Cameras on LAN

Discussion in 'Cyber Security' started by dryfly, May 14, 2019.

Share This Page

  1. dryfly

    dryfly Getting the hang of it

    Joined:
    May 25, 2015
    Messages:
    151
    Likes Received:
    7
    I have 2 systems running, both with Hikvision cameras. One is a BI computer, and the other is a Hikvision NVR. On both systems I have the cameras on POE switches connected to the LAN.

    I have seen various posts recommending subnets using 2 nic cards on a BI computer using one nic to feed the cameras directly to the computer, not the LAN. Also, I've seen recommendations on NVR's to run the cameras directly into the NVR and not on the LAN.

    At this time I do not use any remote access devices, and certainly don't have any ports forwarded. My question: is my system safe with the cameras connected to the LAN? If not, how do cameras on a LAN access the internet causing issues?

    Also, once a VPN (Asus router/OpenVPN) is established, is any of this a concern?
     
  2. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,482
    Likes Received:
    792
    Location:
    Houston Tx
    Security is always a concern.

    Your setup will work for now. But I would block the cameras IP / Mac addresses at your router, to prevent the cameras from Calling home. Some routers support this feature.

    All cameras have questionable security.

    On the router disable up uPNP.

    Set up a time service on your network so the cameras can get the correct time locally.
     
  3. Walter Ahlgrim

    Walter Ahlgrim n3wb

    Joined:
    Apr 20, 2019
    Messages:
    2
    Likes Received:
    0
    Location:
    63357
    If you do not need /want remotely view the cameras and have a monitor connected to the HDMI of the DVR for viewing. Then the safest system is “Air Gaped” from the internet. In that all cameras connect directly to the DVR and the DVR has no connections to anything connected in any way to the internet.

    Walta
     
  4. RoCam

    RoCam n3wb

    Joined:
    Friday
    Messages:
    11
    Likes Received:
    0
    Location:
    Netherlands
    If your router / switch supports is you might consider using vlans. That way you won’t have to use multiple network cards and all traffic can be router through a firewall.
     
  5. thomaswde

    thomaswde Getting the hang of it

    Joined:
    Feb 18, 2017
    Messages:
    44
    Likes Received:
    62
    Location:
    NW, GA
    1st, ALWAYS be sure UPNP is disabled at your router, pretty much every router out there will let you toggle this off, if it won't get one that will.
    Doing that and only connecting to your home network via a VPN would cover a lot of your bases and put you in decent shape.
    2nd, your best option to secure yourself further (which is IMO whatever is the safest & most maintainable for you) depends very much on the network equipment you're running and your personal networking skill level, there are just so many ways to secure your cameras from firewall rules, VLAN, air gap, etc, etc.