Do you block Blue Iris from internet access?

C

camviewer43

Getting the hang of it
Mar 14, 2020
177
50
US
Wondering if you folks block Blue Iris from having internet access the same way you block your cameras. I only have my outdoor cameras on Blue Iris right now, but I don't access Blue Iris from the internet (no ports forwarded to BI and no https proxy, only VPN). But I haven't blocked Blue Iris from internet entirely. I'd like to also put my indoor camera (baby room) on Blue Iris for doing some recordings. Obviously a much more sensitive camera and thought I should do more to ensure BI isn't accessible from the internet at all. Wondering what other people do? Do you trust Blue Iris to not be sending camera footage to their cloud? And does BI work if it's entirely blocked from internet? Do you only need to have a time server setup and that's it?
 
Help file p.217
Although continuous Internet access is not required, the software either must be connected
to the Internet occasionally to check for updates and licensing, or the license must be re-
entered at least once each year using offline methods as the support and maintenance date
expires
 
  • Like
Reactions: Ssayer, sebastiantombs, looney2ns and 1 other person
I wouldn't worry about BI sending video out to the internet like that. I'd consider it enough security to simply not open a port for it through your router's firewall. And also make sure UPnP and NAT-PMP are disabled in your router since those are two systems that devices can use to open ports to themselves without your knowledge.

If you do want to prevent BI from accessing the internet altogether but still have the machine on the network so you can access via VPN, it should be sufficient to assign a static IPv4 address with no gateway, and disable the IPv6 protocol on the network interface.
 
  • Like
Reactions: Ssayer, fenderman, TonyR and 1 other person
My BI machine is 100% dedicated to running BI and nothing else. It's located in my "wiring closet" which is under a set of stairs. I actually have three machines in there (firewall, home automation/PBX phone machine, and BI) hooked up to a KVM switch in case I need to access the machine locally. Normally I access it via RDP however.

Personally I do allow my BI machine access to the internet. Not only does it make updates much easier, but I like to be able to use the local browser to search for things on the internet if I am having an issue, etc. Sure I could turn a firewall rule on and off when needed, but I really don't see the point. Cameras on the other hand are definitely blocked 100% of the time.
 
I block all my cameras from accessing the internet but let BI access the net for outgoing only and incoming connections are blocked. I run an asus AX88u router with merlin firmware and I have the openVPN server enabled. This allows me to connect to my local lan and access my BI server securely and privately through a VPN and also I can login to individual cameras if I want just like I was at home. I did it that way because in the logs I was seeing login attempts when I opened up a port for the BI webserver.
 
I like to use the phone app when I'm out and about, so have my BlueIris connected to the internet.
I have a house alarm that notifies me on my phone if something trips it and then can log into Blueiris and check cameras. If it happens to be my cat that triggered it, I can reset the alarm on the phone and carry on. :)
 
  • Like
Reactions: sebastiantombs
You must log in or register to reply here.
Top Bottom