Security Recommendations for Webcams

The guidance below should be followed by anyone installing, managing, or using a webcam for U-M business, and is recommended for anyone using one for any purpose.

If you use a webcam for U-M business, you need to do so in accordance with Proper Use of Security Cameras (SPG 66.01).

Apply these recommended security controls for web cameras:

  • Change the webcam default admin password. Set a secure password for the administrator account.
    Note: If the webcam is reset to factory defaults, the admin password may need to be reset.
  • Keep firmware and software updated. Regularly upgrade the device firmware to mitigate vulnerabilities in the webcam's OS. If you access the webcam using other software or applications, keep them up-to-date as well.
  • Configure the webcam to use private IP space (10.0.0.0 network). If you cannot use private IP space for the camera, use IP filtering (or a local firewall) to restrict access to/from the network.
  • Configure secure access for the Embedded Web Server (EWS), disable HTTP, and enable only HTTPS. If you are using the embedded web server feature of a camera, especially to manage it, configure secure access to the webcam's web page.
  • Disable unused protocols/services. Examples include IPv6, tFTP, Telnet, and so on.
  • Require use of the Virtual Private Network (VPN) to connect to the webcam if it is accessed from off-campus.
  • Use NMAP/VulnScan to confirm only needed ports are open. Once hardening steps have been completed, nmap scan your webcam to confirm that only known, needed ports are open and available on the network. Contact your unit IT if you need assistance with NMAP/VulnScan.
  • Include signage to let folks know they are on camera. Any time you use a camera at U-M, you need to make others aware that they may be on camera. Posting signage is an easy way to respect privacy.

Additional considerations for using a webcam at home include:

  • Secure your home network. See Secure Your Home WiFi Network for tips.
  • Keep personal devices that may access the camera secure. See Secure Your Devices for tips covering a range of device types.
  • Be aware of privacy and data-use policies if you use your webcam with other services.
  • Consider using a cover over your webcam or disconnecting it when not in use.
Tags: 
Security
Last Updated: 
Wednesday, November 11, 2020