dahua VTO4202F-MF IP Video Intercom Fingerprint Module

Foreword

General
This manual introduces the functions and operations of the fingerprint module (hereinafter referred to as “the device”).

Safety Instructions

The following signal words might appear in the manual.

Revision History

Privacy Protection Notice
As the device user or data controller, you might collect the personal data of others such as their face, audio, fingerprints, and license plate number. You need to be in compliance with your local privacy protection laws and regulations to protect the legitimate rights and interests of other people by implementing measures which include but are not limited: Providing clear and visible identification to inform people of the existence of the surveillance area and provide required contact information.

About the Manual

• The manual is for reference only. Slight differences might be found between the manual and the product.
• We are not liable for losses incurred due to operating the product in ways that are not in compliance with the manual.
• The manual will be updated according to the latest laws and regulations of related jurisdictions. For detailed information, see the paper user’s manual, use our CD-ROM, scan the QR code or visit our official website. The manual is for reference only. Slight differences might be found between the electronic version and the paper version.
• All designs and software are subject to change without prior written notice. Product updates might result in some differences appearing between the actual product and the manual. Please contact customer service for the latest program and supplementary documentation.
• There might be errors in the print or deviations in the description of the functions, operations and technical data. If there is any doubt or dispute, we reserve the right of final explanation.
• Upgrade the reader software or try other mainstream reader software if the manual (in PDF format) cannot be opened.
• All trademarks, registered trademarks and company names in the manual are properties of their respective owners.
• Please visit our website, contact the supplier or customer service if any problems occur while using the device.
• If there is any uncertainty or controversy, we reserve the right of final explanation.

Important Safeguard and Warnings

This section introduces content covering the proper handling of the device, hazard prevention, and prevention of property damage. Read carefully before using the device, and comply with the guidelines when using it.

Installation Requirements

Warning

• Do not connect the power adapter to the device while the adapter is powered on.
• Do not connect the device to two or more kinds of power supplies, to avoid damage to the device.
• Please follow the electrical requirements to power the device.
  • Following are the requirements for selecting a power adapter.
    • The power supply must conform to the requirements of IEC 60950-1 and IEC 62368-1 standards.
    • The voltage must meet the SELV (Safety Extra Low Voltage) requirements and not exceed ES-1 standards.
    • When the power of the device does not exceed 100 W, the power supply must meet LPS requirements and be no higher than PS2.
  • We recommend using the power adapter provided with the device.
  • When selecting the power adapter, the power supply requirements (such as rated voltage) are subject to the device label.
• Personnel working at heights must take all necessary measures to ensure personal safety including wearing a helmet and safety belts.
• Do not place the device in a place exposed to sunlight or near heat sources.
• Keep the device away from dampness, dust, and soot.
• Install the device on a stable surface to prevent it from falling.
• Install the device in a well-ventilated place, and do not block its ventilation.
• Use an adapter or cabinet power supply provided by the manufacturer.
• Use the power cords that are recommended for the region and conform to the rated power specifications.
• The device is a class I electrical appliance. Make sure that the power supply of the device is connected to a power socket with protective earthing.

Operation Requirements

DANGER

Battery Pack Precautions
Preventive measures (including but not limited to):

• Do not transport, store or use the batteries in high altitudes with low pressure and environments with extremely high and low temperatures.
• Do not dispose the batteries in fire or a hot oven, or mechanically crush or cut the batteries to avoid an explosion.
• Do not leave the batteries in environments with extremely high temperatures to avoid explosions and leakage of flammable liquid or gas.
• Do not subject the batteries to extremely low air pressure to avoid explosions and the leakage of flammable liquid or gas.
• Check whether the power supply is correct before use.
• Do not unplug the power cord on the side of the device while the adapter is powered on.
• Operate the device within the rated range of power input and output.
• Transport, use and store the device under allowed humidity and temperature conditions.
• If the device is powered off for longer than a month, it should be placed in its original package and sealed. Make sure to keep it away from moisture, and store it under allowed humidity and temperature conditions.
• Do not drop or splash liquid onto the device, and make sure that there is no object filled with liquid on the device to prevent liquid from flowing into it.
• Do not disassemble the device without professional instruction.

Product Introduction

Modular VTO fingerprint module (with metal front cover) supports collecting fingerprint.

Port

Table 2-1 Description of port

Dimension

The following shows the dimensions of the module.

