2 security policy, 1 password policy, Guardnvr installation manual – Quadrox QGuard Installation Manual User Manual

Page 58

Advertising
background image

GuardNVR Installation Manual

58


Version 4.4 Series

6.2

Security policy

At the start of this section, let’s repeat the basic premise of the GuardNVR security policy:

Lock down GuardNVR as much as possible, leaving as few places as possible where an attack
could occur, and secure the remaining places as much as possible.

“Locking down” the GuardNVR means that you should try to prevent malicious attacks on
GuardNVR by not giving attackers (hackers, viruses, etc) the possibility to exploit weaknesses
in the system.

GuardNVR uses the Microsoft Windows XP/Vista operating system. Like any other operating
system including Linux and other Unix variants – or any software for that matter – this
operating system is not perfect. It contains certain weaknesses that could be used to get
unauthorised access to the machine.

Generally speaking, Windows XP/Vista is a very safe operating system when administered
correctly. There are several ways outlined in this section to increase security.

Have secure passwords.

Don’t leave GuardNVR under the administrator account logged on.

Keep the system up to date.

Secure the network access.

Make sure that any other access doesn’t cause problems.

Contrary to popular believe, most attacks on computer systems are not brute-force attacks by
extremely skilled people on a weak operating system. Instead, most attacks exploit
vulnerabilities that were created “from the inside”. This implies that you have control over the
situation and can prevent attacks by rigorously securing the machine and being careful when
handling it. In the next paragraphs, you can find out how to do this.

6.2.1

Password policy

The very first thing that you should do after installing GuardNVR, is to

change the Administrator password!

To avoid passwords leaking out of the organization or being retrieved otherwise, follow these
guidelines:

Publish passwords to as few people as possible. The fewer people knowing the
password, the less chance of it ending up with the wrong person.

Don’t keep passwords in written form in places that might be accessible by malicious
people. This includes paper documents that might get lost, websites, mail and IM
messages.

Advertising
Popular Brands
Popular manuals