Securing a Dahua NVR from local man in the middle attacks (not connected to internet)

letmein

n3wb
Joined
Nov 13, 2015
Messages
7
Reaction score
0
Is it possible to protect against someone who somehow accessses the local network? Like someone adding a route or eavesdropping on the connection from the IP cameras to NVR?

The NVR is not going to be connected to the internet because of security concernes, but how do you make sure the traffic from the ipcam to the nvr and once on the nvr, that it is not compromised? and that no-one can add a way to view the system from outside?
 

JET

n3wb
Joined
Dec 7, 2018
Messages
5
Reaction score
0
Location
Orlando
If the cameras are only connected to the NVR, then there would be no internet connection if you have it disabled in the NVR. I thought about this with my setup and I realized anyone with the know how to hack in to my system isn't going to want to be watching my house anyway.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,059
Reaction score
667
@letmein: if you want to be 200% sure that no-one can "sniff"/"evesdrop/switchport mirroring on your cams, then I suggest you buy a POE NVR and make direct (point to point) connections from the CAMs to the NVR. You immediately put an alarm on the connected cams (to detect unplugged cables) AND you put an alarm on the open ports (to detect an newly plugged device).

However, if security is your concern, I would put other measures in place (eg vlans, with mac address filtering, authentication and other tricks) to protect your REAL (internal) network - like @JET wrote, who is interested in viewing your camera footage anyway. Except if you put a weak password on your cams/nvr and your device gets hijacked.

Good luck!
CC
 
Top