VPN access without administrator rights

[sliding777]

I finally got my system to remote view. Im really happy, but I am still not using a VPN. I am using a forwarded port to my bi PC.
The wild card for me trying out a VPN is my work computer. I work offshore on a drill ship. We have terrible wifi that I can access with my devices, but it's bad. It cant load video.
I can use my office computer to remote into my bi pc. This is the first time I have tried it out here and it's not bad. I do not have admin rights on the office pc. I can't use the office network either as everything is managed through rignet or speedcast and everything is reported to Corp.
Is it possible to secure my nvr and still be able to access it out here? Im going to look into setting up stunnel so at least it's https.
Im using all Andy's cameras, bi, dyndns, and a usg.
From what fenderman mentioned in another post, BI is somewhat secure anyways right?
Thank you for any insight.

 

[tangent]

I do not have admin rights on the office pc. I can't use the office network either as everything is managed through rignet or speedcast and everything is reported to Corp.

Even if you could use a VPN the fact that you're opening a connection to your home ip address would still be visible to them. Don't let something like this land you in hot water.

Chrome remote desktop might be your best shot (not a vpn). If you could find a way to get a more reliable connection for your own devices that would be best. Are there any wired network jacks intended for use by personal devices?

If you do port forward and allow access without a vpn, it would be a good idea to restrict the ip addresses that are allowed to connect.

 

[sliding777]

They arent concerned with me accessing my nvr. They just dont let us change settings or load programs on the office PCs. It all has to go through helpdesk.
I dont think I can limit the IP addresses since my work IP will change or I may change assignments.
Is my BI pc vulnerable with the port open and onlyBI open. When I get home, I will try to get stunnel set up.
I planned on vpn to remove any concern about my port fwd, but now it looks like I just have to do the best I can without the vpn.
They keep the network locked down. We have personal wifi, but it is slow and managed with individual log ins.
Thanks for the reply.

 

[DLONG2]

When I first installed BI on my PC with a commercial router and port forwarding, it wasn't long before Turkey, Saudi Arabia and Vietnam were peering through my camera to see the driveway. That's when I decided to go with Ubiquiti USG and one of their PoE switches, and after some learning effort I finally got the VPN to work. This thread might help if you have a USG from Ubiquiti, too: BI, VPN and Unifi USG

 

[fenderman]

When I first installed BI on my PC with a commercial router and port forwarding, it wasn't long before Turkey, Saudi Arabia and Vietnam were peering through my camera to see the driveway. That's when I decided to go with Ubiquiti USG and one of their PoE switches, and after some learning effort I finally got the VPN to work. This thread might help if you have a USG from Ubiquiti, too: BI, VPN and Unifi USG

to clarify, if anyone accessed your cameras it was because you port forwarded the cameras or failed to disable upnp, not because they gained access to your BI system.

 

[sliding777]

Hi fenderman. So does bi with upnp disabled offer enough security to protect my cameras?
I do want to get stunnel up to protect my video feed and from what I understand, the log in handshake. But my initial assumptions of doing a vpn to secure as best as possible are not going to work. So I'm trying to understand my vulnerabilities.

 

[DLONG2]

to clarify, if anyone accessed your cameras it was because you port forwarded the cameras or failed to disable upnp, not because they gained access to your BI system.

Oddly, I saw the BI logins in the Status window being used by foreign IPs. There was only one LAN in the home, PC's, wi-fi devices and cameras were all together. That was when I decided to invest in better equipment and to segment the devices into various VLANs. I thought at the time it occurred because of a Roku camera app I was using.

 

[fenderman]

Oddly, I saw the BI logins in the Status window being used by foreign IPs. There was only one LAN in the home, PC's, wi-fi devices and cameras were all together. That was when I decided to invest in better equipment and to segment the devices into various VLANs. I thought at the time it occurred because of a Roku camera app I was using.

That does not mean someone gained access to the system. All that means is that someone probed that port. That is perfectly normal behavior for a port that is open. Your vpn is being probed the same way.