Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

P2P IP camera - security

  • 01-12-2017 11:10am
    #1
    Closed Accounts Posts: 603 ✭✭✭


    In the past I've set up a camera for remote monitoring livestock using the old 'port forwarding' 'public ip address' and DDNS route and the pain that it can involve, so I'm looking into using a P2P IP camera instead this time

    From my initial reading, a lot of people have concerns over the fact that for these P2P cameras to be almost plug-n'play avoiding the aforementioned configuration/requirements, traffic is routed to a 3rd party intermediary server owned by the camera manufacturer, hence security concerns.

    Am I correct in assuming that since the network in which my IP camera resides, is in a remote shed with a 4g router, not connected to my home network in anyway, that such security issues wouldn't really matter to me? I mean, is there some increased risk when connecting to such cameras using the manufacturers app/software on my home network ?


Comments

  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Its connection relaying. Same thing Skype has done for years. If you trust [Company] then fine, if not then avoid.


    More importantly, you NEED cameras that will be maintained by the manufacturer. Cheapo chinese cams wont be.

    https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html


  • Closed Accounts Posts: 603 ✭✭✭Gentleman Off The Pitch


    Thanks for this, I'll do further reading into what's involved in P2P

    It appears to me that most cameras out there are now from China, and I was looking for an outdoor PTZ P2P in the 200-300 bracket, so not sure if that would be consider Cheapo?

    Can you suggest some more reputable brands that I could look into?


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    Really at the moment its all a bit of a farce. Even netgear have made a complete bollix of security.

    The only company that have proved "we're on top of our sh1t" were Ring, they had a flaw disclosed and fixed in like 6hrs. Maybe not what you're looking for.


  • Closed Accounts Posts: 603 ✭✭✭Gentleman Off The Pitch


    Just to revisit this, I'm wondering if there are other options avaiable to me here that I'm not aware of? I mean, besides public IP address and portforwarding as I was using previously or using a camera with a P2P service, should I be considering a VPN based solution for example?

    I have been using a three.ie 3g/4g SIM, Huawei E5186 router and IP camera, but also have a model A raspberry PI that could possibly run OpenVPN ? Without a public IP I need one from a VPS would I?
    Anyone have any hints/suggestions?


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    I think this might be best suited to the Information Security forum.
    Am I correct in assuming that since the network in which my IP camera resides, is in a remote shed with a 4g router, not connected to my home network in anyway, that such security issues wouldn't really matter to me? I mean, is there some increased risk when connecting to such cameras using the manufacturers app/software on my home network ?

    If you connect this device to the internet, using port forwarding or P2P, it is possible for the device to be compromised. There may be bugs or vulnerabilities in your mobile device with the app, the protocol, the camera firmware etc.

    In my opinion, it depends on what you mean by "increased risk" and what you classify risk as.

    If you use your phone or whatever device while connected to your home network to connect to the internet, that is a risk in itself.

    - With port forwarding, you open your device up to the entire internet (assuming you don't lock down your firewall to specific IPs, i.e. your home public IP - which might just be the easiest solution here)

    - With P2P, you route your traffic to the camera through someone elses server.

    In both cases, it's likely the auth string is not encrypted anyway, so routing this through another server using P2P means that that server could gather your authentication passwords. I think the risk balances out 50/50 for the above options.
    Just to revisit this, I'm wondering if there are other options avaiable to me here that I'm not aware of? I mean, besides public IP address and portforwarding as I was using previously or using a camera with a P2P service, should I be considering a VPN based solution for example?

    I have been using a three.ie 3g/4g SIM, Huawei E5186 router and IP camera, but also have a model A raspberry PI that could possibly run OpenVPN ? Without a public IP I need one from a VPS would I?
    Anyone have any hints/suggestions?

    An encrypted SSL/TLS VPN would be a nice idea, if you firewalled your 4G network, used keys to authenticate to the VPN and than checked the cameras while running the VPN, your risk of being compromised is greatly reduced, but by no way impossible. The box may call home for example too.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 295 ✭✭Dr_Bill


    I would take a serious look at these -> https://www.ubnt.com/products/#unifivideo

    They are proper IP video cameras and could also form part of your own security around your farm. Depending on lines of sight and distances a wireless network may do the trick for hooking these up.

    I have used Ubiquiti kit for several years and its good kit and easy to setup to manage. Might be worth thinking about as your going to have cattle caving every year and rural crime is an on going problem a robust solution is probably worth the investment.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,581 Mod ✭✭✭✭Capt'n Midnight


    IIRC there's an android app out there to reuse old phones as IP cameras.

    Bypasses the whole dodgy Chinese firmware with hardcoded security holes that only work with leaky software.


  • Registered Users, Registered Users 2 Posts: 1,919 ✭✭✭SlowBlowin


    Whats wrong with a port forward ?

    You dont need a static IP, you can use dynamic DNS.

    A port forward takes 5 minutes to set up and involves no third party relay server.

    The biggest eastern manufacturer is Hik, and they make a lot of the other cameras that are rebranded. They are run by the Chinese government and are not very robust from a security point of view, have a look at this:

    https://ipvm.com/reports/hik-hack-map

    SB


  • Registered Users, Registered Users 2 Posts: 67 ✭✭rugrat69


    You could look at ezview from Uniview they have an P2P application and server which is based in Europe which improves load times etc. You will need their end to end solution recorder and IP Cameras for it to work.

    http://en.uniview.com/


  • Closed Accounts Posts: 603 ✭✭✭Gentleman Off The Pitch


    SlowBlowin wrote: »
    Whats wrong with a port forward ?

    You dont need a static IP, you can use dynamic DNS.

    A port forward takes 5 minutes to set up and involves no third party relay server.

    The biggest eastern manufacturer is Hik, and they make a lot of the other cameras that are rebranded. They are run by the Chinese government and are not very robust from a security point of view, have a look at this:

    https://ipvm.com/reports/hik-hack-map

    SB

    Yeah, I use DDNS etc., the issue is not a static IP, it's getting assigned a public IP that has become a problem for me, hence I'm looking into alternatives


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,919 ✭✭✭SlowBlowin


    Yeah, I use DDNS etc., the issue is not a static IP, it's getting assigned a public IP that has become a problem for me, hence I'm looking into alternatives

    OK, I had a similar issue with Three, although changing away from the standard APN allowed me to get a public IP, not the 10 address I was being issued.

    As far as I know the only way round this now is to get a fixed IP SIM, they are available but there is an increased cost.

    I do have an account with Angelcam and have about 30 odd cameras running on that service. It is reliable and I am using Axis cameras (based on the AXIS AVHS system).

    I am not aware of a secure, budget system although Angelcam have quite a range of supported cameras.

    SB


Advertisement