|
I'm in the process of buying a house; for a number of reasons I'd like to have a few cameras scattered around the property. For this to be maximally useful to me, I need to be able to access the feeds from a phone, so that means letting the cameras talk to the broader internet. I've never done this because I'm not much of an infosec geek, and have the general perception that most of these systems are not very well designed. I saw a presentation at shmoocon a few years ago where one such camera was found to be throwing data into discoverable, unencrypted files in unprotected s3 buckets. Does anyone have any general guidance here, or know of a good guide to "setting up a camera system without allowing random bored teenagers to watch you cook"? Is this even a reasonable idea, or should I just abandon the phone idea and resort to something that's not connected to the internet?
|
#
?
Oct 22, 2017 19:23
|
|
|
|
| # ? May 4, 2024 06:31 |
|
|
It's definitely a legit concern, and a safe assumption that any built in security on these devices is worthless. I would probably also ignore any "cloud" features the device comes with as those are probably worthless as well. I have an Amcrest camera that I access over VPN from my phone, using the OpenVPN app on Android & the Amcrest app. Seems to work well enough and also reasonably secure.
|
|
#
?
Oct 22, 2017 22:00
|
|
|
Most of the cloud based ones are either dogshit tier coding on top of moronic security systems, or rebranded and packaged version of camera boards from people with dogshit tier coding standards. Your best bet is to get regular old IP security cameras, and use Zoneminder or iSpy or another free/cheap/open source camera management tool. Host the data local and stream it through a VPN and you should be more or less safe from incidental lovely practices from the people you bought your cameras from. If you have the equipment needed to do so, you can also vlan off the cameras into their own little ghetto and only allow a single port on the Zoneminder VM to access it.
|
|
#
?
Oct 22, 2017 22:08
|
|
|
Hardlines is the only answer. From there you can feed them into a computer and manage security far better. Other than that, you'll just have to be slightly concerned some weirdo can watch you cook naked in the kitchen. If you do go wireless, buy a different router and put them on their own network. I'm less concerned about someone watching me than the potential backdoor into the network.
|
|
#
?
Oct 23, 2017 15:13
|
|
|
The security on those things is laughably bad and cannot be relied on. I hardwired mine but if that's not an option, I definitely echo the previous posters comments about putting them onto a separate network. If I had to use wireless I would VLAN all of them for sure, don't leave that poo poo accessible or on the same network as your other stuff.
|
|
#
?
Oct 23, 2017 15:48
|
|
