Quick Start Guide

ManualsBrandsZhejiang Dahua Vision Technology ManualsElectronicsWi-Fi Villa Door Station

Quick Start Guide

We suggest you to enable HTTPS, so that you visit Web service through a secure

communication channel.

MAC Address Binding

We recommend you to bind the IP and MAC address of the gateway to the equipment, thus

reducing the risk of ARP spoofing.

Assign Accounts and Privileges Reasonably

According to business and management requirements, reasonably add users and assign a

minimum set of permissions to them.

Disable Unnecessary Services and Choose Secure Modes

If not needed, it is recommended to turn off some services such as SNMP, SMTP, UPnP, etc.,

to reduce risks.

If necessary, it is highly recommended that you use safe modes, including but not limited to

the following services:

● SNMP: Choose SNMP v3, and set up strong encryption passwords and authentication

passwords.

● SMTP: Choose TLS to access mailbox server.

● FTP: Choose SFTP, and set up strong passwords.

● AP hotspot: Choose WPA2-PSK encryption mode, and set up strong passwords.

10.

Audio and Video Encrypted Transmission

If your audio and video data contents are very important or sensitive, we recommend that

you use encrypted transmission function, to reduce the risk of audio and video data being

stolen during transmission.

Reminder: encrypted transmission will cause some loss in transmission efficiency.

11.

Secure Auditing

● Check online users: we suggest that you check online users regularly to see if the device

is logged in without authorization.

● Check equipment log: By viewing the logs, you can know the IP addresses that were used

to log in to your devices and their key operations.

12.

Network Log

Due to the limited storage capacity of the equipment, the stored log is limited. If you need to

save the log for a long time, it is recommended that you enable the network log function to

ensure that the critical logs are synchronized to the network log server for tracing.

13.

Construct a Safe Network Environment

In order to better ensure the safety of equipment and reduce potential cyber risks, we

recommend:

● Disable the port mapping function of the router to avoid direct access to the intranet

devices from external network.

● The network should be partitioned and isolated according to the actual network needs. If

there are no communication requirements between two sub networks, it is suggested to

use VLAN, network GAP and other technologies to partition the network, so as to achieve

the network isolation effect.

● Establish the 802.1x access authentication system to reduce the risk of unauthorized

access to private networks.

● Enable IP/MAC address filtering function to limit the range of hosts allowed to access the

device.