PDF《Bosch IP Video and Data Security》

13636 and was created utilizing existing standards, guidelines, and best practices. It is specifically designed to reduce cyber risks to critical infrastructures and their network attached devices and data. This framework is designed to help organizations understand both external and internal cyber security risks and is applicable to any size organization categorized from Tier

1 (Partial) to Tier

4 (Adaptive). This educational paper is written to assist integrators to harden Bosch IP video products to better adhere to their customer'

s existing network security policies and procedures. This guide will cover: C Critical information on the features and fundamentals of Bosch IP video devices C Specific features that can be modified or disabled C Specific features that can be activated and utilized C Best practices as they pertain to video systems and security This guide will primarily focus on utilizing Bosch Configuration Manager to perform the configurations discussed. In most cases all configurations can be performed utilizing Bosch Video Management System Configuration Client, Bosch Configuration Manager, and the built in web interface of a video device.

6 en | Bosch IP video devices Bosch IP Video and Data Security Guidebook 2017.03 | V 1.0 | DOC Bosch Sicherheitssysteme GmbH

2 Bosch IP video devices IP video products are becoming commonplace in today'

s network environment, and as with any IP device placed on a network, IT administrators and security managers have a right to know the full extent of a device'

s feature set and capabilities. When dealing with Bosch IP video devices your first line of protection are the devices themselves. Bosch encoders and cameras are manufactured in a controlled and secure environment that is continually audited. Devices can only be written to via a valid firmware upload, which is specific to hardware series and chipset. Most Bosch IP video devices come with an onboard security chip that provides functionality similar to crypto SmartCards and the so called Trusted Platform Module, or short TPM. This chip acts like a safe for critical data, protecting certificates, keys, licenses, etc. against unauthorized access even when the camera is physically opened to gain access. Bosch IP video devices have been subjected to more than thirty thousand (30 000) vulnerability and penetration tests performed by independent security vendors. Thus far, there have been no successful cyberattacks on a properly secured device. Bosch IP Video and Data Security Guidebook Assigning IP addresses | en

7 Bosch Sicherheitssysteme GmbH 2017.03 | V 1.0 | DOC

3 Assigning IP addresses All Bosch IP video devices currently come in a factory default state ready to accept a DHCP IP address. If no DHCP server is available in the active network on which a device is deployed, the device will C if running firmware 6.32 or higher C automatically apply a link-local address out of the range of 169.254.1.0 to 169.254.254.255, or 169.254.0.0/16. With earlier firmware, it will assign itself the default IP address 192.168.0.1. There are several tools that can be used to ........