Remote Network Access for Video Surveillance Guide

By: IPVM Team, Published on Jul 27, 2020

Remotely accessing surveillance systems is key in 2020, with more and more users relying on mobile apps as their main way of operating the system. However, remote access brings unique challenges with system security, ease of access, and configuration difficulty all needing to be weighed against each other.

IPVM Image

Five Remote Access Options for Video Surveillance

In this report, we explain how the four most common remote access options for video surveillance work:

  • Port forwarding
  • Universal Plug and Play (UPnP)
  • Cloud / 'Phone Home' (e.g., Hikvision Hik-Connect, Verkada, Nest)
  • Virtual Private Networks (VPNs)

We also explain why the ancillary remote access service Dynamic DNS is used with port forwarding and VPN.

(Related: Network Addressing for Video Surveillance Guide and Converged vs. Dedicated Networks For Surveillance).

2020: Cyber Security Is Critical

Before putting any surveillance system on the internet, it is critical that users understand the risks involved. Several major vulnerabilities were reported in major manufacturers' cameras, including:

  • May 2020 - Dahua Critical Cloud Vulnerabilities - Dahua and 22 OEMs including Panasonic and Stanley had hard-coded cloud keys / passwords which were shared and could be used to ultimately gain full access to cloud connected equipment.
  • April 2020 - China Surveillance Vulnerabilities Used To Attack China - Anonymous-affiliated pro-Tibet activists Target PRC government by exploiting known vulnerabilities in equipment manufactured by Xiongmai and Dahua.
  • March 2020 - LILIN Vulnerabilities Used by DDoS Botnets - 3 Vulnerabilities: command injection vulnerabilities with NTUpdate, FTP, and NTP, hardcoded credentials, and arbitrary file reading vulnerability with LILIN DVRs.
  • February 2020 - Chinese NVR/DVR Vulnerability - Huawei (HiSilicon) backdoor uses a combination of port knocking to open enable telnet along with hardcoded root credentials.
  • February 2020 - Bosch, Multiple Self-Reported Vulnerabilities: two 10.0 critical vulnerabilities along with 8.6 and 7.7 rated vulnerabilities. The first 10.0 vulnerability affects Bosch BVMS and uses deserialization of untrusted data which attackers can use to remotely execute code. The other 10.0 vulnerability applies to their Video Streaming Gateway and is also remotely exploitable due to the VSG services missing authentication for critical functions.
  • January 2020 - Honeywell Maxpro VMS & NVR Vulnerability - Attackers are able to remotely execute code and via SQL injection vulnerability an attacker can could gain unauthenticated access to the web user interface with admin rights.

See our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits for more information on these and other issues, including new ones as they occur.

Because of the severity of these incidents and their increasing frequency, it is critical that users understand the basics of cybersecurity for surveillance systems, and how to protect against simple attacks at the very least.

We strongly recommend reviewing Network Security for IP Video Surveillance before proceeding.

Remote ****** ******* ***

*********** ********* *** **** and **** / **** forwarding **** * ******* minority ***** ***, ** our******* ***** ****** *****:

IPVM Image

Port **********

**** ********** **** *** private ** ******* ** the ******** ** ** camera ** *** ****** IP ******* ** * user's ****** ** **** it *** ** ******** accessible. ***** ** ******** router ************* ******* *********** enough **** **** ********** novices **** ******** ** do ** *********.

** ****** * ****** or ********, ***** ** (HTTP) *** *** (**** video *********) *** **** often **** *** **** often ******. **** ******* require ********** ***** ** be ****** *** *************, control, ** **************, ** well. *** *******, **** image ***** *** *** ports ********* ** * Dahua *** ** * consumer ******:

IPVM Image

**** **** ** ******** devices *** ** ** viewed *** *** ********, different ******** ***** **** be ****** ** ***** internal *****, ** ********** the **** **** ** two ******* ******* ** errors.

*** *******, ** *** NVRs *** ** ** viewed ******** ***** ** address ***.**.***.**, *** **** use **** **, ******** may **** **** ****:

  • ****: ***.**.***.**:**** ---> ***.***.*.*:**
  • ****: ***.**.***.**:**** ---> ***.***.*.*:**

Universal **** *** ****

********* **** *** **** (UPnP)** * *** ** protocols ***** ******** ****** discovery *** ************* ** a ***** *******. *** of *** **** ** UPnP ** *********** ****** port ********** (*****), ******** a **** ****** ** automatically ****** **** ******** in * ****** ******* any ************ **** *** user.

