User Manual
Table Of Contents
- Overview
- Accessing the Network Camera
- Using VIVOTEK Recording Software
- Using 3GPP-compatible Mobile Devices
- Using RTSP Players
- Main Page
- Client Settings
- Configuration
- System > General settings
- System > Homepage layout
- System > Logs
- System > Parameters
- System > Maintenance
- Media > Image
- Media > Video
- Media > Video
- Media > Video
- Media > Audio
- Network > General settings
- Network > Streaming protocols
- Network > SNMP (Simple Network Management Protocol)
- Network > FTP
- Security > User accounts
- Security > HTTPS (Hypertext Transfer Protocol over SSL)
- Security > Access List
- PTZ > PTZ settings
- Event > Event settings
- Applications > Motion detection
- Applications > Tampering detection
- Applications > Audio detection
- Applications > Package management - a.k.a., VADP (VIVOTEK Application Development Platform)
- Recording > Recording settings
- Local storage > SD card management
- Local storage > Content management
- Appendix
VIVOTEK
User's Manual - 113
Security > Miscellaneous
The embedded TrendMicro utitlity provides the protection against Cross-Site Request
Forgery. Cross-site request forgery is also known as one-click attack or session riding and
is abbreviated as CSRF. CSRF is a type of malicious exploit of a website, in this case, the
camera. Unauthorized commands are transmitted from a user that the web application
trusts, using the mechanism of forging a trusted user's own request with a request
containing his own cookies, etc. Different ways can be used for a malicious website to
transmit such commands. They can be specially-crafted image tags, hidden forms, and
JavaScript XMLHttpRequests. The malicious attack can occur without users' interaction or
even knowing it.