Posted: 3/27/2016 11:46:53 AM EDT
|
I have installed a couple of ipcams in my house so I can monitor it when I am out of town.
My concern with my ipcams are twofold: 1. The ipcams appear to be creating connections to the manufacturers server. 2. I need to be able to establish a connection to the ipcams from my iPad or iPhone, but I don't want anyone else to be able to do so. I don't trust the ipcams user passwords. I would like to add a firewall to block all packets to or from either of my ipcams to any MAC address except my own. My current wifi router does not block any outgoing traffic. So I am considering adding an additional router between my cable modem and my wifi router. I am thinking of either a Tomato, dd-wrt, or openwrt router. Will I be able to secure my network as I have described with any of these routers? Should I be doing something different? |
|
Also depends on the cam.
For example, the Netgear ARLO that you see popping up everywhere, is not a secure solution. They are wireless only and suffer from the weaknesses of 802.11 as a result. For example, one can create a evil AP and force the ARLO to resubscribe to it (not hacking it but essentially killing it's connection to the base). Add that ARLO is setup for 7 day cloud storage...some one could case a bunch of cameras (like in a building I saw some in yesterday) come back 8 days later and make their move knocking out the cased cameras from earlier. Wired is the best solution, but a good firewall is needed and even going as far as keeping a subnet that only provides wired access (no access from the wireless gateway). |
|
Quoted:
Probably the easiest thing to do is to create firewall rules to block all inbound and outbound traffic to the IP cameras. Create a VPN to access the cameras remotely. This. What make/model of wifi router are you using now, OP? Does it have a "parental control" feature (simple firewall rules as beavo suggests) you could turn on for the cams? |
|
My cams are hard wired.
Currently I am using an apple wifi router for my router. It is pretty basic.... no parental control. That's why I'm thinking of buying a linux based router and putting Tomato or some other router firmware on it. If I do this I am hoping I can install it between the cable modem and the apple router. I would disable the wifi in the new router and continue to use the wifi in the apple router. That way the new router doesn't necessarily need to support the newest and fastest wifi modes. The apple router does a superb job of providing a good wifi signal to the farthest reaches of my house. Two of you have suggested I create firewall rules to block all inbound and outbound traffic to the IP cameras and also to create a VPN to access the cameras remotely. I like the idea of somehow isolating the cameras but still allowing access through a VPN. This seems much better than using MAC filtering. But I am unsure how to do this. Can someone explain this a little more? If I block all traffic, how can a VPN work? Generally how would I do this with a Tomato router? |
|
Quoted:
My cams are hard wired. Currently I am using an apple wifi router for my router. It is pretty basic.... no parental control. That's why I'm thinking of buying a linux based router and putting Tomato or some other router firmware on it. If I do this I am hoping I can install it between the cable modem and the apple router. I would disable the wifi in the new router and continue to use the wifi in the apple router. That way the new router doesn't necessarily need to support the newest and fastest wifi modes. The apple router does a superb job of providing a good wifi signal to the farthest reaches of my house. Two of you have suggested I create firewall rules to block all inbound and outbound traffic to the IP cameras and also to create a VPN to access the cameras remotely. I like the idea of somehow isolating the cameras but still allowing access through a VPN. This seems much better than using MAC filtering. But I am unsure how to do this. Can someone explain this a little more? If I block all traffic, how can a VPN work? Generally how would I do this with a Tomato router? You might have problems doing this unless you can put your Apple router in an "access point only" mode. (I have no idea if this is or isn't possible.) I'd just look for a new router that has the features you want if Apple doesn't have an access point mode and a VPN server. I'm using an Asus RT-N66U with the Merlin firmware and it should do what you're looking for (parental controls to disable Internet access and OpenVPN). Newer models might be even better than what you have now. |
|
Quoted:
You might have problems doing this unless you can put your Apple router in an "access point only" mode. (I have no idea if this is or isn't possible.) I'd just look for a new router that has the features you want if Apple doesn't have an access point mode and a VPN server. I'm using an Asus RT-N66U with the Merlin firmware and it should do what you're looking for (parental controls to disable Internet access and OpenVPN). Newer models might be even better than what you have now. Quoted:
Quoted:
My cams are hard wired. Currently I am using an apple wifi router for my router. It is pretty basic.... no parental control. That's why I'm thinking of buying a linux based router and putting Tomato or some other router firmware on it. If I do this I am hoping I can install it between the cable modem and the apple router. I would disable the wifi in the new router and continue to use the wifi in the apple router. That way the new router doesn't necessarily need to support the newest and fastest wifi modes. The apple router does a superb job of providing a good wifi signal to the farthest reaches of my house. Two of you have suggested I create firewall rules to block all inbound and outbound traffic to the IP cameras and also to create a VPN to access the cameras remotely. I like the idea of somehow isolating the cameras but still allowing access through a VPN. This seems much better than using MAC filtering. But I am unsure how to do this. Can someone explain this a little more? If I block all traffic, how can a VPN work? Generally how would I do this with a Tomato router? You might have problems doing this unless you can put your Apple router in an "access point only" mode. (I have no idea if this is or isn't possible.) I'd just look for a new router that has the features you want if Apple doesn't have an access point mode and a VPN server. I'm using an Asus RT-N66U with the Merlin firmware and it should do what you're looking for (parental controls to disable Internet access and OpenVPN). Newer models might be even better than what you have now. One of the reasons I'm really fond of Mikrotik...separate subnets on each port (if you want). I'd actually just plug a Mikrotik 5 port router (they make them without wireless) use the default config and keep that secondary IP only for the cameras. |