Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
21535 posts

Uber Geek
+1 received by user: 4388

Trusted
Subscriber

  Reply # 1635934 19-Sep-2016 15:41
Send private message

Adamww:

 

one I guess.  I think the bigger risk today is still the dumb burglar that will throw a brick through a window and grab what they can even with the alarm screaming and  cameras recording.  It's probably unlikely there are many burglars in NZ that are interested and smart enough to hack my network & IP devices to disable my alarm.  If someone was smart and hacked my cameras they could put a pic of my dick on the interweb but there is probably not too much reward in that...

 

 

The risk isnt from burgulars, the risk is you are compromised and then either your PCs are attacked, by intercepring your browsing or similar, or your gear is used as a piviot for someone doing something evil to someone else that matters.





Richard rich.ms

27146 posts

Uber Geek
+1 received by user: 6579

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1635957 19-Sep-2016 16:36
Send private message

Adamww:

 

Adamww:

 

My cameras are not directly accessable on my LAN, they connect to a NVR. 

 

 

 

 

Correcting myself here.  My cameras are not IP at all.  They are analog HDCVI.  DVR still has a port forwarded though.

 

 

As somebody who's been using Dahua gear for years I'd never even contemplate a port forward opening a NVR up to the Internet. They've had plenty of major exploits.

 

Port 37777 isn't as bad as opening port 80 but there is plenty you can do when the NVR is wide open.

 

 

 

 

 

 


27146 posts

Uber Geek
+1 received by user: 6579

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1635959 19-Sep-2016 16:40
One person supports this post
Send private message

Adamww:

 

  If someone was smart and hacked my cameras they could put a pic of my dick on the interweb but there is probably not too much reward in that...

 

 

 

They wouldn't do that. They would hack your DVR and use it for bit coin mining, DDOS attacks and/or DNS amplifications attacks.

 

 




48 posts

Geek
+1 received by user: 6


  Reply # 1635973 19-Sep-2016 17:49
Send private message

sbiddle:

 

As somebody who's been using Dahua gear for years I'd never even contemplate a port forward opening a NVR up to the Internet. They've had plenty of major exploits.

 

Port 37777 isn't as bad as opening port 80 but there is plenty you can do when the NVR is wide open.

 

 

 

 

I'm would welcome some advice if you can simplify it enough that my mechanical engineering level can understand.  My networking knowledge should be good enough for a home user.  I already use a random port number in the DVR - not the defaults and have a strong user/password.  I have all of the DDNS and email alerts etc turned off in the DVR software.  My router is just consumer level device HG659?  Do you have any suggested security improvements I can make that would still allow viewing live streams via the iDMSS iOS app?


27146 posts

Uber Geek
+1 received by user: 6579

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1635986 19-Sep-2016 18:25
Send private message

Adamww:

 

sbiddle:

 

As somebody who's been using Dahua gear for years I'd never even contemplate a port forward opening a NVR up to the Internet. They've had plenty of major exploits.

 

Port 37777 isn't as bad as opening port 80 but there is plenty you can do when the NVR is wide open.

 

 

 

 

I'm would welcome some advice if you can simplify it enough that my mechanical engineering level can understand.  My networking knowledge should be good enough for a home user.  I already use a random port number in the DVR - not the defaults and have a strong user/password.  I have all of the DDNS and email alerts etc turned off in the DVR software.  My router is just consumer level device HG659?  Do you have any suggested security improvements I can make that would still allow viewing live streams via the iDMSS iOS app?

 

 

A strong username and password means very little, as does disabling all the other features. It's there mere fact the device is exposed to the Internet that's the issue. You simply don't know what security holes there are in the software - and there have been plenty over the years.

 

The simple answer to that is you need to set up a VPN on your router (HG659 doesn't support it) and then use the VPN client on your phone to establish a connection to your home router. You'll then have a private IP address on your LAN and can connect to the NVR on it's local IP address. This is the only secure way to access your device.

 

Will you be hacked like you have it set up now? Possibly not. Statistically speaking you won't get burgled today if you leave your front door unlocked either, but if you leave your front door unlocked all the time chances are one day somebody will enter your house.

 

There are very few valid reasons to ever have a port forward to an internal device on a network with the exception of port forward to an email or web server (and even running them on a home connection isn't necessarily smart). If you want some fun just spend 5 mins on shodan looking at insecure devices.

 

 

 

 


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.