EPS Information > News and Events

Computer Security for your DVR

(1/1)

Alex Allen:
What is happening?

As most of you have seen in your topics we monitor your DVR's firewall for malicious activity in the "Computer Security" topic. Your DVR is internet facing, meaning that it is open to the world so you can get to it from your computers and mobile devices from outside your business. Unfortunately, so can everybody else that finds it and can try to break into it.

Geovision has a feature that will only allow 20 connections to the Web portion of the DVR, this helps reduce the attack surface of the DVR and gives password bots only 20 tries before it crashes. (Believe me brute force attacks can range in the thousands!) On our end when this happens we receive an email that the application has crashed and we look into your DVR's firewall and log find offending IP and block the entire range that it belongs to. When your DVR is attacked by a compromised US system we only block the IP unless it is a smaller ISP; then we block all their IP's and send out a cease notification of attack to the Domain admin of IP.

During this attack when the Web server goes down we do not loose your cameras, Geovision has many processes to ensure its availability on the monitoring side. This only affects when you try to access your cameras from your computer and smart phone.

Am I safe from hackers?

Once a month we perform Microsoft Updates and Security Patches on your DVR's, this is another reason we use a computer based DVR; most Linux based systems are never updated. If you understand the Process of Updates then you know it must be broken before it can be fixed. Therefore, there is always the possibility that a compromise can occur. With this in mind, EPS has programmed your DVR to only accept calls from our static IP's and block everyone else on our remote applications. The web portion is the only program vulnerable, so we monitor it.

As our company grows we anticipate the attacks to increase and possibly to be targeted by professional hackers. We have already noticed cross site hacking attempts from one hacking IP to different clients. To protect your DVR's when we see an increase without a decrease we will move your DVR's web facing port to a different port; so basic scanning will not detect open port. This does not mean you are invisible but sort of hidden from drive by port scanning. If this doesn't remedy the attacks, we will have to shut down your web server temporarily and re-enable later and monitor for continued attacks.

Want to know if your Internet Passwords are safe?
If you would like to test your password go here.
https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
If your password reports back "weak" please contact us and we will change it to something stronger on EPS managed services.



What am I looking at in my post?
To help you understand what your are seeing in your posts I have included a sample with descriptions.
     IP Address assigned to: BRAZIL <--This is the country attacking your system.

     IP Address: 189.112.76.100 is located within the following Network:

     Network: 189.112.0.0
     CIDR: 189.112.0.0/16
     Mask: 189.112.0.0/255.255.0.0
     Network Range: 189.112.0.0 - 189.112.255.255
     Total addresses: 65,536 <--These are the amount of IP's that we block in your DVR's firewall

     Reputation Score for 189.112.76.100 = 4. <-- if you see this in your post, chances are they are pros and the higher the number the worse they are


After accumulating over 60 million blocked IP's from your DVR systems collectively; I started posting in the forum and stopped logging them. Once an IP or an range of IP's are added the your DVR's firewall they are blocked from attacking the surface.

If you have any questions feel free to reply or call me any time.

Alex Allen

Alex Allen:
Dear Valued Clients,

As we try to surpass your expectations and protect you from the outside in, EPS would like to announce a new service we have put in place, EyeBlock. As some of you might have noticed you are no longer getting "DMIPC create fail" and "HTTP Server crash". For our Beta sites that were attacked more frequently, it has been eliminated or reduced dramatically. We would like to announce that we rolled this out for All our clients as well as clients of our CCTV partners.

With this service EPS has effectively blocked 1,945,354,182 IP addresses and counting from accessing your system and the program maintains a 7 day log that is available upon request. Currently most US IP addresses have access to systems until they violate your DVR. When this occurs they are put in our master list and ALL EPS monitored DVRs will check for new Blocked IP every two days and add it to your DVR.


Thank You for your Trust,
Alex Allen

Navigation

[0] Message Index

Go to full version