There are times when internet access to the NVR is a requirement (not the cameras, but the NVR). Most of the time it is for small shops that don't have tech savvy operators that view their cameras from their home/on the road/mobile devices, etc... which is why the firewall can't be restricted to only allow certain WAN IPs from connecting to the NVR.
Also, assume a VPN client app on the mobile devices is out of the question due to the lack of knowledge from the end user.
I agree 100% the correct solution is training the user and/or forcing VPN, but there are going to be time where that simply can't be done.
The question I have is, how do you best secure the NVR from the outside? Here is what I do:
- change off of the default ports that the NVR uses for remote connections
- change the default admin password to something very complex
- setup a user and user password for all users who connect to the system (can be enabled/disabled as needed).
Also, assume a VPN client app on the mobile devices is out of the question due to the lack of knowledge from the end user.
I agree 100% the correct solution is training the user and/or forcing VPN, but there are going to be time where that simply can't be done.
The question I have is, how do you best secure the NVR from the outside? Here is what I do:
- change off of the default ports that the NVR uses for remote connections
- change the default admin password to something very complex
- setup a user and user password for all users who connect to the system (can be enabled/disabled as needed).