DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Best (MOST SECURE) way to set up IP CCTV camera...
- floriank
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
30 Sep 2008 09:43 #52143
by floriank
Best (MOST SECURE) way to set up IP CCTV camera... was created by floriank
Hi,
We have a Vigor 2300 (v2.3.6) set up with a fixed IP range as supplied by our ISP. We then use fixed IPs for internal computers also (10.0.0.2, 10.0.0.3, etc).
I want to set up a Edimax IC-7000 IP camera, to be accessed from the outside. It needs HTTP port 80 for picture and UDP port 1500 for sound.
What's the most secure way of setting this up? If I go into NAT setup and open port 80 on the Draytek it obviously becomes scan-able from the net - checked with grc.com. I then forward the port to the internal IP address of the camera (e.g. 10.0.0.98) and the camera becomes visible to the outside.
However, as we were running with absolutely NO ports open before I'm nervous opening ports 80 and 1500 to the world - are there real security problems with this?
Alternatively, what may be a better way of setting this up?
Many thanks for your help!!
Florian
We have a Vigor 2300 (v2.3.6) set up with a fixed IP range as supplied by our ISP. We then use fixed IPs for internal computers also (10.0.0.2, 10.0.0.3, etc).
I want to set up a Edimax IC-7000 IP camera, to be accessed from the outside. It needs HTTP port 80 for picture and UDP port 1500 for sound.
What's the most secure way of setting this up? If I go into NAT setup and open port 80 on the Draytek it obviously becomes scan-able from the net - checked with grc.com. I then forward the port to the internal IP address of the camera (e.g. 10.0.0.98) and the camera becomes visible to the outside.
However, as we were running with absolutely NO ports open before I'm nervous opening ports 80 and 1500 to the world - are there real security problems with this?
Alternatively, what may be a better way of setting this up?
Many thanks for your help!!
Florian
Please Log in or Create an account to join the conversation.
- louis-m
- Offline
- Member
Less
More
- Posts: 131
- Thank you received: 0
30 Sep 2008 12:44 #52148
by louis-m
2820 = 3.3.2_RC5
2950 = 3.2.4
Replied by louis-m on topic Best (MOST SECURE) way to set up IP CCTV camera...
welcome to the world of servers!
when you open a port as such, the security is namely down to the listening app, in your case an ip camera.
anything designed as such will usually have some sort of security eg password protection, access rights etc.
your firewall can also limit connections from certain ip addresses eg your house etc if they are static ip's.
now the big problem comes when you want access to your internal network or camera in your case, from any computer.
you are then at the mercy of the server (your camera) and the software to provide security. generally, these are fine and you really shouldn't have a problem.
but there are numerous other ways in which you can tighten things up, namely vpn's etc but that is another subject.
when you open a port as such, the security is namely down to the listening app, in your case an ip camera.
anything designed as such will usually have some sort of security eg password protection, access rights etc.
your firewall can also limit connections from certain ip addresses eg your house etc if they are static ip's.
now the big problem comes when you want access to your internal network or camera in your case, from any computer.
you are then at the mercy of the server (your camera) and the software to provide security. generally, these are fine and you really shouldn't have a problem.
but there are numerous other ways in which you can tighten things up, namely vpn's etc but that is another subject.
2820 = 3.3.2_RC5
2950 = 3.2.4
Please Log in or Create an account to join the conversation.
- floriank
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
30 Sep 2008 14:09 #52151
by floriank
Replied by floriank on topic Best (MOST SECURE) way to set up IP CCTV camera...
Hi louis-m and thanks for your reply.
I already use VPNs at all our sites and the easiest way would obviously be to run the cam(s) within that. This, however, wouldn't allow me to access them from the outside, i.e. from the 'road'. This is a real requirement, hence the need to open a route to the camera through the firewall.
I guess I need to speak with EdiMax about the security of the camera's internal web server. My main worry is that, if it has a weakness, somebody could gain access to the rest of the network via the camera's web server.
By using port forwarding in my Vigor2300 to the specific IP address of the camera only, am I protected from this threat? I guess not!
Many thanks
Florian
I already use VPNs at all our sites and the easiest way would obviously be to run the cam(s) within that. This, however, wouldn't allow me to access them from the outside, i.e. from the 'road'. This is a real requirement, hence the need to open a route to the camera through the firewall.
I guess I need to speak with EdiMax about the security of the camera's internal web server. My main worry is that, if it has a weakness, somebody could gain access to the rest of the network via the camera's web server.
By using port forwarding in my Vigor2300 to the specific IP address of the camera only, am I protected from this threat? I guess not!
Many thanks
Florian
Please Log in or Create an account to join the conversation.
- louis-m
- Offline
- Member
Less
More
- Posts: 131
- Thank you received: 0
30 Sep 2008 16:27 #52156
by louis-m
2820 = 3.3.2_RC5
2950 = 3.2.4
Replied by louis-m on topic Best (MOST SECURE) way to set up IP CCTV camera...
you are protected in the fact that port 80 will only be forwarded to the camera. but the security is then down to the listening server. i would have a word as you say to see just how secure the camera can be, perhaps on their forums etc.
can it run over https? if so, then it's as secure as you are going to get it.
the alternative for clientless access is to use a https vpn. the 2930, 2950 etc does allow this or you could use something like sslexplorer if you have a spare pc or run vm's.
can it run over https? if so, then it's as secure as you are going to get it.
the alternative for clientless access is to use a https vpn. the 2930, 2950 etc does allow this or you could use something like sslexplorer if you have a spare pc or run vm's.
2820 = 3.3.2_RC5
2950 = 3.2.4
Please Log in or Create an account to join the conversation.
- floriank
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 15
- Thank you received: 0
30 Sep 2008 16:54 #52157
by floriank
Replied by floriank on topic Best (MOST SECURE) way to set up IP CCTV camera...
I don't think it can handle SSL, unfortunately - but will confirm this with the manufacturer.
Clientless access won't work with our routers, I think - they're too old and out-of-date
Thanks again for your help with this, much appreciated!
Regards
Florian
Clientless access won't work with our routers, I think - they're too old and out-of-date
Thanks again for your help with this, much appreciated!
Regards
Florian
Please Log in or Create an account to join the conversation.
- steve6380
- Offline
- New Member
Less
More
- Posts: 2
- Thank you received: 0
20 May 2010 15:12 #62081
by steve6380
Replied by steve6380 on topic Best (MOST SECURE) way to set up IP CCTV camera...
Best way would be to set up port forwarding in the router:
example
http://www.cam1.com:8081
in the router set up port forwarding:
\nat\port redirection
public port 8081
Private IP 10.0.0.2
Private port 80
Steve
example
in the router set up port forwarding:
\nat\port redirection
public port 8081
Private IP 10.0.0.2
Private port 80
Steve
Please Log in or Create an account to join the conversation.
Moderators: Sami
Copyright © 2024 DrayTek