Scribd
Upload
33 views

Bosch ConfigSealing TechNote

The document discusses configuration sealing for IP cameras to protect against unauthorized changes. It describes enabling sealing in the camera's software, how the seal status is indicated, and methods to detect if the seal is broken such as forwarding logs or SNMP traps.

Uploaded by

Alexander Rodríguez Benavides
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
33 views

Bosch ConfigSealing TechNote

The document discusses configuration sealing for IP cameras to protect against unauthorized changes. It describes enabling sealing in the camera's software, how the seal status is indicated, and methods to detect if the seal is broken such as forwarding logs or SNMP traps.

Uploaded by

Alexander Rodríguez Benavides
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Bosch Security Systems | Video Systems 1|5

Configuration Sealing
IP Camera Configuration Security

Data subject to change without notice | August 22 Security Systems / Video Systems
Bosch Security Systems | Video Systems 2|5

Table of contents

Introduction 3

How to achieve Configuration Sealing 4

Data subject to change without notice | August 22 Security Systems / Video Systems
Bosch Security Systems | Video Systems 3|5

Introduction
After the IP camera is installed in its position and calibrated, it is seldom necessary to change configuration of the device.
To protect the device against accidental or harmful configuration changes there is an option to seal the configuration.

Like a real-life seal, the seal can be broken, not hindering (un-)authorized persons to access data, but this can immediately
be detected, and configuration changes be undone, or an attacker can be identified.

Data subject to change without notice | August 22 Security Systems / Video Systems
Bosch Security Systems | Video Systems 4|5

How to achieve Configuration Sealing


Go to Service > Logging > Tab ‘Software Sealing’ to enable configuration sealing.

Here the sealing can be enabled by checking the checkbox.

After enabling the seal, it will show when the seal has been enabled and that the seal is intact

Should a configuration change be done it will show when the seal has been broken

The ‘Software Sealing’ log shows all activities that lead to sealing or breaking the seal.

As an attacker could change the sealing setting, it is important to forward the information about a broken seal to another
system and warn from there. There are three possible ways to achieve this which could also be used in parallel:

1. Either the logs of the device can be transferred to a syslog server to watch for EMERGENCY type messages,
which will clearly show who broke the seal and which configuration entries have been changed

2. A client may register on the RCP+ message on sealing break.

3. SNMP trap sending can be configurated (see separate SNMP tech note).
An SNMP trap will be sent as soon as a configuration entry is changed.

A broken seal needs to be re-sealed after configuration changes or corrections have been made. This is done by
unchecking and re-checking the “Enable software sealing” checkbox.

Data subject to change without notice | August 22 Security Systems / Video Systems
Bosch Security Systems | Video Systems 5|5

Bosch Sicherheitssysteme GmbH


Robert-Bosch-Ring 5
85630 Grasbrunn
Germany
www.boschsecurity.com
© Bosch Sicherheitssysteme GmbH, 2022

Data subject to change without notice | August 22 Security Systems / Video Systems

You might also like