Network Security Primer

On Smartphone security, noticed my new Moto G Play with Android 6 doesn't have any anti-virus programs on it. After reading online suggestions for AVG, Avast, Sophos, etc I ran across one site that said you didn't really need a third party app, because Google/android had an internal app virus checker. Is this correct? If not which anti-virus would you recommend? Hesitant about AVG Free because it's annoying on my PC. Something that works well without a bunch of pop-ups.
 
Ryan, what are your thoughts on the new garage door opener rolling code as well as smart home technology? In-spite of encryption, they can all still be easily compromised. What would you do in that situation?
 
Tie the garage door opener into your home automation system; disable its onboard radio by cutting the antenna off.. put a RFID Token on your dashboard and setup Automator to securely connect to your home automation system and open the garage when its triggered by the RFID token.
 
  • Like
Reactions: Arjun
nayr said:
Tie the garage door opener into your home automation system; disable its onboard radio by cutting the antenna off.. put a RFID Token on your dashboard and setup Automator to securely connect to your home automation system and open the garage when its triggered by the RFID token.
Click to expand...
Don't cut the antenna off. Just de-program the opener by holding the learn button as indicated in the instructions.
 
  • Like
Reactions: Arjun and nayr
nayr said:
I also want to point out I technically can get any of your guy's IP address very easy, all I would have to do is embed an image to this thread loaded off my webserver... and then when someone replies I can check the logs for that time and correlate what requests for that image came in at that time, and then direct a targeted attack at you.. ... could give them the information they need to know where you live, just GeoLocate IP to city, then search for streets/addresses on google streetview, then next thing you know swat teams are busting down your door because you pissed some lil prat on the internet off.
Click to expand...

Disconnect goes a long way towards keeping your IP/location/identity private
 
nayr said:
same can be said for wireless security sensors, I have a 5w handheld walkie talkie that can broadcast on the same frequencies most GE wireless sensors work on.. If I broadcast noise with that transmitter I am basically jamming out all the little 100mW security sensors for a mile or so.. not to mention my 50w HAM radio that if used nefariously could jam out all wireless sensors to the horizon.​
Click to expand...
While I prefer wired security system sensors (and most of mine are), Ademco Vista alarm systems can be programmed to alarm when RF jamming is detected. Of course a burglar or troll could just repeatedly set off the alarm from a block away until you get tired of paying for false responses or annoying the neighbors, and disable that feature...
 
I gave up on getting VLANs functioning with DD-WRT on a Linksys 1900WRT and went with a Peplink Pepwave Surf SOHO, which is an affordable ($199) commercial grade router that supports VLANs and VPNs. Setting up a VLAN on a router port was quite easy. Router Security (I have no relationship with Peplink, other than I paid full price for one of their routers.)
 
So when I run nmap on my router this is what I get...
Code: 
$ nmap 192.168.1.1

Starting Nmap 7.01 ( https://nmap.org ) at 2017-03-18 13:08 EDT
Nmap scan report for (192.168.1.1)
Host is up (0.0070s latency).
Not shown: 994 closed ports
PORT      STATE    SERVICE
53/tcp    open     domain
80/tcp    open     http
139/tcp   open     netbios-ssn
443/tcp   filtered https
445/tcp   open     microsoft-ds
10000/tcp open     snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 1.24 seconds

And I have a few questions about this. Some questions probably lean more towards Linux but I'm new to that as well as IPCameras.

On my router I've got UPnP disabled. I've got the parent controls set up to never allow Internet access to my cameras. I have one manual port forwarded, which is 1194 for my VPN server on my NAS.

My questions are...
1) why doesn't the 1194 port show up on the nmap output?
2) how can I close all the other open ports that it shows? When I go into the port forward section of my router (Linksys EA6350 - dd-wrt not available for this one) the only port it shows is 1194 which I manually opened. I would think the only ones I need open are 80, 443 and 1194.
3) I know while setting up my new 5231 starlight in gDMSS the port that is needed is 37777. Below is the nmap for one of my Dahua starlights...
Code: 
$ nmap 192.168.1.52

Starting Nmap 7.01 ( https://nmap.org ) at 2017-03-18 13:20 EDT
Nmap scan report for 192.168.1.52
Host is up (0.87s latency).
Not shown: 995 closed ports
PORT      STATE SERVICE
80/tcp    open  http
554/tcp   open  rtsp
3800/tcp  open  pwgpsi
5000/tcp  open  upnp
49152/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 1.16 seconds
This doesn't show 37777 at all which is a bit confusing.

Thank You
 
nmaping your router from inside the network is not much use; you need to be port mapping it externally.. as thats the direction attacks are going to come from.
 
  • Like
Reactions: alastairstevenson
Does having a poe nvr knock down some of the worry 'volume', by which instead of having (say) 8 cameras on your network, you instead have them on the separate nvr switch which in turn, only necessitates the nvr to be dealt with? Aside from the some drawbacks of a poe nvr, could this not be considered a benefit? Or am I I ass wrong, lol.
 
with switching based networks you typically have full speed between all ports at the same time.. adding more devices wont nessicarly add any extra traffic if they are all just talking to one device.. the NVR is the only thing that would see increased traffic loads.
 
I mean in terms of security vulnerability. Eight cameras not exposed, only one nvr. Or is that thinking wrong?
 
one is all it takes; You think they have the capability to write secure code but choose to only do it on the NVR? lol
 
I'm a networking nitwit, I admit. I looked for videos on setting up a vpn in a router on YouTube and virtually every one I found sucked. If anyone knows of a good one, share it. I understand best by video example, not reading. Nayr, if you are ever so inclined to make a video demo that would be very cool, especially since you can demonstrate it geared more towards us with security systems needs, and how we port forward our gear to the VPN. Think it's too ridiculously easy and not needed? Think again. I get lost with all things network and I hate creating problems for everyone else here in the house because I hosed the network by doing doing something wrong. It took me a while just to get a grip on port forwarding back when, lol.
 
my network would make your head explode; no cheap lil consumer device can do what I need.. sorry.
 
  • Like
Reactions: DavidDavid
nayr said:
my network would make your head explode; no cheap lil consumer device can do what I need.. sorry.
Click to expand...
Not that you probably care to share it... But I'd be pretty interested in a high level overview of your "home network". Just from the things I've picked up on in various threads, head exploding sounds like a good description haha.
 
You must log in or register to reply here.
Top Bottom