Can we receive alarms/view videos remotely when camaras are not connected to the internet?

Mynghan

n3wb
Aug 7, 2023
19
3
Philippines
Hi, I'm a noob, reading chats so i can get the get the correct nvr/cameras set up for our home..

I have read recommendations to not connect cameras / nvr to the internet to avoid hacking. If we do this, does this mean one cannot receive alert/notifications or view captured footage remotely? Or is there a safe way to do this without exposing the cctv system to hacking risks ? Thank you.

Gilbert / Mynghan
 
Hi, I'm a noob, reading chats so i can get the get the correct nvr/cameras set up for our home..

I have read recommendations to not connect cameras / nvr to the internet to avoid hacking. If we do this, does this mean one cannot receive alert/notifications or view captured footage remotely? Or is there a safe way to do this without exposing the cctv system to hacking risks ? Thank you.

Gilbert / Mynghan
The short answer is you secure your cameras so they don't have any access in/out to the Internet. Then you have your NVR with secure access in for viewing videos.

The Wiki has a great article on this:
 
Typically the NVR will need internet access in order to facilitate sending alerts. It is taken for granted by many of us that a Chinese NVR is just as vulnerable, just as likely to contain backdoors or spyware, as a Chinese camera. But at some point you need to accept some risk if you want to use the internet.

There are a few ways a very tech-literate person could get alerts sent without giving cameras or the NVR access to the whole internet. For example if you only cared about email alerts, you could let the NVR use a local SMTP server or SMTP relay but otherwise block the internet.

It is common for many of us to use no hardware NVR product at all, instead using a PC-based NVR software like Blue Iris that we trust more to not have backdoors or a spying agenda. Then it is relatively easy to put all the cameras on their own isolated physical LAN or VLAN without internet access, but let the PC-based NVR access the internet as well as the isolated camera LAN.
 
Last edited:
The isolation of the Cameras, or of the network of cameras from the Internet is certainly important.
On the other hand, the notion of alert or anything like that can (must) get out of this protected bubble.

Being connected to the internet is a "vague" notion, we must not reason by globalizing "internet", there is what "enters" and what "exits".

An Alert (which should warn you) is only outgoing.
On the same machine (computer or other) it is possible to "let" out a training course for the Internet, but also to completely partition everything that could enter.

It is necessary to reason in integrand these notions, that allows more possibility.

It is also possible to "send" these "alerts" to a local machine which may have less risk since it is not integrated into the camera network and who will relay this alert to you

A.D
 
Last edited:
Having your cameras or even NVR having access to 'the internet' is generaly a bad idea.

They are little computers at the end of the day, and not always the most up to date and secure ones. So if somone can access and take over a camera, they can then use that to move sidways to your other devices on your network, e.g. laptop, desktop, whatever you do internet banking on etc.

The most secure way is to have a VPN into your home network.

You can do this with some more 'advanced' routers, or you can run a software app that will do this.

So, you have your system on your home network, but there is no way of accessing it from 'the internet'.
You then connect a VPN from your mobile/laptop whatever to your home network
your mobile/laptop now 'thinks' it's inside your home network, just like when you're on home wifi
now you can view video etc.

As for alerts, that's a whole other thing. Probably need a 3rd party app to proxy the alert to SMS/Whataapp or whatever you like.
 
  • Like
Reactions: bigredfish
Oh, when I say VPN, I suppose we should be a bit clearer.

I mean your own VPN SERVER in your own network. You can use hardware or software for this. I use a Ubiquiti Dream Machine, but you can use anything, some pro-sumer routers support this.
 
An update and some more clarifications:
  • ended up getting a dahua NVR. (My old machine is unable to run blue iris)
  • some camera locations have changed; getting 6 cameras for now.

Clarifications:
1. Do I need a separate computer to act as the ntp server / firewall or can the router do this ?

camaras --> (poe switch) <--> nvr
|
router w/ openvpn --> (do i need a computer here for ntp server / firewall software ? ) --> (internet provider modem/router) <--->internet

2. In above setup, how do i prevent the cameras from access to the internet while allowing nvr through when nvr have only 1 network card ? Through Firewall / router filter settings?

Thanks!

Regards,
Gilbert
 
Found the discussions about this in the forums. Is this correct ?
cameras
|
(poe switch) <---> nvr (use ntp here ?)
|
router w/ ddwrt (firewall) w/ openvpn
|
wireless router (internet access point) (is this needed or do i just connect the internet model to the router w/ ddrt ?)
|
internet
 
Usually...

cameras
|
(poe switch) <---> nvr (use ntp here ?) and wireless router (serving as internet access point)
|
router w/ ddwrt (firewall) w/ openvpn
|
internet
 
Some updates:

I ended up w/ dahua nvr/cameras and an old edgerouter. However,

  • I could not get openvpn to work because i don't have a static ip. I don't have fiber internet (so no static IP and probably using cgnat). With cgnat, I don't think I can use dynamic dns (?)
  • I tried zerotier but could not get it to run w/ edgerouter.
  • I got tailscale to work so i now have a working static ip and public hostname that I used to set up openvpn in edgerouter. However, the tailscale client disconnects every time i start the openvpn client. They don't want to run a the same time.

Question1: I ended up w/ just tailscale, but no openvpn (I'm able to access the nvr/live video remotely). Is this secure enough or is it risky ? I'm still using edgerouter w/ some rules that i copied from an ipcamtalk forum but it does not block access to the nvr from any device that is already in the tailscale network.

Question2: I tried accessing from the nvr from the browser but,
  • there is no sound when using a browser (?) (sound is ok when using the nvr)
  • is there no search feature to check old recordings when using a browser ?

Question3: I tried dmss app. Is it 'safe' to use ? (it required entering of my nvr credentials)

Question4: I can't seem to get the nvr to send emails. I read that gmail is no longer using application password so i can't use it anymore. I tried yahoo but tests also fail. I can't seem to ping the smtp server (smtp.mail.yahoo.com). Are there alternatives/ instructions to get this to work ?

Thanks!

Regards,
Gilbert
 
Last edited:
I wondering if it’s possible to run smartPSS on a PC and use ZeroTier to remote into the nvr via DMSS app? I personally run blue iris on a PC using ZeroTier to remote into cameras. But am curious to know if you could do the same using smartPSS on a PC the same way. ?
 
I run smartPSS on a micro PC at home, then remote into it using Team Viewer. Works a whole lot better for me than running smartPSS on a remote machine, plus the remote machine doesn't have to be running windows. I can access the cameras through this same mechanism but over a few years haven't had the need to.