Unsolved Looking for Security camera options
-
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
-
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not. -
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
-
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
-
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
yeah it was a complete non question by the time I finished editing my original post.
Of course if you don't trust whatever you're talking about - you have to do this.
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
-
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
yeah it was a complete non question by the time I finished editing my original post.
Of course if you don't trust whatever you're talking about - you have to do this.
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Otherwise if you build your own login portal on a reverse proxy, that will become the weak link from a security perspective.
-
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
yeah it was a complete non question by the time I finished editing my original post.
Of course if you don't trust whatever you're talking about - you have to do this.
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Otherwise if you build your own login portal on a reverse proxy, that will become the weak link from a security perspective.
Now you've lost me - where is SAML being introduced?
-
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
yeah it was a complete non question by the time I finished editing my original post.
Of course if you don't trust whatever you're talking about - you have to do this.
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Otherwise if you build your own login portal on a reverse proxy, that will become the weak link from a security perspective.
Now you've lost me - where is SAML being introduced?
On the reverse proxy server.
You can't do it on the web cameras or any other insecure device.
-
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
yeah it was a complete non question by the time I finished editing my original post.
Of course if you don't trust whatever you're talking about - you have to do this.
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Otherwise if you build your own login portal on a reverse proxy, that will become the weak link from a security perspective.
Now you've lost me - where is SAML being introduced?
On the reverse proxy server.
You can't do it on the web cameras or any other insecure device.
I guess I don't understand why you talked about SAML, then talked about rolling your own... I mean I suppose someone could do that, but if they have access to a SAML solution, rolling your own seems odd.
-
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
Yes. It's hard to secure things that are insecure without adding a layer of "something" around it.
In the case of cameras a reverse proxy with SAML authentication could also work.
yeah it was a complete non question by the time I finished editing my original post.
Of course if you don't trust whatever you're talking about - you have to do this.
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Otherwise if you build your own login portal on a reverse proxy, that will become the weak link from a security perspective.
Now you've lost me - where is SAML being introduced?
On the reverse proxy server.
You can't do it on the web cameras or any other insecure device.
I guess I don't understand why you talked about SAML, then talked about rolling your own... I mean I suppose someone could do that, but if they have access to a SAML solution, rolling your own seems odd.
Yeah, rolling your own isn't a such a good idea.
I just mentioned it because you said "your own logon page". -
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
-
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated. -
@dashrender said in Looking for Security camera options:
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.
-
@dashrender said in Looking for Security camera options:
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.As Jared said, separating the cameras onto a separate VLAN doesn't stop people from viewing them out of the office.
Let me rephrase that, it doesnt stop the people you want to view it who are out of the office. It does stop the cameras from tunneling out of your network or allowing backdoor viewers.
-
@jaredbusch said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.
yeah, cause an NVR's are always super hardened to be on the internet
-
@dashrender said in Looking for Security camera options:
@jaredbusch said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.
yeah, cause an NVR's are always super hardened to be on the internet
I'm confused. The NVR doesn't have to be directly exposed to the internet? And even if it was, you're saying that since an NVR might not be "hardened" you might as well expose every camera? I don't get the argument.
-
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@jaredbusch said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.
yeah, cause an NVR's are always super hardened to be on the internet
I'm confused. The NVR doesn't have to be directly exposed to the internet? And even if it was, you're saying that since an NVR might not be "hardened" you might as well expose every camera? I don't get the argument.
I think he's saying that the NVR is not better than any camera - from a security point of view.
So don't expose the NVR directly to the internet.
-
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@jaredbusch said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@stacksofplates said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
@jasgot said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
@voip_n00b said in Looking for Security camera options:
I have no experience with them but I keep seeing hikvision everywhere.
I see those everywhere as well. I think because they're cheap. I was very annoyed by the only system I ever worked with (required IE, 8 years ago now, but still, yuck.)
Hikvision was very popular because of price until it was discovered they had a backdoor to monitor every camera that had a route to the internet.
Good to know.
But on the other hand it's not wise to open your security cameras to the internet - ever. All devices are filled with backdoors and vulnerabilities. Some are known, most are not.so the only way you'd ever have cameras is with local access, or VPN access to that local network?
A common way is with VLANs, like mentioned in another thread.
I don't think this really gets to the heart of what most people want.
I'm guessing JB's client wants to view these cameras while they are at home, etc.
It's more about the remote access than the LAN based protection... but yeah, sure - Using a VLAN and ACLs is probably a good idea to help keep things separated.It is remote access to a NVR never a specific camera. Cameras never need to be open to the internet.
yeah, cause an NVR's are always super hardened to be on the internet
I'm confused. The NVR doesn't have to be directly exposed to the internet? And even if it was, you're saying that since an NVR might not be "hardened" you might as well expose every camera? I don't get the argument.
Yep.. that's exactly what I was thinking.. just expose everything - (please for the love of god see that I am being sarcastic
) -
VLANs, firewall, and internal access only through VPN/bastion.
It's not difficult, it's not expensive when you consider the amount of value you get in many aspects of IT infrastructure(not just cameras).
Come on guys, these are basic concepts.
-
@pete-s said in Looking for Security camera options:
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Kind of...
Any resource as important as camera system would certainly not be exposed directly. There is no reason for it. You're never gonna say "Customer please login and check the camera system." So why publicly expose at all.
Require VPN and make it internal only resource.
You're right about using SAML for authentication and using groups to maintain.
