Everyone wants to watch their security cameras remotely, and to do so requires placing the camera system on the internet. Having a security camera system is one thing, keeping it secure on the internet is another. Putting a surveillance system online for remote viewing is like having a house on the road that anyone can drive by and see. Like your home, you’ll want to make sure your camera system is secure. If someone hacks your system it is almost the same as them breaking into your home. In this article we discuss the different methods available to secure your security cameras on the internet.
Common System Vulnerabilities
Inexpensive security camera systems from Amazon vendors and big box stores are cheaper because they have poor research and development behind those products. Poor R&D leads to vulnerabilities among many other deficiencies when compared to reputable products. Vulnerabilities in cheaper surveillance systems or cameras include backdoors or master reset passwords that allow hackers to login without you knowing. Hackers can mess with settings, delete recorded video, or prevent cameras from working after hacking the system. Weak passwords and master reset passwords are common mistakes that allow hackers to take over IoT devices such as security cameras and systems.
Backdoor hacks that happened in the past were due to loopholes and lazy programming oversights that led to exploits. Cheap surveillance systems usually have backdoors that haven't been addressed because of insufficient investment of time and money into securing devices. Many compromised brands also do not provide updates to remedy security issues, many times because those security holes cannot be plugged.
With an insecure camera system not only do you have to worry about that system being vulnerable to hacking but other devices on the network that can become vulnerable as well. According to this story in the Register, CCTV systems with backdoors can be used to attack other devices on your home or business computer network and steal sensitive information.
Weak or Default Reset Passwords
Using weak or default passwords is the number one mistake that allows a hacker into a CCTV system on the internet, or any IoT device. Hackers use Bots to test combinations of known passwords used by device manufacturers to easily guess passwords and access cameras or security dvr recorders across the world that are connected to the internet. If you use a weak password, your cameras could end up on a website like insecam.com, where thousands of compromised security camera systems are cataloged online for anyone to look at.
For this same reason you never want to purchase a DVR recorder, NVR recorder, IP cameras, or security camera system that has a master password (also called root password). This post by Softpedia provides an example of how a hard-coded root password was exploited to hack thousands of DVR recorders made by a major manufacturer of DVR recorders. If the master password is made public by the manufacturer, or in an online forum, it is a matter of time before all devices from that manufacturer are compromised. For this very reason all of the devices sold by CCTV Camera World require the user to set their own password, and in many cases we pre-initialize the system for our customers with a secure password.
How do you keep a security camera system secure on the internet?
There are a few different ways that you can connect to your security camera system remotely. Each of the methods have their own pros and cons and no system is immune to being hacked if it is connected to the internet. Below we outline the different methods starting from the easiest and least secure remote connection to the most secure.
Easy Remote Viewing using P2P
Using the P2P or Peer-2-Peer method for remote connection is the easiest to set up and is becoming increasingly popular. The P2P method does not require any complex networking like port forwarding, or VPN. Primarily, home consumer oriented devices use P2P as the way to remotely view because it is easy to setup with a smartphone by non-technical users.
Our security cameras, and recorders do have the ability to turn the P2P function on or off depending on their preference. You can learn more about how easy it is to enable remote viewing using the QR code or serial number of your device in our Dummies Guide to Remote Viewing Security Cameras.
P2P first relies on a “handshake” or third-party connection to a server on the internet before connecting to your system. For every day users this is not an issue, but for people who are concerned with security you never want your data going through another server.
Since P2P data goes through another server or “hop” there is an increased delay or “lag” for transmitting video data. For customers with a slow internet connection it can be a complete roadblock to remote viewing. For those with fast internet connections the lag may not be as noticeable but there is still some delay. All remote viewing will have some delay but with P2P it is the most pronounced.
In general P2P is a secure remote viewing method as long as you do not provide anyone with your remote viewing information, namely the serial number of your security camera recorder or camera. However, like mentioned before, for anyone who is concerned about their video or data being sent through a third-party server then P2P connectivity would not be recommended. The P2P remote viewing method is mainly for home users who don’t have the time, patience, or money to bother with IT.
