I fully agree with your statement, but I do hope the logs you show are NOT from a device sitting in the network of your IPC/NVR. There is a reason why I have put all my IPC/NVR gear in a seperate vlan, which is not exposed to the internet. All hammering/port scanning on my WAN ports are trashed, and for sure not forwarded to the inner network. Even on my internal LAN, intervlan port scans are intercepted and trashed when they occur. Only specific IPs in specific vlans have routed access towards other vlans.
Easiest Way to Secure Camera System
- Thread starter scquestions
- Start date
I fully agree with your statement, but I do hope the logs you show are NOT from a device sitting in the network of your IPC/NVR. There is a reason why I have put all my IPC/NVR gear in a seperate vlan, which is not exposed to the internet. All hammering/port scanning on my WAN ports are trashed, and for sure not forwarded to the inner network. Even on my internal LAN, intervlan port scans are intercepted and trashed when they occur. Only specific IPs in specific vlans have routed access towards other vlans.
Mike A.
Known around here
- May 6, 2017
- 4,015
- 6,757
No way. Obviously WAN link and everything gets dropped at the door. That would be a nightmare if you had that going on inside of your net. lol
You know what you're doing and doing it right. A lot don't and think that you still can hide things behind high port numbers and/or they get frustrated here trying to get things working and take the easy way out. Wasn't tagging you in particular, just making the point to hopefully dissuade them. Used to be able to (kinda at least) get away with that. Not these days with all of the botnets and other automated scanning going on.
I didn't feel targetted, so no hard feelings. Indeed, even HTTPs shouldn't be exposed to the WAN side either. VPN is at least the correct reflex, vlans for the die hards ;-)
That was the issue!
Thank you!
Now I'm just looking for the best way to disable Internet access on the Blue Iris PC since disabling it through the router's interface messed up the VPN..
I'm assuming Method 3 is the best option. What do you think? How to Disable Internet Access
I just want to make sure it's as secure as possible, while still being able to access it via a VPN..
I would reverse your question: do you really want that your BI pc cannot access the internet? For example: with either methods, you eliminate the possibility to receive windows updates (unless you want to kill those too, and the downtime associated with it)? The use case that you want to block IP cams from going rogue on the internet, is something good. But the BI pc itself? Keep in mind that some of these methods would also kill the vpn connection you want to maintain to your BI pc!
For your records: ANY method on a local pc to "limit" functionalities (eg. firewall, gateways, ... ) are software "tricks" which, by all means, are not fool and fail proof. If you really want to block something, you have to do it on the network layer itself. Your current router might (or might not) be the bést solution for it, I exchanged my ASUS router (which was very handy until I wanted to mess with vlans), but now my core router is an ER-X from Ubiquity, which has all the whissles for vlans, different subnets, firewalling with decent rules, even deep packet inspection. One single rule has isolated my NVR (your BI server) from any illegal inbound & outbound access, except VPN from certain devices.
Hope this helps!
CC
I'd just like to be as secure as reasonably possible.
The PC has been running fine so I'm not worried about any updates.
The Asus router was suggested to me on here due to the easy VPN setup. When the Internet is blocked it still didn't allow me to access it via the VPN.
I'm just looking for the easiest and most secure way to disable Internet to the Blue Iris PC without purchasing anything else. That way I'm sure it's safe and I'll be able to view the footage remotely.
If your only concern is inbound connections to your BI pc, then Windows Firewall is enough (eg block ICMP's, remote desktop ports etc), only connectivity towards you BI console from INTERNAL lan ips. That would be my advice for your scenario.
Thank you.
Do you know of a good tutorial on how to do that? I'll open Windows Firewall and look around (already did a Google search).
This whole setup has been confusing but it's getting done one step at a time..
I'm not sure how to go about doing this.. I've tried to disable everything within Windows Firewall but then the cameras went out too..
I'd just like to view them remotely via OpenVPN with the Asus router without someone else being able to get in the system and view the footage..
Thanks!
SouthernYankee
IPCT Contributor
Provide a complete network diagram ?
Do you want to view the cameras on bi via the VPN ?
Or view the cameras directly via the VPN by passing BI?