*** *******, *** ***** below ***** **** **** forwarding ************* ********* ** three ******** ********* ** cameras (******** ***** *** camera):

IPVM Image

*******, ** ********, **** is ********** ** **** cases. ** **** ******** networks, ***** *** *****, UPnP ********* *** ****** off, ********* ****** **** forwarding. ** ******** ***, port ******** *** *** function ********, *** ** added **** **** ****, may ******** **** ***** devices, ** *** ****** not ** ***** ** all. ****** ****** *****, error *********** ** ****** available **** **** **** mapping *****, ******* *** user ******* *** ***** of ***************. ******* ** these *******, ****** **** forwarding *** ****** **** common ** ********** ************.

Dynamic ***

*********, **** ** *** provide ****** ** ********* to *********** *** ***** business ******** (******* ** additional ******), ** **** time, *** ****** ** address ******** ** **** may ******. *** *******, the ****** ** ******* of **** ***** *** be **.**.**.*** ***** *** tomorrow ** ***** ** 84.32.34.119. ** **** ****** video ****** ** ********** to ******* ** **.**.**.***, tomorrow ** ***** ****.

******* ***, ** ********* remote ****** *******, ******** this ** ******* ** a ******* ********, *.*. Site2-NVR3.dyndns.org ******* ** ***.***.***.***. The **** ******* ******* the ** ******* ************* to **** ******** ************, or ************* ******* ******* and ******* *********** ** some *****.

** ************, **** ** most ******** **** **** DVRs/NVRs **** **** **** port *********. **** ************* host ***** *** ******* DDNS ******** **** ** users *** ******** ***** equipment (****** ********* ** ****** does), *** ****, ** not ****, ****** **** include * *****-** **** client, **** ** **** the ******'* ** ******* up ** ****. ****** may ****** ** *** DDNS **** **** **** have * ****** ******* as * **** ******** domain **** *** ** preferred **** ** ** address. *** ******* ***** party **** ******** *************.

**** ** ****** **** to ******* ********** ******* to * ***, ***** the ****** ******* ** update *** ** ******* upon * ****** **** render ** ***********, ********* in **** ***** *** requiring * **** ***** to ******. ********, ** professional ************ ************ ** is **** ****** ** remotely ******* ** *** VMS/NVR *** ******** ** cameras.

**** ** **** **** with *** *********** *** managing *** ************** ******* IP ******* ****** ** that *** *****, *******, and ***** ***** *** access *** *** ****** / ************ **** **** the ** *** *******. DDNS ** **** **** with *** ** ******* a **** **** ******** address ** ****** **** rather **** ** ** address.

Public ********** ******* **** - ****, ****, *** **** **********

***** ****, **** ***/** port ********** ******* ***'* devices ** *** ****** public ********, ******* **** anyone *** ******* ** connect *** ****** ***'* device ******* (*.*., ****** or ********). ******* *** attack ******** ** ******** of ******* * *** across *** ****** ********, either ****** ** ******** trying ** ********* ** by ******* ***** ** potentially ********** ******* (*.*.,****** **** ** ********* public ********** - ********* port ********* *******). *** ***** ********** with **** ****, ****** ********'* *** ************* of ***** ******: ** built * **** *** toaster, *** ** *** compromised ** ** ****. **** ******** ******* to ***** ************, ********** ***** ********** ************ ** ****** ********** ****** ** ***** devices ***** ****** **** forwarded ****** *******. ** ** *** recommend ****** **** ******* publicly **********.

**** *** * ****** demonstrating*** **** **** ** these *************** *** ** exploit. ** **** **** a ******** ********** ** our********** ********** ******** ******** ** hack (*** ****** **********) cameras.

Cloud / '***** ****'

** ********* *** ********** and ********* *** ****** involved ** ****** **** forwarding, ****, *** ******* DNS, ***** *********** **** become **** *********. ***** connections *** * **** of *** (********* ****** application-specific ****) ***** ******** limited ** ** **** interaction ** *********.

