Looking for advice in locking down my system

bfollowell

Young grasshopper
Joined
Dec 11, 2015
Messages
59
Reaction score
17
Location
Evansville, IN
Currently, our camera setup includes a Hikvision DS-2CD2442FWD-IW in our great room and a cheap Foscam R4S monitoring the inside of our garage. They're both connected via ethernet and recorded through Blue Iris. I plan to start adding outdoor cameras soon, but that's what we have now.

A week or two ago, my wife swears she heard someone call her name through the Hikvision. I reviewed the footage, but I couldn't make much of anything out.

Now, just a few minutes ago, she was in the little closet under our stairs where I keep all of our network equipment and the little Blue Iris server. From the cheap little speaker in HP server, she distinctly heard someone say "Hey hot momma!"

I've never really done anything to secure our cameras and it looks like that needs to change ASAP. I guess the first thing I need to do is go in and change the access passwords for them, but I know there is more that I need to do. I mean, I know nothing is unhackable, but I want to do my due diligence to say I've done everything that I can do. So, that's why I'm here. Where do I start? What all should I do/look into?

Thanks.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
8,268
Reaction score
13,668
Location
USA
Since you are running Blue Iris, add a second Ethernet port to the computer and run the cameras into that. It is called a dual NIC system and is the cheapest way to get the cameras off the internet.

You need to get the cameras off the internet and off the router.
 
Joined
Dec 28, 2019
Messages
8,069
Reaction score
17,557
Location
New Jersey
The internet is a veritable sewer of hackers. You need to stop any P2P and port forwarding at your router. If you want to view/access your system from outside of your local LAN use a VPN.

VPN Information Thread
 

bfollowell

Young grasshopper
Joined
Dec 11, 2015
Messages
59
Reaction score
17
Location
Evansville, IN
Thanks Rob! Excellent information on the dual-NIC. I'd never thought of that or even heard of it, but that looks like it would be very helpful, and a great way to help keep things segregated. I've been planning to pickup a POE switch soon, before I start picking up my outdoor cameras, so this gives me a lot to read up on and learn.
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
8,343
Reaction score
9,836
Currently, our camera setup includes a Hikvision DS-2CD2442FWD-IW in our great room and a cheap Foscam R4S monitoring the inside of our garage. They're both connected via ethernet and recorded through Blue Iris. I plan to start adding outdoor cameras soon, but that's what we have now.

A week or two ago, my wife swears she heard someone call her name through the Hikvision. I reviewed the footage, but I couldn't make much of anything out.

Now, just a few minutes ago, she was in the little closet under our stairs where I keep all of our network equipment and the little Blue Iris server. From the cheap little speaker in HP server, she distinctly heard someone say "Hey hot momma!"

I've never really done anything to secure our cameras and it looks like that needs to change ASAP. I guess the first thing I need to do is go in and change the access passwords for them, but I know there is more that I need to do. I mean, I know nothing is unhackable, but I want to do my due diligence to say I've done everything that I can do. So, that's why I'm here. Where do I start? What all should I do/look into?

Thanks.
Hi @bfollowell

Time to review the security settings of your router ..

If you do not have a good router, time to upgrade ..
 

bfollowell

Young grasshopper
Joined
Dec 11, 2015
Messages
59
Reaction score
17
Location
Evansville, IN
Hi @bfollowell

Time to review the security settings of your router ..

If you do not have a good router, time to upgrade ..
I have a Linksys WRT3200ACM router and my wi-fi extender is a TP-Link AC1750 WiFi Extender. I think they're both very capable and relatively secure, assuming I have things setup well. I'm certain I'm past due to review the security settings of both, as well as making certain their firmware is up-do-date though. If there's any deficiencies, I'm fairly certain that they're me, and not the equipment.

Thanks for the advice.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
1,550
Reaction score
1,801
Something's not right if you have people accessing your cams. How do you view your cams remotely?

If you've not updated the firmware on the cams, then should do that too. There have be a few exploits of Hikvision and Foscam discovered since those cams came out. e.g.:


Another possibility is someone accessing your WiFi locally I suppose.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
34,640
Reaction score
15,674
You either port forwarded your cameras yourself or you have upnp enabled on your cams which is providing the entire internet with direct access to your cameras. Password is irrelevant as there are many hacks/backdoors particular on unpatched older cams. As others have said take them off the net. For now, simply disabling upnp on BOTH the camera and router and disabling any port forwarding for the cams should stop the creeps.
 

Rob2020

Getting comfortable
Joined
Oct 2, 2020
Messages
550
Reaction score
1,400
Location
OR USA
Thanks Rob! Excellent information on the dual-NIC. I'd never thought of that or even heard of it, but that looks like it would be very helpful, and a great way to help keep things segregated. I've been planning to pickup a POE switch soon, before I start picking up my outdoor cameras, so this gives me a lot to read up on and learn.
It is actually pretty easy.

In simplest form, buy a spare NIC card, drop it in your PC in a spare PCIe slot, configure properly using the guidance on this site.

There are some really good diagrams on this site which makes it even easier to get the correct hookup.
 

NightLife

Getting comfortable
Joined
Sep 10, 2021
Messages
354
Reaction score
728
Location
Canada
That is creepy as hell!


How large an attack surface does your network have? What else is vulnerable? What else has been potentially become an attack vector already?


You may have work to do, beyond just keeping cameras off the web.
 
Top