Security

Security best practices and configuration for your Rockettec Overseer.

Authentication

Web Interface Authentication

The web interface requires username and password authentication:

  • Default credentials: admin / admin
  • Change immediately after first login
  • Session tokens expire after 30 minutes of inactivity

Network Security

Firewall

The device includes a built-in firewall with default rules:

Port Service Status
5074 Web UI Open
51820 WireGuard Open (UDP)

WireGuard VPN

For secure remote access:

  • Uses modern cryptographic primitives (Curve25519, ChaCha20-Poly1305)
  • Perfect forward secrecy
  • Minimal attack surface

Data Protection

Storage Encryption

Sensitive data is protected:

  • WireGuard private keys are stored encrypted
  • WiFi passwords are stored encrypted
  • User credentials are hashed (bcrypt)

Recording Privacy

Video recordings may contain sensitive information:

  • Recordings are stored locally only
  • No automatic cloud upload
  • Downloads require authentication
  • Consider encrypting exported recordings

Access Control

User Accounts

Currently supports a single administrator account. For multi-user scenarios:

  • Use WireGuard to restrict network access
  • Monitor access via security logs
  • Rotate credentials periodically

Session Management

Feature Description
Session Timeout Auto-logout after 30 minutes
Concurrent Sessions Allowed from multiple devices
Session Logging All logins/logouts logged

Security Logging

All security events are logged:

  • Login attempts (success and failure)
  • Password changes
  • Configuration changes
  • VPN connection events

View security logs via Logs page with "Security" type selected.

Security Best Practices

Initial Setup

  1. Change default admin password immediately
  2. Change default hotspot password
  3. Configure WireGuard for remote access
  4. Disable hotspot if using only WiFi client mode

Ongoing Maintenance

  1. Regularly review security logs
  2. Keep firmware updated
  3. Rotate passwords periodically
  4. Monitor for unauthorized access attempts

Physical Security

  • Install in a secure location
  • Control physical access to the device
  • Consider tamper-evident mounting

Compliance

The Rockettec Overseer supports compliance requirements through:

  • Audit Trails: Complete session recordings
  • Access Logs: Detailed authentication logs
  • Data Protection: Encrypted storage of credentials
  • Secure Remote Access: WireGuard VPN

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please reload the page.