Securing a Lorex NVR

[Phoney6]

Hi all. I've read around on this forum a decent amount as a guest but never posted. I have a Lorex LNK7000 NVR and I'm having trouble securing it. If anyone has any advice I'd gladly accept . I've read through the "how to secure your network thread" and have disabled UPnP on my TP link router. I've also read the "VPN for noobs" thread and set up a VPN and am able to view live video when I am not connected to the network. However, what I have not been able to do is keep the NVR from phoning home to Lorex/FLIR. Any suggestions on how to bolck it from the internet while keeping is active on my LAN? The only way I've been able to keep it off the internet is to not specify a gateway on the NVR. This still allows me to see the NVR when I'm physically connected to the LAN but it prevents me from accessing it via VPN. Thanks!

 

[tangent]

Parental controls on your router or assigning invalid gateway/dns

 

[psnsfrg]

Check the firewall settings on your router. If you cannot block it on there a dedicated firewall between the NVR and router will work

 

[Aengus4h]

some routers allow you to redirect traffic to specific IP and/or domains and send them to a different IP, if yours does this then you can redirect that traffic back to something like the routers internal IP. Local DNS or similarly named feature.

Giving a invalid DNS to the NVR might work if its calling to a DNS name but not if its targetting a specific IP as that could bypass a DNS lookup anyway.

 

[Phoney6]

I guess my new router (tp link archer c2300) sucks. The parental controls try to be "simple" and they are not very configurable to my specific needs. Assigning an invalid gateway kills my VPN. So far it seems a dedicated firewall might be my only option

 

[MixManSC]

The only other trick I can think of would be to determine exactly who the OEM is for that NVR, then figure out the exact model, and then try to cross-flash it with OEM firmware. I don't think that model is Dahua though. I think I have narrowed some of the non-Dahua Lorex down to possibly being made by RaySharp.

 

[psnsfrg]

I guess my new router (tp link archer c2300) sucks. The parental controls try to be "simple" and they are not very configurable to my specific needs. Assigning an invalid gateway kills my VPN. So far it seems a dedicated firewall might be my only option

Check again. Some routers (including TP Link models) have advanced configuration options separate from the basic/simple configuration. There might be a link in the menu to switch to advanced configuration which will enable additional options for many of the features

 

[Phoney6]

Thanks. I've been all through the advanced settings. I'm no networking expert, so I've been trying to learn about everything in there. It gives the option to blacklist an ip, but that blocks both WAN and LAN. The parental controls are not very configurable. I tried to block specific websites and add "time restrictions" but the NVR seems to be able to get around those. They work if I use my pc ip for example but if I use my NVR ip I can still access my feed through their app when I'm not connected to my LAN. I can also see though the router's timeline that it is connecting to the sites I specifically blocked for it.