cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1120
Views
0
Helpful
2
Replies

IP Cameras – Lan - Remote Access

getRdone
Level 1
Level 1

We have a small office and have recently installed a small NVR and 3 IP camera's to keep an eye on things. I'm a little concerned this system has access to our internal LAN and I can also access it remotely from an iPhone app right through our ASA to the device and remote view the NVR and camera activity. When I run a “show conn” I can see the remotely connected endpoints and remain concerned what country and servers have access to my internal LAN.

 

I don't seem to be getting a straight answer from the non US manufacturer on how this is connecting from the outside, I can monitor the external ports and do not see any open but something has to be there for the device to connect? Token or ?? Maybe

 

I know I can install this device on a different vLan at the office but then we could not connect locally to view the camera's or NVR, so that does not seem to be a good solution either.

 

Any thoughts or suggestions here?

 

Thanks in advance

2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

sounds to me like the phone app is connecting to a proxy server out in the internet. Your cameras themselves are also connecting to the proxy server.

 

At some point you must have had to registered these cameras as belonging to you.

I assume you have to authenticate via the phone app, so you gain some security here. Unless an attacker has your credentials they won't be able to see these camera feeds.

 

Also it is probably worth checking that the outbound connections the cameras are creating are encrypted, this way the data in transit can't be intercepted an views by a third party.

 

Regarding moving the NVR and cameras to a different subnet, I don't understand how that would break things. Can you explain?

 

cheers,

Seb.

I was considering moving the cameras main recording device, to a different PC on a different vLan subnet but that creates another hassle because I would have to view local feeds from a console when in the office but regarding outside threats, they would be limited to only the vLan subnet n case the recording device was compromised from the outside. 

 

Just thinking here, I might be over thinking this 

Thanks for responding, I believe you are exactly correct in that the device connects to a proxy on the net, I found out it is using DDNS to connect from the outside.

 

Thanks again

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: