How to Secure Your Network
Many camera networks are insecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks.
No Port Forwarding
Perhaps the most important rule of securing a computer network is to not forward ports to insecure services. I can put it no better than forum member nayr
did in his "VPN Primer for Noobs
The internet is a force of nature; no video surveillance system made was designed to be exposed to those forces.. NEVER FORWARD PORTS to your NVR or Cameras, doing such things not only exposes you to severe security problems, but everyone else on the internet too.. Hackers dont want your video feeds, they want an always on linux box with decent internet connectivity that can be used to attack targets on the internet.. they want to turn your camera into a weapon of mass destruction.
I know it is often the most convenient way to facilitate remote access, but it is a bad idea. Don't forward ports.
Turn off UPnP
UPnP (Universal Plug and Play) is a "feature" found in routers which enables any device on your network to forward ports to itself without your explicit consent or knowledge. Find it and turn it off.
Turn it off in your router. Turn it off in your modem. Turn it off in your NVR and in your IP cameras. Turn off UPnP wherever you find it.
Use a VPN
When you need to remotely access your NVR or cameras, use a VPN (Virtual Private Network). A VPN provides secure access control and encrypts all the network traffic it carries, making it ideal for accessing insecure services like video surveillance systems.
Many routers have VPN server functionality built-in. Asus routers, for example, are well-known for having built-in OpenVPN servers.
Again, I refer to the VPN Primer for Noobs