Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
Meow
7447 posts

Uber Geek
+1 received by user: 3586

Moderator
Trusted
Lifetime subscriber

  Reply # 1507931 8-Mar-2016 09:44
Send private message

xpd:

If a VPN isnt an option, then a different way, is use Teamviewer.... not exactly FPS friendly, but its an option.......



Try Anydesk (anydesk.com) - seems to be more FPS friendly.




155 posts

Master Geek
+1 received by user: 61

Subscriber

  Reply # 1507946 8-Mar-2016 10:06
One person supports this post
Send private message

xontech:

 

Agree with the above about not doing port forwarding.

 

But I was wondering what is the opinion on systems where the camera is registered to a service (ezviz for example) and you can then remotely view the camera by logging on to the service. No manual port forwarding involved, but perhaps UPNP? More secure/same/less secure?

 

 

Why would I want to entrust frame-by-frame video of the interior and exterior of my house to someone 'in the cloud'?
How would I ever have confidence that the cameras were actually off or that the 'cloudy' video data is secure from unauthorised viewing?

 

All far too easy to go from 'my home is my castle' to 'my home is a video studio' or from 'securing my premises' to 'confirming when the place is empty'

 

Just "NO"

 

 


26491 posts

Uber Geek
+1 received by user: 6037

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1507949 8-Mar-2016 10:12
One person supports this post
Send private message

xontech:

 

Agree with the above about not doing port forwarding.

 

But I was wondering what is the opinion on systems where the camera is registered to a service (ezviz for example) and you can then remotely view the camera by logging on to the service. No manual port forwarding involved, but perhaps UPNP? More secure/same/less secure?

 

 

There are two ways these cloud services work - one is storing the data on their cloud services (and I saw a lot of new companies offering this at CES), and the other is P2P functionality to let you log in via their website but still keep the data local.

 

Here's a view on the Foscam P2P security

 

http://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/

 

 


BTR

1461 posts

Uber Geek
+1 received by user: 427


  Reply # 1507956 8-Mar-2016 10:30
Send private message

The cameras I deal with at work are on a separate network with no internet access going out. The NVR has dual ethernet so one is used to access the cameras and the other is setup simply for viewing the footage.

 

 

 

Our building access control is also on a separate network. 


21131 posts

Uber Geek
+1 received by user: 4215

Trusted
Subscriber

  Reply # 1508005 8-Mar-2016 11:32
Send private message

The one for Chinese cameras I had a play with just acted as an inbeteen if there were no ports able to be forwarded. All traffic was passed back to the camera/NVR which did the authentication so long as you had the code from the QR code to authenticate. Changing that number by 1 from the "cloud URL" for my camera lead to other cameras. Most still accepting the default password. Many Chinese factorys, schools, apartment building entrances, nail shops etc all visible.

 

If there was an authentication backdoor/programming stuffup/exploit in the cameras, then they were all accessible if they had the cloud service ticked.

 

This was not xmeye, but another one that only one of the cheap cameras I got used on it.





Richard rich.ms

224 posts

Master Geek
+1 received by user: 45


  Reply # 1508058 8-Mar-2016 12:45
Send private message

Ok, convinced me to:
- Remove default gateway and "disable" all external heading services on camera (upnp, p2p etc)

 

- Add a rule to my firewall stopping all traffic from the camera from leaving the network

 

- Set up a VPN to be able to remotely view camera streams / playback

Should be enough?


BDFL - Memuneh
60605 posts

Uber Geek
+1 received by user: 11537

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1508156 8-Mar-2016 15:04
One person supports this post
Send private message

sbiddle:

 

xontech:

 

Agree with the above about not doing port forwarding.

 

But I was wondering what is the opinion on systems where the camera is registered to a service (ezviz for example) and you can then remotely view the camera by logging on to the service. No manual port forwarding involved, but perhaps UPNP? More secure/same/less secure?

 

 

There are two ways these cloud services work - one is storing the data on their cloud services (and I saw a lot of new companies offering this at CES), and the other is P2P functionality to let you log in via their website but still keep the data local.

 

Here's a view on the Foscam P2P security

 

http://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/

 

 

This is just an example. Now expand this. Imagine the company selling these cheap cameras close down and the domain these cameras call to report lapse. Some Bad Person (TM) buys the domain and suddenly this Bad Person starts receiving data from thousands of cameras from around the world. And no one knows it is happening.

 

Would you be happy with that?





Awesome
4794 posts

Uber Geek
+1 received by user: 1060

Trusted
Subscriber

  Reply # 1508166 8-Mar-2016 15:23
Send private message

I do two things to protect my network/cameras

 

1) IPTables rules on the router firewall to discard any UPnP requests. I was finding my D-Link camera was opening ports, even with UPnP turned off in its config. dropping the UPnP packets seems to solve this nicely.

 

2) Only outside access is 1) web based via a reverse proxy that uses certificate auth. Don't have the cert, no access. and 2) via SSH tunnel, also only via certificate auth.

 

(If anyone seeing any flaws in my approach please let me know!)





Twitter: ajobbins


1366 posts

Uber Geek
+1 received by user: 345


  Reply # 1508168 8-Mar-2016 15:23
Send private message

OK this thread was an eye opener. Muchas muchas gracias.

 

I'm logging into a remote site now to disable some port forwards...


6642 posts

Uber Geek
+1 received by user: 552

Trusted

  Reply # 1508197 8-Mar-2016 15:26
Send private message

As someone involved in this area for work, it's always interesting to see how companies and trades simplify the install of items down to just the pure physical side of things.


By that I mean the likes of structured cabling, security cameras, TV aerials etc are all installed by a range of different companies, with a range of different grasps of the underlying fundamentals/concepts.  Some might know why RG59 is different to RG6, and when you might want to use each.  Some my know exactly why you shouldn't leave long leads of cable unterminated and still connected to multi splitters.  Some may know you shouldn't do certain things, but not exactly why that is the case, and some just go and do the stupid thing and are completely oblivious to it.  It's cables right, so an electrician deals with wires.


All too often even the product selection phase is handed over to resellers/wholesalers, who will just advise as to what's popular.  Doesn't matter if it's suitable or not, just as long as it's what everybody else got right?  Safety in numbers and all.


An example would be the popularity of the gizmo combination UHF/VHF TV aerials when VHF TV transmission was clearly on the way out.  The last 10 electricians may have purchased this, but it doesn't make it the best choice.


Networking is all to often a dark art, where someone in the organisation knows how to set these up, and even then they're following step by step instructions handed to them once by a support person on a call to the manufacturer to chase up why it wasn't working.  Security on networks is an even darker art, which comes in once you've got it all up and running, and is often glossed right over, because it's working already...


Like anything there are good people and poorly skilled people in the industry.  Some of these industries are quite small, and you see the same staff bouncing between different companies.  Naming companies can be a bit rough, but then again...


26491 posts

Uber Geek
+1 received by user: 6037

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1508291 8-Mar-2016 16:51
Send private message

You've raised some good point, and in the security (and dare I say it PBX as well) space it comes down to one thing - the migration from "traditional" equipment to IP. Many people installing this kit may have been doing this for their entire life and be very good at it, but the IP world opens up a whole can of worms.

 

Networking is something that you either grasp or don't grasp. I'd go as far as saying many of these people don't understanding network, and simply don't want to learn. Even if you understand networking there are many things that can catch people out, and a lack of understanding of the risks of things as simple as port forwards which we've discussed in this thread is over the heads of many of these people.

 

Anybody who's never seen http://shodan.io should have a play with it - for many people it's an eye opener.


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.