Security Recommendation

Account Management

1. Use complex passwords
   Please refer to the following suggestions to set passwords:
   • The length should not be less than 8 characters;
   • Include at least two types of characters: upper and lower case letters, numbers and symbols;
   • Do not contain the account name or the account name in reverse order;
   • Do not use continuous characters, such as 123, abc, etc.;
   • Do not use repeating characters, such as 111, aaa, etc.
2. Change passwords periodically
   It is recommended to periodically change the device password to reduce the risk of being guessed or cracked.
3. Allocate accounts and permissions appropriately
   Appropriately add users based on service and management requirements and assign minimum permission sets to users.
4. Enable the account lockout function
   The account lockout function is enabled by default. You are advised to keep it enabled to protect account security. After multiple failed password attempts, the corresponding account and source IP address will be locked.
5. Set and update password reset information in a timely manner
   The device supports a password reset function. To reduce the risk of this function being used by threat actors, if there is any change in the information, please modify it in time. When setting security questions, it is recommended not to use easily guessed answers.

Service Configuration

1. Enable HTTPS
   It is recommended that you enable HTTPS to access web services through secure channels.
2. Encrypted transmission of audio and video
   If your audio and video data contents are very important or sensitive, it is recommended to use the encrypted transmission function in order to reduce the risk of your audio and video data being eavesdropped on during transmission.
3. Turn off non-essential services and use safe mode
   If not needed, it is recommended to turn off some services such as SSH, SNMP, SMTP, UPnP, AP hotspot, etc., to reduce the attack surfaces.
   If necessary, it is highly recommended to choose safe modes, including but not limited to the following services:
   1. SNMP: Choose SNMP v3, and set up strong encryption and authentication passwords.
   2. SMTP: Choose TLS to access the mailbox server.
   3. FTP: Choose SFTP, and set up complex passwords.
   4. AP hotspot: Choose WPA2-PSK encryption mode, and set up complex passwords.
4. Change HTTP and other default service ports
   It is recommended that you change the default port of HTTP and other services to any port between 1024 and 65535 to reduce the risk of being guessed by threat actors.

Network Configuration

1. Enable Allow list
   It is recommended that you turn on the allow list function, and only allow IP in the allow list to access the device. Therefore, please be sure to add your computer IP address and supporting device IP address to the allow list.
2. MAC address binding
   It is recommended that you bind the IP address of the gateway to the MAC address on the device to reduce the risk of ARP spoofing.
3. Build a secure network environment
   In order to better ensure the security of devices and reduce potential cyber risks, the following are recommended:
   • Disable the port mapping function of the router to avoid direct access to the intranet devices from external network;
   • According to the actual network needs, partition the network: if there is no communication demand between the two subnets, it is recommended to use VLAN, gateway and other methods to partition the network to achieve network isolation;
   • Stablish 802.1x access authentication system to reduce the risk of illegal terminal access to the private network.

Security Auditing

1. Check online users
   It is recommended to check online users regularly to identify illegal users.
2. Check device log
   By viewing logs, you can learn about the IP addresses that attempt to log in to the device and key operations of the logged users.
3. Configure network log
   Due to the limited storage capacity of devices, the stored log is limited. If you need to save the log for a long time, it is recommended to enable the network log function to ensure that the critical logs are synchronized to the network log server for tracing.

Software Security

1. Update firmware in time
   According to the industry standard operating specifications, the firmware of devices needs to be updated to the latest version in time in order to ensure that the device has the latest functions and security. If the device is connected to the public network, it is recommended to enable the online upgrade automatic detection function, so as to obtain the firmware update information released by the manufacturer in a timely manner.
2. Update client software in time
   It is recommended to download and use the latest client software.

Physical Protection
It is recommended that you carry out physical protection for devices (especially storage devices), such as placing the device in a dedicated machine room and cabinet, and having access control and key management in place to prevent unauthorized personnel from damaging hardware and other peripheral equipment (e.g. USB flash disk, serial port).

FAQs

Q: Can I use the Fingerprint Module outdoors?
A: It is not recommended to expose the Fingerprint Module to outdoor elements. It should be installed indoors in a controlled environment.

Q: How many fingerprints can be stored in the device?
A: The storage capacity may vary depending on the model. Refer to the product specifications for information on fingerprint storage capacity.

Documents / Resources

dahua VTO4202F-MF IP Video Intercom Fingerprint Module [pdf] User Manual VTO4202F-MF IP Video Intercom Fingerprint Module, VTO4202F-MF, IP Video Intercom Fingerprint Module, Intercom Fingerprint Module, Fingerprint Module

References

• User Manual