Port Forwarding is the process of allowing certain types of internet traffic to flow through the firewall that is built into your internet router and get into your camera recorder. This process is difficult for people who have little or no IT networking knowledge as it requires logging into the internet router and making changes. We offer paid networking services which are available here on our website. This service allows one of our knowledgeable technicians to login to your computer remotely and set up port forwarding in your internet router.
The biggest hurdle in port forwarding is the requirement of a static IP address. An IP address is assigned to your modem or router by your Internet Service Provider (ISP). Most home internet connections get a new IP address periodically when the service provider performs maintenance or the power goes out. If your IP address changes while you are away from home you will be locked out of your security camera system until you can get the address it has changed to.
As a workaround, we suggest using a free service called DDNS that is built-in to most routers available on the market. It allows an easy way to keep track of changing IP addresses on an Internet connection. The DDNS feature is built into good routers. The router pings back to a secure server hosted by the router manufacturer what the current IP address is, so you can use a friendly name such as myhomesystem.ddns.net to get to your system from the internet.
We recommend routers by Asus as they are inexpensive and come with DDNS built-in. You can read an actual guide by Asus on how to set up DDNS on Asus routers.
Port Forwarding is more secure than P2P because it is a direct connection to your system through your internet router. This direct connection eliminates any added delay or lag time commonly encountered with cloud based security cameras or P2P connectivity. With strong internet connections such as Verizon Fios, Port Forwarding provides the fastest connection possible for watching a surveillance system remotely. As long as you give nobody your IP address/DDNS address, username, or password then Port Forwarding is the preferred way for remotely viewing when compared to P2P.
VPN or Virtual Private Network
Using a VPN or Virtual Private Network is one of the most secure ways to remotely access your security camera system. A VPN allows you to directly connect into your home network from wherever you are in the world. Direct connections, like VPNs or port forwarding, are more secure than using P2P. Provided that your VPN is secured and no one else has access then you will be the only person who can access your security camera system. Once you have established your VPN connection to your home network you can do whatever you’d like with your security camera system.
VPN is relatively easy to setup on most home consumer routers and can be used on either a PC or Mac computer, or even an iPhone or Android Phone. While you are out and about and using cellular data on your phone, you can establish a VPN tunnel to your home network to securely access your camera system.
It’s important to note that not all VPNs are the same. Routers will have different VPN capabilities available for you to setup. Depending on how many cameras you want to stream you will need a router with a strong enough processor to host your VPN. You will also need a strong enough internet connection to host a VPN with video data. Make sure you double check your router’s spec sheet and reviews for mentions of VPN features. Some routers have a stronger VPN connection when it’s paired to the same make and model router, which can be misleading for customers who are connecting over the internet.
VPNs are only vulnerable if they are public VPNs or you give someone else your VPN information. Most VPN software has monthly costs if your router does not include one. If you are tech savvy or have the time to invest we definitely recommend setting up a VPN rather than using port forwarding or P2P.
Keep your system off the internet
This method is pretty self-explanatory. Keeping your system off the internet by not connecting it to a router is the most secure. Without a connection to the internet there is no way that someone can hack your surveillance system short of breaking into your home and accessing it locally.
Since all systems are vulnerable to break-ins or theft it’s important to know you have options. As a fail-safe to theft, we recommend getting a secondary NVR to record your primary recorder. The secondary recorder goes in a separate location of the home or business. This second location should be well hidden, and both systems will need to be connected to the same local network. You can read more about having a redundant live backup in our How to backup your DVR or NVR guide.
You can still connect your system to a router and leave it behind your router’s firewall if you don’t plan to do any remote viewing outside the home. Having the system connected to a local network will allow you to access it using a PC or Mac, or watch it from your cell phone or tablet. However it won’t be accessible outside of the home.