Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Port forwarding for CCTV.... or not
RunningMan

9186 posts

Uber Geek
+1 received by user: 4840


#281002 24-Jan-2021 21:39
Send private message

Another example (TVNZ) of the risks of directly exposing CCTV and similar devices to the internet. In this case, cameras viewed due to default passwords. This piece focussed on ensuring you didn't use the default password, but it would be better to not have inherently insecure devices like CCTV systems exposed to the internet in the first place.

Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

michaelmurfy
meow
13580 posts

Uber Geek
+1 received by user: 10912

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2641282 24-Jan-2021 23:35
Send private message

It’s not just default passwords - many of these cameras are just simply not good with security and streams are not password protected. That is essentially what all the cameras on https://www.insecam.org are.

Ring / Eufy / Arlo do solve a problem here with creating a secure system that requires no port forwards and can even work behind CG-NAT successfully. The problem is people want security systems for as cheap as possible and pick up those $20 cameras that forward ports to itself using UPnP and get themselves pwned.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



sbiddle
30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2641330 25-Jan-2021 08:29
Send private message

The simple answer is no, typically speaking you should never ever create a port forward for a CCTV system unless you're capable of whitelisting this to specific IP range(s) that are necessary. Having said this it's an incredibly common thing, with large security companies out there who have zero idea of networking still configuring systems like this.

 

There have been a myriad of hacks on CCTV equipment in recent years due to the poor security of many. Yes things have got a lot better secuerity wise from many big vendors, but that's still no reason to change. All it takes is a single loophole to be found and you're history since most people aren't upgrading equipment regularly. With many people still buying cheap insecure equipment or things such as hacked Dahua cameras that can never be upgraded, it opens up lots of nasty possibilities.

 

I don't think most people understand the risks of creating even a single port forward on their network (regardless of what it is for - not just CCTV) in that it's allowing anybody else on the Internet access to the inside of your network.

 

Many cameras on sites such as insecam are not just default passwords, they are also cameras that have things such as ONVIF RTSP streams that don't require authentication so all that is needed to view the camera is the correct URL.

 

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright