How to secure an Online DVR Security Camera System
A home or business video surveillance system can be fun to install and use while giving you some peace of mind when away from home. There are hundreds of makes and models to choose from but unfortunately, many of them are not well secured out of the box nor are they secured during installation. This makes about as much sense as having a deadbolt and not locking it. A good professional installer will likely do this, but if you’re DIY then this overview will hopefully help. Be sure to RTFM for your DVR and router.
1. Create users on the DVR, granting only the permissions required. You’ll want an account for yourself that lets you live view and review recorded footage. For a trusted person helping to keep an eye on your place while your gone, you may want live preview only of certain cameras but not the ability to playback footage recorded earlier nor alter network settings.
2. Check that password protection is enabled on the DVR. Sometimes that feature is off by default.
3. Use a router/firewall between your Cable or DSL modem and the DVR. A DVR is actually an embedded computer with an operating system such as Angstrom Linux, and as such should be behind a properly configured firewall.
4. Make sure remote administration of the router is turned off unless you specifically need it on. Also, change the router admin password to something better than ‘1234’.
— If your system is just to find out which neighborhood cat is poopin’ in your garden, you could stop here. If it’s a whole house or business system, you might want to take it a few steps further —
5. Select a higher port number on the DVR. Many use port 9000 by default, so if someone were to attempt to gain access that’s the first port they’ll try. The range of valid port numbers goes from 1 to 65535, but some are reserved for other functions. Choose one well above 10,000 and be sure to test it before leaving town.
6. Disable UPnP on your router and manually create an entry for the port number chosen above.
7. Check to see if you can telnet into your DVR and gain access. Many DVR systems will accept a ‘root’ login with no password, giving a stranger full access to ruin your system or use it as a launchpad to attack other computers. If this is the case, either change the root password, disable telnet services on the DVR or block port 21 on your router to incoming requests.
8. Periodically check your router logs and DVR access logs, if available, for access from IP addresses you don’t recognize.
9. Change your router and DVR passwords several times a year or sooner if you’re unsure about anyone you’ve given them to.
10. Check for firmware/system updates from your router and DVR manufacturer. Updates usually fix bugs, patch security holes, improve performance and sometimes add new features.
I wrote this guide based on my personal experiences of installing several SOHO systems and found a lack of concise information online about keeping them secure.
Happy remote viewing!