How to Protect my IP Camera from The Internet ?

edmscan · Jul 13, 2016

I would like to find out from 'the IP Camera experts' on what I can do to protect my camera (and obviously the resulting data) .. from outsiders.

I do not want my camera to be accessible from the internet / smartphone etc at all .. I have no need to access it outside my residence and it is 100% for security purposes. I am pretty computer capable just want some advice. I do not know much about IP cameras to be honest. :redface-new:

How can I protect myself .. ? I have a Hikvision ds-2cd2432f-iw-2.8mm

Q™ · Jul 13, 2016

If you want to protect your camera from the Internet then simply don't plug it into the internet; segregate it from the Internet.

edmscan · Jul 13, 2016

I only want it accessible from one pc .. which is of course connected to the internet. No getting around that. I am not using an NVR or anything. I just have the camera and there will not be an SD card in the camera. I need the recordings to be sent to my pc only and be able to view the camera from that pc.

The camera is going to be plugged into my router .. and thus my home network.

fenderman · Jul 13, 2016

edmscan said:
I only want it accessible from one pc .. which is of course connected to the internet. No getting around that. I am not using an NVR or anything. I just have the camera and there will not be an SD card in the camera. I need the recordings to be sent to my pc only and be able to view the camera from that pc.

The camera is going to be plugged into my router .. and thus my home network.

disable upnp in the camera and your router and platform access in the camera.

Q™ · Jul 13, 2016

And don't forget to integrate standards-compliant web services in order to generate proactive applications.

edmscan · Jul 13, 2016

fenderman said:
disable upnp in the camera and your router and platform access in the camera.

Thank you .. I do not have the camera yet, but soon.

nayr · Jul 14, 2016

also look on your router and see if you can setup firewall rules to block your cameras, usually good routers have a host-group you can add a list of hosts too.. then you add a rule at the top that simply drops all packets too and from that group.. usually 2 separate rules, one for inbound and one for outbound.

another option is to configure your cameras's IP's manually, and omit a gateway.. without it they wont connect to your router and gain internet.. Disabling uPNP is always recommended, but if they can make an outbound internet connection they can drill holes through your NAT via Reverse tunneling.. many do just this.

you'll want to consider running a local time server (NTP) on an always-on computer, so your cameras can maintain network time w/out any internet access.. or create a specific rule to allow your cameras to connect to a specific external server and put it higher than your block everything rule.

If you want remote access use a VPN Server on your router and a VPN Client on your phone/laptop/tablet.. your cameras will need a gateway configured for VPN to work if you tried to avoid firewall rules.

edmscan · Jul 14, 2016

nayr said:
also look on your router and see if you can setup firewall rules to block your cameras, usually good routers have a host-group you can add a list of hosts too.. then you add a rule at the top that simply drops all packets too and from that group.. usually 2 separate rules, one for inbound and one for outbound.

another option is to configure your cameras's IP's manually, and omit a gateway.. without it they wont connect to your router and gain internet.. Disabling uPNP is always recommended, but if they can make an outbound internet connection they can drill holes through your NAT via Reverse tunneling.. many do just this.

you'll want to consider running a local time server (NTP) on an always-on computer, so your cameras can maintain network time w/out any internet access.. or create a specific rule to allow your cameras to connect to a specific external server and put it higher than your block everything rule.

If you want remote access use a VPN Server on your router and a VPN Client on your phone/laptop/tablet.. your cameras will need a gateway configured for VPN to work if you tried to avoid firewall rules.

Thank you .. I am buying a new router today. It is overdue .. this is just one more reason to do it. I have 2 networking guru friends that can likely help me if needed.

PSPCommOp · Jul 14, 2016

fenderman said:
disable upnp in the camera and your router and platform access in the camera.

I've read this a few times. What exactly does this allow if left enabled?

Q™ · Jul 14, 2016

PSPCommOp said:
I've read this a few times. What exactly does this allow if left enabled?

It allows UPNP capable devices inside your network (on your LAN) to open firewall ports on their own. Insane? Y E S !

PSPCommOp · Jul 14, 2016

Q2U said:
It allows UPNP capable devices inside your network (on your LAN) to open firewall ports on their own. Insane? Y E S !

Damn. Is it possible to lock down a router from doing this?

Q™ · Jul 14, 2016

fenderman said:
disable upnp in the camera and your router and platform access in the camera.

FenderBender told you what you need to do bro.

PSPCommOp · Jul 15, 2016

Sorry i read it too quick and just saw the camera. Thanks!

Travieso · Jul 15, 2016

since we are on the subject about this, by disabling UPNP will that create any issues with the NVR or your Network, I usually monitor live streaming with IVMS Software on my windows 7 pc and my main Tablet, will this cause any affect? and logged in via VPN while im away from home. I've been thinking about this.

Search

Search

How to Protect my IP Camera from The Internet ?

edmscan

n3wb

Q™

edmscan

n3wb

fenderman

Q™

edmscan

n3wb

nayr

edmscan

n3wb

PSPCommOp

Getting the hang of it

Q™

PSPCommOp

Getting the hang of it

Q™

PSPCommOp

Getting the hang of it

Travieso

Getting the hang of it