How secure is my system?

[Cor]

Helllo all,

Reading the VPN primer for noobs and also some other threads about security , I am wondering how "secure " my system is. If someone really takes a huge amount of effort wanting to watch my Cameras , so be it. But too easy , for bots , and using via my blue iris machine my Cameras to do other stuff on the internet , that would be bad!


-I have about 12 Hikvision and Dahua Cameras, all fed into a "dedicated" blue iris computer. On all Cameras , all options to remotely connect are disabled.
-My blue iris Machine: I have forwarded port 84
-Since I don't have a fix IP adress , I use Free Dynamic DNS - Managed DNS - Managed Email - Domain Registration - No-IP
-Also on this machine I run a programm from "privat internet acces" Anonymous VPN Service From The Leaders | Private Internet Access a paid vpn service.
-My brother in law installed between my modem and network a router and installed on that one "opwrt" for being able to make static Ip adresses on my network and also use a firewall.

Is this paid VPN service and firewall enough, of is my system open wide for anyone?

Thanks,
Cor

 

[fenderman]

Helllo all,

Reading the VPN primer for noobs and also some other threads about security , I am wondering how "secure " my system is. If someone really takes a huge amount of effort wanting to watch my Cameras , so be it. But too easy , for bots , and using via my blue iris machine my Cameras to do other stuff on the internet , that would be bad!


-I have about 12 Hikvision and Dahua Cameras, all fed into a "dedicated" blue iris computer. On all Cameras , all options to remotely connect are disabled.
-My blue iris Machine: I have forwarded port 84
-Since I don't have a fix IP adress , I use Free Dynamic DNS - Managed DNS - Managed Email - Domain Registration - No-IP
-Also on this machine I run a programm from "privat internet acces" Anonymous VPN Service From The Leaders | Private Internet Access a paid vpn service.
-My brother in law installed between my modem and network a router and installed on that one "opwrt" for being able to make static Ip adresses on my network and also use a firewall.

Is this paid VPN service and firewall enough, of is my system open wide for anyone?

Thanks,
Cor

the vpn service you have is a waste of money and does nothing for you...

 

[Cor]

@fenderman ; Ah ha , I started this Private internet service because I was downloading stuff , which was not entirely legal. So for Blue iris this has absolutely no use?
And what about that firewall with openwrt , does that do anything?

Getting a bit scared now with all those threads popping up about the securtiy of a system with blue iris and port fowarding.

Thanks,
Cor

 

[fenderman]

@fenderman ; Ah ha , I started this Private internet service because I was downloading stuff , which was not entirely legal. So for Blue iris this has absolutely no use?
And what about that firewall with openwrt , does that do anything?

Getting a bit scared now with all those threads popping up about the securtiy of a system with blue iris and port fowarding.

Thanks,
Cor

Any port forwarding blue iris included will be probed... there is no indication that there is a vulnerability rather it appears as though some other device is exposing user names and passwords...

 

[Cor]

Yep , I just read that thread about the difference between connection and actually logging in ..... that is good to know. But still , when I have portfowarded a port and with this openwrt firewall. Is my system secure , or do I have to do much much more? And not only for people viewing video, but using my system to use other devices on my network.

Thanks,
Cor

 

[fenderman]

Yep , I just read that thread about the difference between connection and actually logging in ..... that is good to know. But still , when I have portfowarded a port and with this openwrt firewall. Is my system secure , or do I have to do much much more? And not only for people viewing video, but using my system to use other devices on my network.

Thanks,
Cor

Port forwarding is punching a hole in your firewall. So you're as secure as the bi server is.... There's always a possibility of a vulnerability...

 

[Cor]

With a small vulnerability I can live , as long as it is now wide open.

So is the Bi server secure? DO I need to worry?


Thanks,
Cor

 

[fenderman]

With a small vulnerability I can live , as long as it is now wide open.

So is the Bi server secure? DO I need to worry?


Thanks,
Cor

There is no known vulnerabilities that I'm aware of but that doesn't mean that they don't exist... VPN is the most secure way of doing this

 

[Cor]

ah ha , I see.
Do I understand it correctly , even if the port is open , it doesn't mean "your computer/network" is open. It will only be a problem when someone actually can logon with blue iris credentials and than do bad things?

Cor

 

[Mike A.]

ah ha , I see.
Do I understand it correctly , even if the port is open , it doesn't mean "your computer/network" is open. It will only be a problem when someone actually can logon with blue iris credentials and than do bad things?

Cor

Not exactly. With the port open and not otherwise restricted in some way, your router is able to accept unrequested incoming network traffic on that port. So beyond someone being able to log in to BI with credentials as normal, it's also subject to whatever vulnerabilities may exist regardless whether they log in. Which probably is the more common way that things are exploited. e.g., If there's some flaw in the underlying HTTP server or some other component that's used, then they may be able to leverage that to do a variety of other 'bad things.'

 

[aristobrat]

@fenderman ; Ah ha , I started this Private internet service because I was downloading stuff , which was not entirely legal. So for Blue iris this has absolutely no use?

The PIA VPN service you have only tunnels traffic that starts from your computer.

With Blue Iris and port-forwarding, the traffic always starts on other people's computers. The PIA VPN service you have doesn't even see it.

All of that being said, with as many people running Blue Iris as there is, if there's ever a security issue where folks are getting in (who shouldn't be getting in), you can bet the forums here will be busy discussing it. So far, I've yet to see that happen.