The user of the product therefore, availing of
specialist staff in IT security, has to decide under his/
her exclusive responsibility whether to:
• Enable certain or all security functionalities offered
by the R. STAHL Camera Systems GmbH device;
• Implement different security measures at system
level;
• Combine the two options.
The aforementioned choice should be made based
on the specific technical and legislative context, as
well as the type of data processed using the video
surveillance system.
Given the type of technical contexts within which
R. STAHL Camera Systems GmbH devices are
typically used, it is not possible or would it ever
be advisable that the firmware for these devices
automatically upgrades via the Internet. Over time,
R. STAHL Camera Systems GmbH could release
security upgrades for its devices, which should be
manually installed by the user, always by specialist
staff, if certain or all the security functionalities
for the device provided are enabled. The user is
obliged to be updated viaR. STAHL Camera Systems
GmbH institutional communication channels on the
availability of firmware security upgrades.
8
3.2 Security functionalities which
can be enabled in the product
3.2.1 Authentication credentials
The product is equipped with two operating
modes: FactoryDefaultState and OperationalState.
On first use, the device is in FactoryDefaultState
mode and without default credentials. The user
can access all the devices functionalities (including
video configuration and streaming) without any
authentication. This mode is intended for use on
private/protected networks which are only accessible
to reliable devices and staff, with the sole purpose
of allowing installation of the product also in
particular or difficult environmental conditions, or
using the product itself in limited and controlled
technical contexts without external or remote access
and/or without the processing of personal and/or
confidential data.
The FactoryDefaultState phase is terminated on
creation of the first user. At this point, the device
enters OperationalState and you can exclusively
access it by providing the access credentials.
The decision to use the device in FactoryDefaultState
or in OperationalState, as well as implementation of
all further security measures both at IT system level
and organisational level must be carried out under
the exclusive responsibility of the user on adequate
risk analysis by specialist staff.
3.2.2 Encryption
By default, the product implements the encryption
function via HTTPS with self-signed certificates for
configuration via web interface and for configuration
via ONVIF protocol. Video streaming via RTSP/RTP/
UDP, RTSP/RTP/TCP and RTSP/RTP/HTTP/TCP is not
protected by any encryption as outlined by ONVIF
specifications.
MNTCMPXHDB_1824_EN