******* ************* ***** ***** own ********* ***** ******* cameras *** **** ** the *****, **** ****** *********,********* (***** / ***-*******),*******, *** ******. ********/******** of ****** ******* *** security/home ********** ******* ********* also *** **** **** of ************, **** ****** ***,******* ********,******, ******.

**** ********, ***** *** been * ******* ***** of ***** ****** ***** access ** ***** *****, so ***** *** ** monitored ******** ** *** mobile ******* ***-****, *****************,*****, ********** *****. **** ****** ****** remote ********** ******* **** forwarding, *** **** *** directly ******* ******* ** the *****.

TLS *******

***** *********** *** ********* made *** * ********* (********* ***** ********, an ********** ********)******, *** ** *** these ***** ***** (***** on *** ***** *****):

  1. ********** ****** ***** * HELLO ******* ** ******* a **********.
  2. ****** ***** ***** ***** with ********* ***********.
  3. * ********* ** ********* and * ****** ****** is *** **.
  4. **** *** *** ****** is ** *****, **** sent ******* ** ** encrypted, **** ******** *** data ********* ******** (***** only ** "*********** ****" in *** ******* *****).

***** ** * ********* trace *** ** **** camera **** **** *******:

IPVM Image

****** ***** **** ** "Application ****" *****, **** the ****** ** *** up, ******* ********* **** as ****(*), ****,***, ***,***., *** **** *** camera ******* *** *********.

***** / '***** ****' connections *** *** ******* and **** ******** ******* to ******* ****** ****** to **** *** ***** business. *******, *** ********* or ******** *****, ** administrators *** ** ********* about ******** ***** ******* to '*** ******' ***** firewalls.

Push ** **** ** *****

***** **** *** **** forwarding **** **** ******* for *****, ***** *** been * **** ** move ** ***** ******** in *** **** *** years, ** ***** ** part *** ** *** increase ********** *** ***** *******. ******* '*****-*****' ***** have **** ******* **** trend, **** **************, ***** ********* ****************. ************, *** ********** such ** ******* *** Milestone **** ******** ***** VMS, ** **** (******* ********************** *****).

**** **** **** ***** cloud ************* **** ****** ** video *** ***** **** is *********** *** ****** tunnel, ******** ** ***** from *** ******* ** users ** *** ************/********* providing *** *******, ** well ** ***** ********* hosting ********. **** ***** that, *** *******, ***********'* ***** *******,***** *******, ********* ********, *** ***** of *** ******* *** likely ** ** ********, instead ** **** ******* numbers ******** ********** **** targeted *****.

Dedicated ******* ******* ********

*** **** ****** ****** historically *** ****** ************* to ******* ****** ******* and ***** ** * dedicated ***, ********* ***** hardware ********** (**** ** SonicWall ** ***** *********) located ** **** ****. This ********* ******* * tunnel ******* *** ******** to *** ****** ********, effectively ******** * ****** video *******, ******* ***** in ********* *********.

** ************, ********* **** are ********* **** **** used ** ****** *****-**** installations. *** ********** **** historically **** $***-*** *** site, ****** ****** *** dropping, ******** ******* ******** ** $100 ** ****.

Recommended - ****

** ********* ****** ******** ****** **** video ************ *******. ***** port ********** (** ****, DDNs, ***.) *** ** cheaper *** ******* ** front, **** ****** **** devices ** ***** ******** and ****** ** *** vulnerabilities *** *****. ***** cloud ******** *** ***** improved, *** *** *** risk ** **** ***** exploited ***/** *** ***** service ******** ********* ** abusing **** ******.

***** *** *** ****** VPN ************** **** ** video ************, **** ** site *** *** ****** access ***. * **** to **** *** ******** one ******** ** *******, like * **** ****** and * ********* ******. This ** ******** **** to ******* ** ******* and/or ******* ******** ** one ******** ** *******. This ** *********** *****:

IPVM Image

*** ***** ****** ***** is ****** ******. **** is **** *** * single ******, **** * laptop ** ****** ****** to ******** ******* ** the ***** ************ *******. This ** *********** *****:

IPVM Image

Test **** *********

**** ***** ******** *******.

Comments (8)

Undisclosed Integrator #1

07/27/20 05:18pm

***** *** **** ***** of **** **** *** a ****** ********.

******* *** ******** ******* this ** ******* ** a ******* ********, *.*. Site2-NVR3.dyndns.org ******* ** **.***.*.*.

*** **** **** **.***.*.* is * ******* ** address, *****? **** ***'* going ** **** ****** access ** *** *********.

** ********* ****** ******** ****** **** video ************ *******. ***** port ********** (** ****, DDNs, ***.) *** ** cheaper *** ******* ** front, **** ****** **** devices ** ***** ******** and ****** ** *** vulnerabilities *** *****.

