How do I know if my setup is secure from outside intrusions? Aka hacking into camera?

[phoenixone]

Hi all,
I'm a bit new to IP cameras. I brought my system from Milkisbad back in April (awesome guy, awesome system ).
I'm curious if I have my system setup securely.

7 IP Turrets plugged into POE ports built into NVR
NVR plugged into Router.
Ports 80, 8000 and 8554 forwarded as per NVR instructions.
Enable UPnP unchecked
Can't enable HTTPS for some reason
Enable Virtual Hosts checked
Enable Telnet unchecked.

Thanks!

 

[milkisbad]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Actually you might want to use some random ports since the default ports are public information.

and change password !

 

[phoenixone]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Actually you might want to use some random ports since the default ports are public information.

and change password !

Thanks for helping out!
I changed the PW since I got the system. I should of mentioned that. :encouragement:
Should I also change the PW of the cameras as well?

Regarding Ports:
Should I change all the ports?
What random ports should I use?
Can I put any port # or are there certain port #'s that can be used?

Thanks!

 

[alastairstevenson]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Ports 80, 8000 and 8554 forwarded as per NVR instructions.

If you expose your NVR to the internet there is always a risk that an unwanted intrusion can occur.
By simply forwarding those ports - you are allowing any internet-connected device in the entire world to directly access your NVR.
Whether anyone can get in depends on their level of detailed knowledge of the NVR internals, and how many unfixed vulnerabilities it has that can be exploited.

You didn't mention what you did with all the user accounts and passwords.
If any are still at the default values, access would be easy indeed.

 

[phoenixone]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

You didn't mention what you did with all the user accounts and passwords.
If any are still at the default values, access would be easy indeed.

Thanks for helping as well!

I replied regarding my PW at the same time you posted your reply.

What can I do to make it harder for it to be exploited?

Thanks!

Edit: I figure the reason for forwarding the ports is to allow remote viewing via apps and browser.

 

[milkisbad]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Ports can be anything from 1025 - 65535

you might want to close the http port and then use the software/apps with only the server and rtsp port opened so people can't use browsers to get to your machine. .

 

[phoenixone]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Ports can be anything from 1025 - 65535

you might want to close the http port and then use the software/apps with only the server and rtsp port opened so people can't use browsers to get to your machine. .

Closing the HTTP port is not a bad idea! :lemo:

 

[alastairstevenson]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Just out of curiosity I ran a vulnerability scan against a DS-2CD2132F-IWS that has Hikvision-issued firmware V5.2.5 build 141201
There were 39 vulnerabilities in total found with the mix of plugins that I thought would be reasonable for a small embedded Linux device.
Of these, 7 were medium severity, one was high severity, with the remainder either low or info.
All of the medium or high severity vulnerabilities were communications related.
'Info' level vulnerabilities can be translated to a higher severity if they allow an attacker to focus more closely on the target by knowing something specific about it.

It's important to remember that this is a domestic / commercial IP camera and not a hardened security device subject to frequent updates to maintain a specific level of protection.
The number may seem high, but it's not actually that bad.
Nevertheless, on the basis that a chain is only as strong as its weakest link, it does underline the risk associated with exposing that link from your network (ie port-forwarding a camera for remote access over the internet) to external access.

 

[phoenixone]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

I guess I've done all I can in regards to security.

Thanks all!

 

[alastairstevenson]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Check this out if you haven't seen it already:
http://www.ipcamtalk.com/showthread.php/4527-Got-hacked-Network-Security-and-Port-Forwarding-question

 

[devastator]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

the most secure way would be to not expose any ports and to connect via a VPN, though I dont do this myself

 

[phoenixone]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Check this out if you haven't seen it already:
http://www.ipcamtalk.com/showthread.php/4527-Got-hacked-Network-Security-and-Port-Forwarding-question

VERY informative. I am going to research this a bit more and see how I can implement this with my set up.

 

[alastairstevenson]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

I ran the same vulnerability scan against my 7816N-E2/8P NVR and got quite a good result - 21 vulnerabilities total of which 2 were medium. And neither of those 2 are of any great significance, fairly obvious.
The NVR is running V3.0.8 build 140825 firmware, which being a little older does not support HTTPS, nor does it have the old 'Dropbear' SSH code of the cameras, both of which were the origin of most of the more significant vulnerabilities in the camera scan.
So actually not a very worrying result.
This may be different in the newer firmware, which has had a fair re-write plus additional features such as HTTPS. But that's another story ...

 

[MrFixit]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

I ran the same vulnerability scan against my 7816N-E2/8P NVR and got quite a good result - 21 vulnerabilities total of which 2 were medium. And neither of those 2 are of any great significance, fairly obvious.
The NVR is running V3.0.8 build 140825 firmware, which being a little older does not support HTTPS, nor does it have the old 'Dropbear' SSH code of the cameras, both of which were the origin of most of the more significant vulnerabilities in the camera scan.
So actually not a very worrying result.
This may be different in the newer firmware, which has had a fair re-write plus additional features such as HTTPS. But that's another story ...

What do you use for the vulnerability scan?

 

[corkangel76]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

I'd be curious as to the same question.

 

[OldStyle]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

It's a pain, but you could only forward the ports if you are out of town or if you really need to watch remotely for the day or for a few hours. Then, when back home, close the ports again.

 

[alastairstevenson]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

I used Nessus, gave it the credentials to use for SSH and telnet as well as the web login, left all the Linux-linked plugins active, removed windows and cloud-related plugins, and a few that were most unlikely to be useful.
And for good measure activated the 'risky' plugins ...

 

[nayr]

Re: How do I know if my setup is secure from outside intrusions? Aka hacking into cam

Run a VPN Service on your network (probably your router) and when you are on a remote network simply VPN back into your home network.. nothing is exposed to the internet except the VPN end-point and that's got alot more security and testing than any IPCamera.