A Primer on IP Cam, DVR, & NVR Network Security

The availability of low cost residential IP (Internet Protocol) Cameras, Digital Video Recorders (DVR), and Network Video Recorders (NVR) has brought significant benefits to individual home security and monitoring at a distance.

Some of our BLOG users have purchased these devices. If you are participating in the Sunrise Terrace Snapshot Repository we have assured you that your personal network remains secure when using the outbound FTP transport configuration provided to you when you added your camera, DVR, or NVR to the Sunrise Terrace Repository site.

Most of these IP devices are capable of additional methods of content sharing and remote access that may have already been activated by the manufacturer as part of a vendors “plug and play” or “out of the box” automatic usability features.

In this BLOG POST I review five basic network configuration settings essential to maintaining the security of your personal network and the IP devices attached to that network.  Making changes to your userID & password pairs, DDNS settings, remote access protocol, and router logs varies depending out your router make and model.  Most of these changes can be accomplished using your routers GUI interface and will not be difficult.  Consult your router operating manual for specific instructions.

The first suggestion (1) and best way to protect your IP devices from intrusion is to change the manufactures default administrative userID and password, or better yet disable the vendor administrative userID and create your own access credentials!

Suggestion two (2) is to disable DDNS service on your IP device unless you are using a DDNS service for your own remote access to IP cameras, DVR’s, or NVR’s on your network.

Suggestion three (3) is to change IP device remote access service to a non-standard port.  The standard (well known) ports for some protocols are HTTP:80, RTSP:554, HTTPS: 443, and Server:8000.  Choose a port different from the well known ports and one above 2000 if possible for the operating systems of your camera.

Suggestion four (4) is to monitor your Internet Router activity. Keeping your router visible so you can and monitor the router LED’s for transmit and receive activity is an indication of a possible attack.

Suggestion five (5) is to check the router log periodically or when you observe continuous or unusual router activity. External access attempts to your personal network will appear in the router log (if you have activated logging) and you can use that data to filter or deny unwanted traffic to your personal network.

The five suggestions above are easy tasks and are the basis of good Internet security for IP devices on you network.

I hope this BLOG POST has been helpful in securing your personal network.

Footnote: IETF RFC-1918 private network ranges start with the IP Addresses: 10.0.0.0, 172.16.0.0, & 192.168.0.0.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>