WebCCTV Installation Manual 66Version 4.3 Series6.2.16.2 Security policyAt the start of this section, let’s reiterate the basic premise of the WebCCTV security policy:We will lock down WebCCTV as much as possible, leaving as few places as possible wherean attack could occur, and securing the remaining places as much as possible.“Locking down” the machine means that we will try to prevent malicious attacks onWebCCTV by not giving attackers (hackers, viruses, etc) the possibility to exploit weaknessesin the system.WebCCTV uses the Microsoft Windows XP Embedded operating system. Like any otheroperating system including Linux and other Unix variants – or any software for that matter –this operating system is not perfect. It contains certain weaknesses that could be used to getunauthorized access to the machine.Generally speaking, Windows XP (Embedded) is a very safe operating system whenadministered correctly. There are several ways outlined in this section to increase security. Have secure passwords. Leave WebCCTV in operator mode as much as possible. Keep the system up to date via Windows Update. Secure the network access. Make sure that any other access doesn’t cause problems.Contrary to popular belief, most attacks on computer systems are not brute-force attacks byextremely skilled people on a weak operating system. Instead, most attacks exploitvulnerabilities that were created “from the inside”. This implies that you have control over thesituation and can prevent attacks by rigorously securing the machine and being careful whenhandling it. In the next paragraphs, you can find out how to do this.Password policyThe very first thing that you should do when unpacking WebCCTV, is tochange the Administrator password!The default password for Administrator account on new WebCCTV units is “webcctvnvr” andfor Operator is “quadrox” (lower case letters).Default passwords should be changed as soon as possible, preferably even before WebCCTVis put on the network. Otherwise attackers can gain access to the system using easilyretrievable passwords. It’s like locking the door, but leaving the key in the lock.To avoid passwords leaking out of the organization or being retrieved otherwise, follow theseguidelines: Publish passwords to as few people as possible. The fewer people knowing thepassword, the less chance of it ending up in the wrong hands.