Hik-Connect, trying to understand the security aspect (or lack there of).... and use of it VS iVMS

obqo

Young grasshopper
Joined
Oct 10, 2015
Messages
75
Reaction score
16
Hi, I have been looking into Hik-Connect and other remote access options.

Hik-Connect has been billed as a "more secure" method to access devices. Perhaps I am getting the "more secure" impression from Hik's marketing and I am simply brainwashed. Either way, I am wondering if this is simply not true, or I don't understand how it works. It appears the port 80 (http) and 8000 (server) still need to be forwarded and open to the outside world. You can turn on UPnP or set it manually. As a general rule I do not run UPnP routers. So it must be done manually in my case. I suppose if you just want to use the Hik-Connect app to view the cameras you do not need to forward 80 - only 8000.

I understand that in the setup you need to add the SN of the NVR to the account and create a verification code to be used when you add a device. I think this simply means other people using Hik-Connect can't access your devices. While nice - that is not really security from a port standpoint. More of an accounting/management tool right?

Is this just a glorified dynamic DNS service? I don't understand how this is any different that any other traditional port-forward that exposes ports to exploits. I can understand that it perhaps simplifies the ways users with multiple Hik can see all there devices and potentially connect to them, but I do not see how that is more secure.

If I am failing to understand this hik-connect service please let me know what I am missing. It is clear to me that a VPN is more secure option than that this. Perhaps the verification code necessary to enable the stream is a added layer of security, but if they can gain access to your devices via a port exploit the stream is secondary in my opinion. Others may disagree. VPN has its own issues, chief among them complexity and performance, but it is certainly more secure than open ports.

Also - is there a consensus which app is simpler for end users? iVMS 4500 or Hik-Connect for mobile users?

Thanks in advance for any/all help.
 

obqo

Young grasshopper
Joined
Oct 10, 2015
Messages
75
Reaction score
16
So this is becoming somewhat more clear, based on some new information I found on the interwebs.... therefore it must be true.

"However, if you want to use a browser on a PC/laptop/Mac when away from your system, then you cannot unfortunately do so via Hik-Connect. You will need to configure port forwarding on your router, and if you have a dynamic IP address from your ISP, then you will also need to set up a DDNS service with a provider such as No-IP. "

That statement makes sense to me.

So it does create an open TLS tunnel for port 8000 allowing the mobile iVMS-4500 to work without port-forwarding. This setup screen implies that it will tunnel 80 and 8090 as well.... that is what made me wonder what is going on.




It must need UPNP on at the router to make the NVR port 80 work - then you could hit the NVR remotely using Hik-Connect. If UPnP is off on the router no worky.

Short version - it works for the app, not the direct web GUI access of the NVR.

On the Hik-Connect VS iVMS 4500 for end users - there seems to be some debate. Could anyone quantify the reasons why you prefer Hi-Connect for end users - the top 2 or 3 things? Just trying to understand. I am looking specifically for ease of use to live view and playback, not necessarily about how easy it is to setup.

Thanks again for any feedback.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
you are at a security risk, accessing your cameras for the internet, by using uPNP and opening ports, is a very bad idea.
I strongly recommend setting up openVPN access to your network. There are a number of post on how do this, the easiest way is to use an ASUS router.
 

tradertim

Getting the hang of it
Joined
Jul 1, 2015
Messages
260
Reaction score
22
Hi. SouthernYankee is right.

I wrote one on implementation on my ASUS router as a VPN server.

I dont use Hik Vision as I havent yet understood the advantages. It maybe a tool for ma and pa users like some other manufacturers for ease of getting up and going.

I use DDNS via NoIP on the router. And a OpenVPN client and server on the router.

Connecting ivms is a 2 step process, connect via VPN, open IVMS. and its really not that bad.

Now dont mention all the other problems ive had keeping Push Notifications working lately where you will see a few Thread Posts from me asking for help/ experience.

With VPN server you can turn off all UpNP and Port forwarding. Pretty safe.

Theory is no device without the authentication cert embedded you create on the ASUS router can access your network.

Once you VPN in its logically like you are there in the 192.168.x.x private local network.

All your ivms data fill for cameras become direct local IP address e.g. 192.168.1.x.
 

Securame

Pulling my weight
Joined
Mar 25, 2014
Messages
664
Reaction score
214
Location
Barcelona, Spain
You do not need to open any ports at all if using Hik-connect. Only if you want to access your devices with web browser.

That said, of course it is more secure to have VPN access to your devices.
 
Top