First entry into home IP cams

[tony22]

Hi everyone. I've been looking over the home IP cam scene for a while. My desire is to stay away from solutions with subscription based cloud storage (and access), so while I find the Nests and Netgears and other cams very clever and nice looking, I was looking as a guinea pig trial for something that had local storage, and ultimately could go to a local NVR.

After checking things out online (before I found this site, unfortunately) I decided to try the LaView PWF604 found on Amazon. It's on its way, but what I don't like (and which I found out only this morning) is this need to put my SSID and password into their system so I can use their software solution. Don't like that at all. I don't even broadcast my SSID, and now some system out there will have it on their server. I'm unfortunately in a bit of a time crunch as I need to set it up for use tonight (it will be arriving today). I guess I put myself in a corner, but my question is whether there is an indoor IP cam with local storage, good to excellent night vision capability, and remote access to both recorded and live stream that does not require sending any of me system information to some other server?

Unfortunately I don't have access to the Wiki from my work computer.

 

[mat200]

Welcome tony22,

Sounds like the actual location of the cliff notes document is blocked for you.
( It is a google doc - so that's what is probably blocked )

You can read my notes here:
Looking for some advice and direction!

There are some really good IP PoE cameras which have
1) Local onboard storage options ( microSD card based )
2) good to excellent low light performance ( Dahua OEM 2MP starlights are the preferred one for that here due to the price / performance value )
3) Remote access options - remember to setup a VPN, do not port forward.

Take some time to check out the cliff notes ( thanks to Giomania for creating those ) which I have attached here.

Remember to also check out the various reviews by members here.

 

[Aengus4h]

maybe worth adding too, don't open the camera and just arrange to return it as not suited to your requirement and put the funds to getting a better camera. As Mat says there's a number of LAN connected cameras out there which can record to local SD and then be added later to an NVR, at which time the SD card can be redeployed or can provide local buffer to assist the NVR should the LAN link drop at any time.

The starvis/starlight are great for indoor use too and I note they handle the variable lighting after nightfall extremely well even using less IR leds in the case of the cameras I have. Shadow areas are well detailed because the sensor is much more capable in low light. I went with generic starvis ones that support Hik/XM protocols as well as onvif and they work great with my Hik NVR, assume they would with dahua ones but not got one to try against. Main advice on here will be to go with branded tho, dahua, Hik and there's quite a few to avoid too.

 

[Aengus4h]

oh another thought if you are looking for indoor, check this thread out
ANNKE I61DR 2MP (Hikvision Cube Clone)

 

[tony22]

Thanks for the great info. I will look these things over. I did inbox the LaView just enough to read the instructions. It's a sort of general set, explaining how to connect either wirelessly or over Ethernet. Unfortunately this model has no physical Ethernet port, so it would need to be done over wireless. And that means entering my network info into their app and scanning some QR code.

I assume that makes this a non-starter?

 

[Aengus4h]

likely it port forwards and opens you to attack unless its P2P outbound, but either way how secure is your network and the view thru the camera...

 

[tony22]

My network is quite secure. No SSID broadcast, all unused ports blocked, Windows Firewall locked down. Every test I've done has me coming out clean (so far).

What troubles me is having to put my SSID and password into this app. With that information going off to some server in China. Am I being too paranoid?

 

[tony22]

Hmm, not a good sign for LaView...

Insecurity Cameras and Mobile Apps: Surveillance or Exposure?

 

[mat200]

Hmm, not a good sign for LaView...

Insecurity Cameras and Mobile Apps: Surveillance or Exposure?

Hi Tony22,

Numerous security issues w/IP cameras and IoT devices.

A lot of the LaView products are Hikvision OEM and thus share the same security holes, including the issue of default passwords.

Best to try and isolate them as much as possible and use a VPN if you need to remotely access any feed.

 

[SkyLake]

Disabling SSID broadcast will not add anything, except that other (standard) Windows OS's will not see the SSID in their Available Networks status. But with adding some extra software, and even a special wifi adapter / dongle, they popup in the list. Hackers will never use Windows, or they have to be rookies. So they use Linux or other sorts, and then most of the windows firewalls will go *hickup*

Blocking ports in modems / routers is a good start, but will defeat this options if you have set UPnP (Universal Plug and Play) to enabled, so that other hardware can set it ports it needs to open. So disable UPnP by any cost..

 

[tony22]

Yes, I'm pretty sure I remember doing that.

My system is still running XP Ultimate 64 bit. All these years and it's been quite reliable and secure. At least through the means I have to test it. I use Linux at work, so yes I understand.

Oh, my internal network at home is behind its own managed switch.

But I guess it's not worth keeping this little item.

 

[Aengus4h]

being behind a managed switch doesn't mean much really, a switch just passes packets along to whichever port the target MAC sits. You'd need a firewall/router to segregate traffic and block/allow traffic flow based on rules if you want things to be secure. Ideally you want to prevent the CCTV/IoT gear from having direct access to the outside world (WWW) via any means (p2p etc) and to limit access to those devices from outside via VPN only. Better still, segregate them onto their own LAN subnet either physically or using vlans so they also cannot access any of your other tech gear, that way should they be compromised in the future you reduce the chances of a spread into your home PC/server etc. Always best to keep attack profiles as minimal as possible and to consider that this applies equally to internal as well as external networks.

 

[tony22]

Thanks.

I think the LaView will be going back since now I have information and recommendations from the folks here. Even with doing all the VPN and segregation, I don't care for the step of having to enter my wireless password into their app and backend server.

 

[tony22]

Dropped off the LaView this morning for shipment back to Amazon.