Regarding security access to own home network, the responsible answer
Regarding security access to own home network, the responsible way would be to write something like the following:
VPN can be the most in security you can get, and you should use it to access your home network. PPTP VPN should never be used as it is absolutely not safe in any way for the last 15+ years. OpenVPN must be used exclusively. But, while using OpenVPN, one must check occasionally (at least 1-2 times a year) if some security aspect has been compromised and then upgrade compromised items.
If you are now using the OpenVPN, please check OpenSSL versions you are using and upgrade if necessary. At least to avoid the catastrophic Heartbleed. All info is presented clearly on Openvpn.net Community
Downloads page where you would download the needed. Changelog for your (OpenVPN server) router firmware or NAS will show versions. If it does not, use something else.
If you just want to experiment with watching your cameras, port forwarding 554 is OK. You setup
DDNS and a watchprogram in a phone or computer, and it works. You can easily check if someone is attacking you (activate log in a router showing accepted). No need to panic about hackers attacking your router. After experimenting and verifying things work, I would move on to OpenVPN for future prolonged use.
The main real life problem I see with port forwarding is: when you use unknown WLAN (WiFi at caffe, airport, mall...), you make your sent passwords available for any kid lurking there (snooping net traffic using free
tools) and then emit open video. Btw, check the Chinese
www.shodan.io. If port forwards are used, add to the router a nat-start script with the forwarding block if more than 3 attempts were made in the last 60 seconds (instead of standard 5).
You are far more likely to get compromised if you do not have whitelist firewall on all your connected devices - phones particularly. Or by infecting yourself from the web or e-mail. Any literate kid can infect and steal anything from you using free tools, e.g. MSFVenom. Terrible idea is to have WPS and UPnP enabled in a router (typically by default). Use of default passwords? What security measure will help Apple phones users who were buying infected apps from their store for years when these apps installed something evil to monitor anything they type on their phone and send that info to evil people? VPN not, firewall could.
If you want a better way to access your home network from outside, you need an OpenVPN server installed in your network (VPN enabled router is the best choice). Then add OpenVPN clients and certificates to all computers and phones which will be connecting remotely to your home network. All free. DD-WRT router software is not suited for regular people. Probably the easiest way to an excellent OpenVPN server is any Asus router supporting the Asuswrt-Merlin firmware.
But, with VPN it will get more complicated. Any phone must have a Firewall and VPN will force you to root your phone to install it. You will have to both connect to VPN and deactivate it manually to access your LAN from outside. You will not be able to use just any computer to peek at your cameras. Also, you will need to learn about issuing and revoking keys, certificates - likely a major pain. But, you will be safe.
Nothing is absolutely secure! Any single measure will never protect you completely in every situation (car crash, burglary, hackers, health...)!
Given that, if you have a firewall in whitelist mode installed on each Internet connected device (firewall on a router is implied), learn a few basics, have well deployed OpenVPN and are checking the news - you have the best you can get and you are extremely secure.
Please, do not trust me or anything you find on the internet before you properly check the author! Too many dangerous "experts" exists, making claims lacking explanation. Check my words, too.