blue iris / network setup

fixxxer0

Getting the hang of it
Joined
Dec 21, 2018
Messages
76
Reaction score
25
Location
USA
Hey guys... just got around to wiring everything and received my dedicated BI PC in the mail today.

Wanted to run this setup by anyone who might know better than me (most everyone im sure), and see what my options are.

I attached a sketch of my setup. the 2 POE switches are on opposite ends of the house, and all switches are unmanaged 1 Gbit.

My concern with the BI setup is more security based. everything is connected to the same 24 port switch at some point, but I would like to keep the cameras and BI machine off the internet.

am i correct in assuming that i can just configure the BI machine, and all the IP cameras to a different subnet than the rest of my network? right now everything is on 255.255.255.0 / 192.168.1.x for testing purposes and all works well and sees each other, but everything also has internet access.

if i put the BI machine on a seperate subnet to see the cameras, but need to update the software or remote in to it, do i need a dual NIC with connection to the main network?
 

Attachments

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
It can be simpler than that.
1) You have an ASUS router use the parental controls in the router to block the cameras for the internet, using there MAC address.
2) set up a openVPN, again using the ASUS router to allow secure access to the BI machine, there is no real need to block the BI machine from the internet.
3) set up on the BI machine as an NTP time server, to provide time to the cameras, use nettime NetTime - Network Time Synchronization Tool
 

fixxxer0

Getting the hang of it
Joined
Dec 21, 2018
Messages
76
Reaction score
25
Location
USA
Oh that sounds so much easier, glad I posted the question.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
Make sure UPnP is off in the Asus router, otherwise new cameras you install will open ports to themselves and if you are very unlucky they will get hacked before you get their internet access blocked.
 

fixxxer0

Getting the hang of it
Joined
Dec 21, 2018
Messages
76
Reaction score
25
Location
USA
Make sure UPnP is off in the Asus router, otherwise new cameras you install will open ports to themselves and if you are very unlucky they will get hacked before you get their internet access blocked.
thanks thats a good tip for all. i always disable upnp when setting up a router.
 

58chev

Pulling my weight
Joined
Aug 30, 2017
Messages
300
Reaction score
143
Location
Etobi, Ontario
Make sure UPnP is off in the Asus router, otherwise new cameras you install will open ports to themselves and if you are very unlucky they will get hacked before you get their internet access blocked.
Also make sure UPnP is turned off on your cameras.
 

fixxxer0

Getting the hang of it
Joined
Dec 21, 2018
Messages
76
Reaction score
25
Location
USA
I set everything up it was extremely easy works great

I remember now the reason why I had all these options turned off in the first place on the ASUS router... When you enable the settings like parental control and VPN they collect and mine all your data. I'm really not a fan of that.

Going to look at some other options that involve not using these built in settings on the router.
 

fixxxer0

Getting the hang of it
Joined
Dec 21, 2018
Messages
76
Reaction score
25
Location
USA
What exactly do you mean by that? "...mine all your data"? Please explain what happens. Is ASUS copying your hard drives and sending the data somewhere?
Haha no no nothing that crazy.

But they are gathering sites you are connecting to, configs, Mac addresses, ect...
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
How are they doing that. I do not see data Being sent the Asus. Please provided detailed proof of you comment or delete your false post.
 

fixxxer0

Getting the hang of it
Joined
Dec 21, 2018
Messages
76
Reaction score
25
Location
USA
"Certain features available in Trend Micro products collect and send feedback regarding product usage and detection information to Trend Micro. Some of this data is considered personal in certain jurisdictions and under certain regulations. If you do not want Trend Micro to collect personal data, you must ensure that you disable the related features."


You can read about the items shared in that thread I linked, and the whole EULA and privacy discolisures, and see if it's of any concern to you personally.

I don't have any "proof" of how they collect data, aside from their admission that they do when you enable the settings in the newer firmwares.
 
Top