Restricting Access to IP Cam

[tom_miles]

Hi,

Got a security like question for accessing an IP camera.

Got a camera setup on a Static IP and I want to make it as secure as possible. So I've thought about only allowing one IP to pass through the router. However, trying to access the camera from a device outside the camera's network, the IPs would be ever changing out and about, thus only allowing a single IP through the router pointless.

Anyone got any suggestions on making the IP camera secure in this way? Restricting access to the internet with the use of Firewalls, blocking unauthorized IP's while somehow turning a laptops dynamic WAN IP to some sort of static IP or hostname?

Thanks
Tom

 

[mlapaglia]

Use a VPN
VPN Primer for Noobs

 

[Fastb]

tom miles,

Welcome to the forum!

However, trying to access the camera from a device outside the camera's network, the IPs would be ever changing out and about

vpn for noobs will provide lotsa guidance. And a solution for your public ip changing, even though the cam has a static ip.

My ISP(comcast) rarely changes my external address. But a vpn makes all that moot.

Fastb

 

[randytsuch]

Are you worried about someone hacking into your camera's from outside?
Or that your camera's might try to send information out?

VPN's provide a secure way to access your camera's while you are not home, the VPN primer is very helpful to get started.
You need a DDNS service to take care of the changing IP problem. My router came with this service, but there are free and low cost DDNS services out there.

Finally, I just implemented VLANs to isolate my cameras from the rest of my network. With VLANs, the cameras can't access the internet, and no one from the outside can get at them. But it takes some special hardware, I used a managed switch, to make a VLAN.

Randy

 

[tom_miles]

Thanks for the responses!

Hacking into the camera from the outside was the concern.

The router does not support VPN out of the box, but from that great guide mlapaglia posted we can easily overcome that.

I had been speaking with NoIP regarding a DDNS, who advised me of their software running on our laptops which could resolve the users IP into a hostname. An idea from that was to allow the router on the camera's end to only accept that hostname, but from further research, I could only find information about setting DDNS on the cameras side and already having a static IP it felt a bit wasteful putting DDNS on. Hardly anything about using NoIP's Dynamic DNS Update Client. Unsure if anyone has had any experience with that?

The manufacturer (TrendNet) answered the same question, they suggested RDP to just add another level of security to pass through and join.me as solutions.

A more costly idea from management was using a Firewall which we agreed was a bit overkill and free Open Source firewalls likely to have a few security flaws.

The original idea was to have a hosting service, very few IP Camera hosting solutions had features to the camera controls (and a little expensive for what is needed), majority of those were simply web embedded players.

VPN makes a lot of sense, with regular password updates and encrypted data it would make access to the camera very difficult for those not allowed.

Wish I spoke to you guys sooner.

Thanks
Tom