securing remote NVRs

dt-cam

Getting the hang of it
Joined
Dec 9, 2016
Messages
104
Reaction score
15
There are times when internet access to the NVR is a requirement (not the cameras, but the NVR). Most of the time it is for small shops that don't have tech savvy operators that view their cameras from their home/on the road/mobile devices, etc... which is why the firewall can't be restricted to only allow certain WAN IPs from connecting to the NVR.

Also, assume a VPN client app on the mobile devices is out of the question due to the lack of knowledge from the end user.

I agree 100% the correct solution is training the user and/or forcing VPN, but there are going to be time where that simply can't be done.

The question I have is, how do you best secure the NVR from the outside? Here is what I do:

- change off of the default ports that the NVR uses for remote connections
- change the default admin password to something very complex
- setup a user and user password for all users who connect to the system (can be enabled/disabled as needed).
 

Mr_D

Getting comfortable
Joined
Nov 17, 2017
Messages
596
Reaction score
527
Location
Southern California
VPN on mobile is not difficult. Of course, you'll set it up for them. But then you just have to show them what to tap on to start the VPN before going to the NVR client software.
 

dt-cam

Getting the hang of it
Joined
Dec 9, 2016
Messages
104
Reaction score
15
VPN on mobile is not difficult. Of course, you'll set it up for them. But then you just have to show them what to tap on to start the VPN before going to the NVR client software.
It can be difficult if the user isn't savvy. Your reply is subjective/your opinion. In the real world, there are MANY owners who barley know how to login to their phone.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
It can be difficult if the user isn't savvy. Your reply is subjective/your opinion. In the real world, there are MANY owners who barley know how to login to their phone.
yup and they should not be given access to an NVR that is connected to a network..
or if you dont want to expose data on the network, put the NVR on vlan and expose it...that way the hackers will only be able to view your video/disable or brick your cams or nvr /delete video...
 

Mr_D

Getting comfortable
Joined
Nov 17, 2017
Messages
596
Reaction score
527
Location
Southern California
It can be difficult if the user isn't savvy. Your reply is subjective/your opinion. In the real world, there are MANY owners who barley know how to login to their phone.
Yes, I deal with such people all the time. You may as well give up on remote viewing altogether then if one extra step is too much.
 

dt-cam

Getting the hang of it
Joined
Dec 9, 2016
Messages
104
Reaction score
15
Yes, I deal with such people all the time. You may as well give up on remote viewing altogether then if one extra step is too much.
Yup, this is probably the correct answer.

Them doing the extra step isn't hard, but remembering to do it will be the problem. I know because I've already tried, in the past, and it never fails, I always get a call asking why remote viewing doesn't work.

Thanks for the input.
 
Top