Do you want to view the cameras on bi via the VPN ?
Or view the cameras directly via the VPN by passing BI?
I'd like to use the Blue Iris app to view.
Everything is connected to my Asus router that has OpenVPN support. Since Internet is blocked via the router it still won't let me view the cameras via the VPN although I'm able to log in the Asus router remotely.
SouthernYankee
IPCT Contributor
I missed something !
How are you trying to view the BI PC remotely ? with UI3 or the Cell phone BI APP ?
Why is the internet blocked on the router ? If the internet is blocked on the router You will never access the VPN ? None of the computers on your home network access the internet. None of the home cell phones use WIFI to access the internet.
Are you using ASUS for your DDNS service address resolution ?
On the asus router provide screen shots of
1) The main screen , Block out the last part of the WAN ID, Block out the first part of the DDNS.
2) VPN server, with the OPEN VPN server selected
Provide a complete network diagram !
How are you trying to view the BI PC remotely ? with UI3 or the Cell phone BI APP ?
Why is the internet blocked on the router ? If the internet is blocked on the router You will never access the VPN ? None of the computers on your home network access the internet. None of the home cell phones use WIFI to access the internet.
Are you using ASUS for your DDNS service address resolution ?
On the asus router provide screen shots of
1) The main screen , Block out the last part of the WAN ID, Block out the first part of the DDNS.
2) VPN server, with the OPEN VPN server selected
Provide a complete network diagram !
Here's a brief update..
I decided to enable Internet to the Blue Iris PC, and connect to it using both the Blue Iris app, and UI3, and neither worked. So, there's something still not right on the computer's end.
Then, I enabled Internet on one of the cameras, and was successfully able to view it via Tiny Cam Monitor Pro. I'm glad that worked, but I'm not happy that I had to allow the camera access to the Internet in order to view it using OpenVPN on my phone. I've now disabled Internet access to both the camera and the Blue Iris PC and am not sure what to do next.
DDNS is enabled but I'm not sure what to do with it.
It would have been so much easier just to keep Arlo Pro but the video quality just isn't as good.
Thanks!
Attachments
SouthernYankee
IPCT Contributor
Scquestions
You are completely confused on how things work. You configureation is a mess.
Let's start real simple. From in side your home on your local internet wifi. Using the phone app can you access bi?
What type of phone do you have apple, Android ?
What is your lan address of bi, what is the port number ?
Provide a screen shot from the phone of the bi app of the server login screen.
You are completely confused on how things work. You configureation is a mess.
Let's start real simple. From in side your home on your local internet wifi. Using the phone app can you access bi?
What type of phone do you have apple, Android ?
What is your lan address of bi, what is the port number ?
Provide a screen shot from the phone of the bi app of the server login screen.
Sorry. I'm trying but this is all really confusing to me.
I'm able to access Blue Iris using the app on my Android phone when on WiFi. That's working fine. The problem is trying to connect using OpenVPN when away from WiFi. It won't connect to the Blue Iris app even if Internet is enabled on the PC via the router.
@SouthernYankee is working with you so I won't get involved and complicate matters for you further but your DDNS situation will likely need to be addressed.
SouthernYankee
IPCT Contributor
YOU MUST ANSWER ALL QUESTIONS OR I WILL NOT BE ABLE TO HELP YOU.
read all post 5 times then do as It.
answer all question from above
------------------------------------------------------------------
You will need to create a ddns with Asus.
Login to the Asus router
Click wan on the left
Click the ddns tab
Enable ddns client
Server www.asus.com
A host name make something up , something unique, write it down.
Write down... Your hostname.asuscomm.com
... You now have a ddns server configuered.
let me know when this is done. post a screen shot.... Black out the host name before posting
read all post 5 times then do as It.
answer all question from above
------------------------------------------------------------------
You will need to create a ddns with Asus.
Login to the Asus router
Click wan on the left
Click the ddns tab
Enable ddns client
Server www.asus.com
A host name make something up , something unique, write it down.
Write down... Your hostname.asuscomm.com
... You now have a ddns server configuered.
let me know when this is done. post a screen shot.... Black out the host name before posting
Last edited:
SouthernYankee
IPCT Contributor