Can we receive alarms/view videos remotely when camaras are not connected to the internet?

[Mynghan]

Hi, I'm a noob, reading chats so i can get the get the correct nvr/cameras set up for our home..

I have read recommendations to not connect cameras / nvr to the internet to avoid hacking. If we do this, does this mean one cannot receive alert/notifications or view captured footage remotely? Or is there a safe way to do this without exposing the cctv system to hacking risks ? Thank you.

Gilbert / Mynghan

 

[VideoDad]

Hi, I'm a noob, reading chats so i can get the get the correct nvr/cameras set up for our home..

I have read recommendations to not connect cameras / nvr to the internet to avoid hacking. If we do this, does this mean one cannot receive alert/notifications or view captured footage remotely? Or is there a safe way to do this without exposing the cctv system to hacking risks ? Thank you.

Gilbert / Mynghan

The short answer is you secure your cameras so they don't have any access in/out to the Internet. Then you have your NVR with secure access in for viewing videos.

The Wiki has a great article on this:

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

 

[bp2008]

Typically the NVR will need internet access in order to facilitate sending alerts. It is taken for granted by many of us that a Chinese NVR is just as vulnerable, just as likely to contain backdoors or spyware, as a Chinese camera. But at some point you need to accept some risk if you want to use the internet.

There are a few ways a very tech-literate person could get alerts sent without giving cameras or the NVR access to the whole internet. For example if you only cared about email alerts, you could let the NVR use a local SMTP server or SMTP relay but otherwise block the internet.

It is common for many of us to use no hardware NVR product at all, instead using a PC-based NVR software like Blue Iris that we trust more to not have backdoors or a spying agenda. Then it is relatively easy to put all the cameras on their own isolated physical LAN or VLAN without internet access, but let the PC-based NVR access the internet as well as the isolated camera LAN.

 

[Mynghan]

Thanks bp2008 and videodad.. I will review the information.

 

[ADomani]

The isolation of the Cameras, or of the network of cameras from the Internet is certainly important.
On the other hand, the notion of alert or anything like that can (must) get out of this protected bubble.

Being connected to the internet is a "vague" notion, we must not reason by globalizing "internet", there is what "enters" and what "exits".

An Alert (which should warn you) is only outgoing.
On the same machine (computer or other) it is possible to "let" out a training course for the Internet, but also to completely partition everything that could enter.

It is necessary to reason in integrand these notions, that allows more possibility.

It is also possible to "send" these "alerts" to a local machine which may have less risk since it is not integrated into the camera network and who will relay this alert to you

A.D

 

[bigredfish]

 

[Nunofya]

^^^

 

[lovol]

Having your cameras or even NVR having access to 'the internet' is generaly a bad idea.

They are little computers at the end of the day, and not always the most up to date and secure ones. So if somone can access and take over a camera, they can then use that to move sidways to your other devices on your network, e.g. laptop, desktop, whatever you do internet banking on etc.

The most secure way is to have a VPN into your home network.

You can do this with some more 'advanced' routers, or you can run a software app that will do this.

So, you have your system on your home network, but there is no way of accessing it from 'the internet'.
You then connect a VPN from your mobile/laptop whatever to your home network
your mobile/laptop now 'thinks' it's inside your home network, just like when you're on home wifi
now you can view video etc.

As for alerts, that's a whole other thing. Probably need a 3rd party app to proxy the alert to SMS/Whataapp or whatever you like.

 

[lovol]

Oh, when I say VPN, I suppose we should be a bit clearer.

I mean your own VPN SERVER in your own network. You can use hardware or software for this. I use a Ubiquiti Dream Machine, but you can use anything, some pro-sumer routers support this.

 

[Mynghan]

Thank you !

 

[Mynghan]

An update and some more clarifications:

• ended up getting a dahua NVR. (My old machine is unable to run blue iris)
• some camera locations have changed; getting 6 cameras for now.

Clarifications:
1. Do I need a separate computer to act as the ntp server / firewall or can the router do this ?

camaras --> (poe switch) <--> nvr
|
router w/ openvpn --> (do i need a computer here for ntp server / firewall software ? ) --> (internet provider modem/router) <--->internet

2. In above setup, how do i prevent the cameras from access to the internet while allowing nvr through when nvr have only 1 network card ? Through Firewall / router filter settings?

Thanks!

Regards,
Gilbert

 

[Mynghan]

camaras
|
(poe switch) <--> nvr
|
router w/ openvpn --> (do i need a computer here for ntp server / firewall software ? ) --> (internet provider modem/router) <--->internet

-- router w/ openvpn is connected to the poe switch (not cameras)

 

[Mynghan]

Found the discussions about this in the forums. Is this correct ?
cameras
|
(poe switch) <---> nvr (use ntp here ?)
|
router w/ ddwrt (firewall) w/ openvpn
|
wireless router (internet access point) (is this needed or do i just connect the internet model to the router w/ ddrt ?)
|
internet

 

[Mike A.]

Usually...

cameras
|
(poe switch) <---> nvr (use ntp here ?) and wireless router (serving as internet access point)
|
router w/ ddwrt (firewall) w/ openvpn
|
internet

 

[Mynghan]

Thanks Mike !