**** *** *** ** alternative ** ****. ** you ***'* **** * static ****** ** *******, you'll ***** **** ** set ** **** ** order ** ******* *** VPN. *********, *** ***** your *** ******** **** what ** ******* **?

*** *** ****** ******* this ******* ** **** it ***** **** *** options *******-**********, ***, ****, *** cloud, ******* ** ****, VPN, ****, *** *****? DDNS ****** *** ** juxtaposed **** *** ***** technologies **** ****.

* *** **** *'* not *** ***** ** bring **** **. ******* ******* **** ****.

Avatar

John Scanlan

IPVM | IPVMU Certified | In reply to Undisclosed Integrator #1 | 07/27/20 06:18pm

** - ******. *** IP ******* ** *******, and * **** ****** the ****** ** ******* that **** ** ** ancillary ****** ****** ******* commonly **** **** **** forwarding *** *** ** track ******* ** ******* as **** ** ******* a **** **** ******** name ** ***** ** IP.

Cameron Stewart

In reply to Undisclosed Integrator #1 | 07/28/20 12:52am

**** **** *** ** should ** ***** **** not **** ***** ** a *** ********** ******* a ****** ** *******.

*** ******* ** * company ** **** **** good ******** **** ******* static ** *********. ******* our ******* ** ****** we *** ***** ****** clients/cameras/entire ******* **** **** dynamic ** ********* **** to ** **** * VPN **** ** ******.

Avatar

John Scanlan

IPVM | IPVMU Certified | In reply to Cameron Stewart | 07/28/20 02:16pm

******* - ******, ****** addresses *** *** ******** for ****. * ***** IPVMs **** ***** * combination ** **** ****** and ******* ********* ** different *********. * **** use **** **** **** static ********* *** ****. Using **** **** ****** addresses ****** ** **** we ***** ******* ~*.* years ***. *** ** address ** *** ****** changed **** ** *****, but * *** *** have ** *********** ****** devices *** ******* ******* they **** ********** **** the ****** **** ****** the *** ** *******. DDNS ****** ***** **** we ******** **** ***** to ***** *** *** IPs ******* *****.

Tariq Saleh

07/28/20 04:21am

*********** **** **** **** is ***** *********** *** v1

John Honovich

IPVM | In reply to Tariq Saleh | 07/30/20 01:15pm

*****, **** ********* ****** that*** *.* *** **** will ** ********* ****** August. ****** *** ******* this.

Tariq Saleh

In reply to John Honovich | 07/31/20 03:59am

*** **** *** *** they **** *** *** TLS *.*

*** *** **** *** finalized *** ********* ** August ****

Undisclosed Integrator #2

07/28/20 03:24pm

* **** *** **** at *** *** ** this *******! ***** *** to ********* ********. ****** do **** **** *****!

Read this IPVM report for free.

This article is part of IPVM's 6,536 reports, 881 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Dedicated Vs Converged IP Video Networks Statistics 2020 on Sep 10, 2020
Running one's video system on a converged network with other devices can save...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...
Network Cable Usage Statistics 2020 (Cat 5e vs Cat 6 vs Cat 6a) on Sep 02, 2020
Integrators are split between using Cat 5e, 6, and 6a but 2 of them have...
Door Fundamentals For Access Control Guide on Aug 24, 2020
Doors vary greatly in how difficult and costly it is to add electronic access...
Startup Vaion Presents End-to-End Cloud Managed Video Surveillance on Aug 20, 2020
Vaion presented its end-to-end cloud managed video surveillance offering at...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...
Anyvision Raises $43 Million, Focusing on Access Control And Remote Authentication on Sep 04, 2020
While Anyvision has had a tumultuous 2020 with significant layoffs, the...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Directory of 206 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a...
SenseB4 Presents Cloud Network Device Monitoring on Jun 09, 2020
SenseB4 presented its cybersecurity and network health monitoring products at...

Recent Reports

New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...