So I have 8 cameras linked to an NVR, and access the cameras via iDMSS Plus.
Which means the NVR needs internet access and is linked to the router.
What fairly simple steps do I need to take to minimize risk? I'm no expert on networks etc, so need suggestions that are simple and logical. Thanks in advance.
I would advise setting it up with vpn server on your router, and blocking nvr and cameras from connecting to outside via firewall. Asus routers with Merlin firmware should provide both funcionalities, at least consumer mid level and upwards. I do it this way at home. Asus router with OpenVPN server. If you don't have static IP address or that location, then you would also need to setup dynamic dns service which would provide updating your external IP address when it changes. For versatile firewall on Asus routers with Merlin firmware I would advise Skynet addon/script. Skynet has builtin option for blocking your home IOT devices via IP addresses from conecting to anything outside of your home network, and at the same time it allows for contacting and viewing your cameras through VPN from any outside network.
Setting up a vpn and dynamic dns has been discussed multiple times and there are many tutorials so there is no need to to write it all here. Can easily be found via google. But if you encounter some specific issues in setting it up feel free to ask for advice.
Steps for setting it up:
1. router with vpn ability (openvpn preferably)
2. set dynamic dns service on router if you don't have static ip (WAN) external address, verify that dynamic dns service updates your external IP address when it changes
3. setup vpn server on router, generate and export config for clients to connect to
4. install vpn client software on any device that needs to access cameras from outside (mobile phone, laptop etc...)
5. import vpn configuration to that vpn client, with special care regarding dynamic dns hostname
6. connect to your home network from outside network via vpn from remote device (mobile phone, laptop...)
7. connect to your nvr/cameras via their local IP addresses via DMSS
VPN connection needs to be established or you to be able to access your home network and devices.
For blocking cameras and NVR from contacting internet on Asus routers, I recommend having Merlin firmware, adding USB stick to its usb port permanently and installing AMTM script to it, which then enables you to easily install Skynet firewall and few other neat addons.
In Skynet you can then go to settings and there is submenu or blocking IOT devices. There you add ip addresses of your nvr and cameras.
Of course, you can do many of similar things on other routers and firmwares, but I'm somewhat familiar with Asus and Skynet, also Tomato and Advanced Tomato, and consider it rather well documented on internet, with plenty of guides. And it's rather simple to do, with most of the steps doable via graphical user interface.
.
Best $59 I ever spent.