not give administrator-level access to all people who use the system. Usually, only a network administrator should have access to the network settings. Others should have operator accounts. This prevents others from accidentally or maliciously breaking the appliance’s connections with cameras and computers. See “User management”.
  • By default, an administrator login that is idle for more than five minutes times out. You can change this to a longer period in the idle timeout settings. But Fortinet does not recommend it. Left unattended, a web UI or CLI session could allow anyone with physical access to your computer to change FortiRecorder settings. Small idle timeouts mitigate this risk.
  • Restrict administrative access to a single network interface (usually port1), and allow only the management access protocols needed.


    Use only the most secure protocols. Disable PING, except during troubleshooting. Disable HTTP, SNMP, and TELNET unless the network interface only connects to a trusted, private administrative network. See “FortiRecorder configuration”.

  • Disable all network interfaces that should not receive any traffic. (i.e. Set the Administrative status to Down.)

    For example, if administrative access is typically through port1, the Internet is connected to port2, and cameras are connected to port3, you would disable (“bring down”) port4. This would prevent an attacker with physical access from connecting a cable to port4 and thereby gaining access if the configuration inadvertently allows it.

Operator access

  • Authenticate users only over encrypted channels such as HTTPS. Authenticating over non-secure channels such as Telnet or HTTP exposes the password to any eavesdropper. For certificate-based server/FortiRecorder authentication, see “Replacing the default certificate for the web UI”.
  • Immediately revoke certificates that have been compromised. If possible, automate the distribution of certificate revocation lists (see “Revoking certificates”).
Previous
Next

Hardening Security

FortiRecorder is designed to manage IP cameras and store video. While FortiRecorder does have some security features, its primary focus is surveillance. It always should be protected by a network firewall, and physically kept in a restricted access area.

Should you wish to protect the appliance from accidental or malicious misuse from people within your private network, this section lists tips to further enhance security.

Topology

  • To protect your surveillance system from hackers and unauthorized network access, install the FortiRecorder appliance and cameras behind a network firewall such as a FortiGate. FortiRecorder is not a firewall. FortiRecorder appliances are designed specifically to manage cameras and store video.
  • If remote cameras or people will be accessing the appliance via the Internet, through a virtual IP or port forward on your router or FortiGate, configure your router or firewall to restrict access, allowing only their IP addresses. Require firewall authentication for connections from network administrators and security guards.
  • Make sure traffic cannot bypass the FortiRecorder appliance in a complex network environment, accessing the cameras directly.
  • If remote access while traveling or at home is not necessary, do not configure “Configuring system timeout, ports, and public access”, and do not configure your Internet firewall to forward traffic to FortiRecorder. If you do require remote access, be sure to apply strict firewall policies to the connection, and harden all accounts and administrative access (see “Administrator access” and “Operator access”) as well as keeping the FortiRecorder software up-to-date (see “Patches”).
  • Disable all network interfaces that should not receive any traffic.



    For example, if administrative access is typically through port1, the Internet is connected to port2, and cameras are connected to port3, you would disable (“bring down”) port4. This would prevent an attacker with physical access from connecting a cable to port4 and thereby gaining access if the configuration inadvertently allows it.

Administrator access

  • As soon as possible during initial FortiRecorder setup, give the default administrator, admin, a password. This super-administrator account has the highest level of permissions possible, and access to it should be limited to as few people as possible.
  • Administrator passwords should be at least 8 characters long and include both numbers and letters.
  • Change all passwords regularly. Set a policy — such as every 60 days — and follow it.
  • Instead of allowing administrative access to the FortiRecorder appliance from any source, restrict it to trusted internal hosts. On those computers that you have designated for management, apply strict patch and security policies. Always password-encrypt any FortiRecorder configuration backup that you download to those computers to mitigate the information that attackers can gain from any potential compromise. If your computer’s operating system does not support this, you can use third-party software to encrypt the file.
  • Do not give administrator-level access to all people who use the system. Usually, only a network administrator should have access to the network settings. Others should have operator accounts. This prevents others from accidentally or maliciously breaking the appliance’s connections with cameras and computers. See “User management”.
  • By default, an administrator login that is idle for more than five minutes times out. You can change this to a longer period in the idle timeout settings. But Fortinet does not recommend it. Left unattended, a web UI or CLI session could allow anyone with physical access to your computer to change FortiRecorder settings. Small idle timeouts mitigate this risk.
  • Restrict administrative access to a single network interface (usually port1), and allow only the management access protocols needed.


    Use only the most secure protocols. Disable PING, except during troubleshooting. Disable HTTP, SNMP, and TELNET unless the network interface only connects to a trusted, private administrative network. See “FortiRecorder configuration”.

  • Disable all network interfaces that should not receive any traffic. (i.e. Set the Administrative status to Down.)

    For example, if administrative access is typically through port1, the Internet is connected to port2, and cameras are connected to port3, you would disable (“bring down”) port4. This would prevent an attacker with physical access from connecting a cable to port4 and thereby gaining access if the configuration inadvertently allows it.

Operator access

  • Authenticate users only over encrypted channels such as HTTPS. Authenticating over non-secure channels such as Telnet or HTTP exposes the password to any eavesdropper. For certificate-based server/FortiRecorder authentication, see “Replacing the default certificate for the web UI”.
  • Immediately revoke certificates that have been compromised. If possible, automate the distribution of certificate revocation lists (see “Revoking certificates”).
Previous
Next