Can I secure my portforwarded cameras better?

[Kamalas]

I would like to know if I can do more to prevent outside unauthorised access to my cameras.


My router is a DLink 2890AL and my internet is DSL on a dynamic IP address and I am using DynDNS via a free hostname in order to stay connected with my cameras. I am port forwarding to two Huisun Mini PTZ cameras. I have a username of admin and long strong password set, different for both cameras.


I am accessing the cameras via tinyCam Monitor Pro android.


What additional measures can I adopt that will still allow external access?

thank you

 

[fenderman]

vpn

 

[riceandbeans]

+1

I use juice SSH tunnels on Android with 4096 bit keys, dd-wrt on the server side on an old ass wrt-54gl. If you want you can set up a Linux firewall on a vm on your bi server and port forward the ssh port from your router to your vm and have effectively the same thing.

Also put your cams on an isolated vlan, they WILL try to 'phone home' if they have internet access.

 

[bp2008]

Phone Factor Authentication was bought by Microsoft and is now called Azure.

Azure is the name of Microsoft's web services platform which contains many, many products...

 

[bp2008]

Anyway, as the OP has not said anything about having Blue Iris, it is unclear whether he has a machine currently capable of running a VPN or SSH server for camera access. With luck, his router has a VPN server built in.

 

[spork]

I've been looking for a answer to this as well. A lot of forum searches always suggest stunnel as a easy way to add security to BI or your ipcams. Is a vpn that much better? I think xprotect has encryption built in as well.

Sometimes I wonder if having cameras causes more of a security issue than not having them ...

 

[Heimir]

Use an old computer with 2 network cards and install pfSense.
Does openvpn and ipsec.
Easy to setup and works great.
You can even install pfblockerng or snort.
That way you can block port scan or easily block all countries but your own.

Also, easy to setup openvpn on a phone.

Personally, I am not worried about having a port open to my camera system.
If someone hacked it it wouldnt really be a big deal for me at house.
Just save a copy of the config file and restore if you have too.

 

[nayr]

Personally, I am not worried about having a port open to my camera system.
If someone hacked it it wouldnt really be a big deal for me at house.
Just save a copy of the config file and restore if you have too.

the problem is most all of them are poorly coded and allow remote code execution, which results in the camera's local operating system being compromised.. restoring config files wont do jack shit to help you at that point.

hackers dont care about your video feeds, they want the handfull of always connected little linux computers that are stupid easy to compromise and never have any local users logged in; to use to be used for attacks against others and hide there own tracks (ie, make it look like your trying to hack someone).

 

[bp2008]

A lot of forum searches always suggest stunnel as a easy way to add security to BI or your ipcams. Is a vpn that much better?

A typical stunnel setup only encrypts the communication so nobody can sniff the traffic. A VPN is much better for security because it requires you to authenticate yourself.