Exposing Cameras to Internet

[tripnotics]

I know it's been recommend to NOT open/forward the HTTP and RTSP port to the internet to view the cameras remotely, over the internet, for security reasons.

I was wondering if there was also a security risk when opening only the Server Port (Default is 8000) to the internet and using the iVMS-4500 mobile app? No VPN involved.

Thanks.

 

[nayr]

your camera runs a full blown operating system with no automatic updates and perhaps never any updates ever.. no its not safe, not at all.

iVMS-4500 will work perfectly fine on a VPN, whats your aversion to VPN? is it because its a tech acronym? ok then.. use a Virtual Private Network, less intimidating now?

If you work in corporate world and you need access to your email, you have to use VPN almost always.. so that means all sorts of completely tech illiterate users out there are capable of running it when they have to.. I think you should be able to manage it.

 

[tripnotics]

No aversion to it at all, but if something isn't necessary why do it? That's why I was asking the question. Thank you.

 

[nayr]

Using a VPN offloads all the external exposure to the VPN Server, which was hardened and designed to sit on the edge of a network and take all the abuses the internet has to offer.

Think of it is a bouncer at your club, any and all security issues in the software on your camera wont be accessible without making it through the bouncer first... and he is a f'n tank compared to that pansy ass camera.

Normally your firewall does this job, but when you open ports you are basically opening backdoors and windows for people to bypass the bouncer and the line at the gate... so gotta put guards at every entrance.

 

[Jack B Nimble]

Tried openvpn but, router is not wrt capable so they say i cant access router not sure if that is really important. I tried placing my camera ip in the bookmark area of open vpn on my vpn and only saw one camera which I assume was the first on port 80. I could not get any BI added as a bookmark as it seems anything with a different port wont open. Still would like a vpn but, finding it not that easy. So at moment no visible cameras to my Samsung 6 or outside of my local network for now. I opened a port for only one day and I got hit by a 24. ip trying to access my system thriugh my camera. I did get an email from camera and closed the port. So I will keep trying openvpn to get it working on BI as time permits. Nayr any thoughts ? I still have a few hun mb to use of thier free trial until I have to pay and I am willing to pay to be safer.

 

[nayr]

Nayr any thoughts ? I still have a few hun mb to use of thier free trial until I have to pay and I am willing to pay to be safer.

That right there is your problem, what are you doing paying? who is your trial from? this is all free.. you dont subscribe or pay anyone!

Sounds to me like your trying to use a Anonymous VPN Service that people use to watch netflix out of the country and download child porn... thats not even remotely close to what you want or need..

You have to run a VPN Server your self, dont pay someone else to do it.. its not gonna work.

 

[Jack B Nimble]

Lol , I'm paying nothing at moment just want easy to set up vpn server. That softerther you put me onto started to hurt my head. Asked me to join or share some world network with Japan students. Lol I will try again but I don't want to run a syndicate through my router. [Kidding] it Would not load the sites to pull ip-s from as I recall. I will give it another go and perhaps starting a thread on it.

 

[nayr]

softether was a mistake recommendation, I apologize for pointing people to it.. it appeared to be a better alternative to OpenVPN which has been stagnate for a while.. which it probably is, but its also trying to do a bunch of other shit, like the end all of all internet security, that just makes it too complicated for quick and easy deployment.

its got alot of really great features, just a bit too academic right now for most end users.. if you dont understand what your setting it up to do it could do more harm than good so I am now suggesting to avoid it unless you grasp it.

 

[SquareEyes]

I usually recommended running a router that can be flashed with Gargoyle
firmware. OpenVPN is natively supported and once set up, requires no ongoing confirmation of account details. It really is a set an forget solution.

Apart from native OpenVPN support, Gargoyle offers so much more for those who want granular control of their networks, unlike most off the shelf solutions.

Biggest plus is that Gargoyle and OpenVPN are free once you have a compatible router.

 

[Jack B Nimble]

i am running gargoyle flashed onto my router didnt add the vpn just the wifi.

 

[SquareEyes]

i am running gargoyle flashed onto my router didnt add the vpn just the wifi.

Do you need a hand getting it set up?

 

[Jack B Nimble]

perhaps as i have not hooked it up . My brother put gargoyle on it and when i asked him for vpn set up he said he did not put vpn in it ? perhaps he is wrong how would I check ?

 

[nayr]

its already there, you just have to go set it up.. http://www.gargoyle-router.com/wiki/doku.php?id=openvpn

you want the remote access type, just add users and go.. you most of the way there, you just didnt realize it.. its built into so many routers now days you have to try hard to get one without it, even my comcast provided modem has built in vpn server... COMCAST!!

 

[Jack B Nimble]

I am working on it now and it has vpn in it. Any suggestions for "free vpn ip" out there and I am not opposed to paying for one if I get this working. I heard PIA is a good VPN

 

[SquareEyes]

OpenVPN

If you have don't have a static IP address from your ISP (Internet Service Provider) you may need to configure Gargoyle to use a Dynamic DNS (DDNS) provider.

no-ip.com is a good free DDNS provider and Gargoyle will take care of keeping the account active.

You will find the "Dynamic DNS" settings on the left hand navigation pane, below the OpenVPN settings in Gargoyle.

 

[nayr]

what is free vpn ip? I think your back to paid vpn service again...

https://www.whatismyip.com/

 

[SquareEyes]

Edited my previous response to include Dynamic DNS info. Sounds like Jack may not have a static IP address.

These concepts can take a little time to get a hang of and some research is required to "visualise" the solution. I find it a bit difficult to say do this, then do that to get a working solution. However the keys are to get a "static" address (no-ip) and setup OpenVPN.

 

[Jack B Nimble]

OpenVPN

If you have don't have a static IP address from your ISP (Internet Service Provider) you may need to configure Gargoyle to use a Dynamic DNS (DDNS) provider.

no-ip.com is a good free DDNS provider and Gargoyle will take care of keeping the account active.

You will find the "Dynamic DNS" settings on the left hand navigation pane, below the OpenVPN settings in Gargoyle.

I have static ip

 

[Jack B Nimble]

what is free vpn ip? I think your back to paid vpn service again...

https://www.whatismyip.com/

lol

 

[nayr]

if you have a Routed Static IP just run OpenVPN Server on your router, add users and configure.. install OpenVPN Client on your phone, put in your routers IP, the user credentials you created on your router and hit connect.. wam you'll be back home on the LAN with all your LAN hosts with non-routable addresses (192.168.255.255, etc) will be reachable from across the internet.. it bridges all your traffic back home through your router, all the devices internet access will appear to come from home and not mobile networks when you are connected to VPN.

you might have to create a rule so your firewall will allow OpenVPN Server, or maby your router will do this for you.