This article outlines the various settings you can configure on an NVR to make it more secure on the network
Firstly ensure the NVR is running the latest firmware, security fixes, when applicable are always included in the firmware releases.
You can turn off DHCP on the NVR for all network ports, this will stop the NVR from being a DHCP server, ensure all cameras are either assigned a static address before turning off the DHCP server.
You can turn off DDNS and P2P. Turning these settings off means the NVR will not communicate to external DDNS providers and will prevent the NVR from asking the router to open ports it requires for the DDNS remote functionality. If you do turn DDNS off, you can only connect to the NVR via its public IP address.
You can also change the ports the NVR uses, from the default HTTP (80) and RTSP (558) values to something different. Changing ports from their default values will make it harder for a hacker to guess the port of the NVR and minimise automated attacks.
You can disable access to the NVR via its web page. You can also restrict remote access to all viewers.
The auto logout setting should be implemented to ensure the NVR does not stay logged into a user account if the user forgets to log out.
For a secure HTTP connection, where the user name and password are encrypted, disable HTTP and enable HTTPS.
Other settings such as disabling TLS 1.2 as it is deprecated now and implementing 802.1x should also be considered.