Forgive me for seeking advice on a topic that's been well covered by IPVM. I'm also a brand new member to this community. That coupled with very limited experience in even the most basic of proper practices within this realm, and the seemingly endless catalog of in depth articles and discussions on just THIS subject, let alone the entirety of what's contained in IPVM archives as well as the bleeding edge info provided to members every week, is, to say the least, overwhelming, bordering on daunting. In attempting to absorb as much information as possible, I have neglected other common mundane tasks most humans take for granted: laundry, dishes, shaving, etc. although I haven't been able to give up showering... just yet.
All (terrible) attempts at humor aside, I'm finding difficult if not near impossible to forgive myself for purchasing the Lorex NVR/IP camera package, through Costco Online, earlier this year - around June - that was, to the best of my knowledge at the time, hacked by an angry neighbor/some random student of the mechatronic education program from our local university. After reading many, many articles on the subject in general, and more than a few regarding the Dahua backdoor specifically, I am all the more grateful for IPVM membership today. At the same time, I am kicking myself in the pants repeatedly for allowing myself to fall prey to an exploit that seems so poignant it, in my opinion, should have made national headlines. (Just before typing this out, I read another IPVM article showing, for all intents and purposes, it DID make those headlines, and I recall reading about it in a major newspaper article. At the time, and until 5 days ago, I had no idea that Lorex/FLIR OEMed Dahua, even having made a Google query asking, "who OEMs Lorex/FLIR?" at the time not understanding the 'direction' the OEM travels, and so found zero information that Lorex/FLIR was anything other than good ol' USA manufactured. Could I possibly feel any more inept at having exposed my family to massive identity theft and beyond? A great deal more, it seems.
I wanted to ensure that I installed this product (Lorex LNV416S+LNB3163B x6+LNE3162B x3) with nothing less than the most up to date knowledge and practices to ensure smooth sailing. I accessed the Lorex/FLIR official website a grand total of 29 times, not including other legitimate (as far as I could discern) info regarding IP/NVR best practices, all queries ending with "2017" to try and ensure up to date info, unfortunately, not once did IPVM show up during this time. I also realized, due to the age of our dwelling (circa 1930s) and previous knowledge of WiFi vulnerabilities and my ineptitude at dealing with that possibility, that I opted for hard wiring everything, which brought its own challenges as fishing cable through the attic was impossible the entire middle of the dwelling (the place has seen many additions, having been a 'college rental house' for decades prior to purchasing it; the middle addition having an attic crawl space of just UNDER 6 inches and sporting electrical standards of some bygone era where a ground rail was the norm.) Suffice to say, I opted for PVC electrical conduit of sufficient bore to house the first half of the cable (CAT 6) run that was included in the system's purchase. Knowing next to nothing about THAT meant I needed to educate myself on those best and current practices as well. When all was said and done, my head overflowing with newfound knowledge, it was not until mid September of this year (2017) that I made my way to the local "ginormous" hardware supply outlet to purchase the supplies that came from an additional week of (pulling my last hairs out) planning.
You're probably asking why I did not opt for the BEST installation option, i.e., professional. First, and if you'll excuse the expletive, I am a cheapass, preferring to do 'it' myself (and taking a bit of pride in the successful installs around the house) and secondly, there are, for the size of my town and in my opinion, far too many 'security/alarm' installation businesses. One outfit, known nationally (three letters make up its name; can you guess?) has no less than SEVEN 'authorized' dealers/installers in a small city of just under 200k citizens. And that's JUST for that business name. There are over 25 professionals in this business in my city. Plus my cable/internet provider on my back about how they can do it 'best'. Something about this doesn't feel right; seems like a racket to this paranoid consumer.
To shorten this text wall: With the help of a very patient and attentive relative, we got everything installed, buttoned up, turned on and tuned in with, what I thought at the time was great success. I forgot to mention, I even over-educated myself on local "CCTV laws and ordinances" to ensure we were not encroaching on anyone's privacy or privacy laws in general.
Then, in late October, it all began to fall apart. It was harrowing to attempt putting a finger on which vector the exploit began. Being incredibly fortunate to live in a very affluent section of my city, I learned, to my utter amazement, how entirely against any form of video surveillance my local neighborhood and neighbors were/are. I live amidst doctors, lawyers, computer builders/servicers, and law enforcement/prison personnel. All adamantly opposed to security surveillance - and here it comes - by ANYONE other than the 'local three letter' professionals. Within a matter of weeks, everything connected to my state of the art Cisco manufactured modem (three personal computers, three NEW mobile devices and the Lorex system) were compromised. This would be the third attempt at identity theft my family's experienced in five years. Replacing the Xfinity modem TWICE did nothing: rehacked. I also forgot to mention: I am, to the great irritation of my entire family, incredibly 'anal' about password security, physical security etc., to the extent someone with zero formal training can be, given the mostly sponsored information available. Some may laugh, but this is one area YouTube has been of great benefit to us, albeit after exhaustive searching for truly licensed professionals putting out the latest up to code information and how to info for DIYers, which, unfortunately, ends at the beginning of anything having to do with security surveillance, which is all, in my opinion, sponsored crap. And still, not once, did IPVM show up as an option for information.
Oh, the time and stress that would have been saved had even just one of the 'professional' sites I pored over put up a link, or even a hint, that an entity like IPVM existed. In the last month, without a membership, unable to access the plethora of rock solid 'Pro only' info, I was able to discern if not the who, the very definite 'what' of my system's exploitable access points, including non brand specifics such as the basic practices for IP/NVR networks. It was at this point that I came across and article/discussion with a link to the Lorex/FLIR 'white paper' release. Needless to say, I was appalled just short of outrage that this fundamental notification was never sent to me, not even a link to the page, even though I'd just paid at the time what I thought was a steal, a bit over $800.00 US for my new system. Even more appalling, I followed every jot and tittle of the install instructions, which were sparse to say the least, heading to the Lorex site and downloading every pertinent PDF I could that covered my system specifically, and 'best practices' for IP systems in general... which very clearly instructed me to port forward... even though I also downloaded their 'cloud client' which esteems to eliminate that need (and nowhere, at the time, instructed against it). I don't want to bore you with how user UNfriendly this system is; I'm certain the majority of you know what hell it would be were you a know-nothing like myself. Utter chaos, to be certain.
So much for shortening the text wall. Apologies. I feel at this point, I'm simply venting, so I'll end with a statement and a question for all of the real pros who made it this far.
IPVM is the best thing to happen to this consumer in what seems an eternity. I only wish I'd found myself here 6 months ago. For someone like myself, in this situation, there is no better source of information at this level of integrity. Professional or not, I'm signing up for the February 2018 camera course. The investment is a quarter the cost of my current IP system and worth 10 times that, in my experience. Thanks, to all of you that contribute and to IPVM for being available to this greenhorn.
Finally, let's pretend I never found this incredible resource. What/where/when/who would you (collectively) suggest consumers in my position, the adamant cheapasses that stupidly won't compromise on the DIY angle, go to for bleeding edge information that even holds a candle to what's provided by the IPVM staff and members?
My sincere thanks to those who made it this far, even more so to those willing to share some advice/guidance.