Remote Network Access for Video Surveillance Guide

By: IPVM Team, Published on Jul 27, 2020

Remotely accessing surveillance systems is key in 2020, with more and more users relying on mobile apps as their main way of operating the system. However, remote access brings unique challenges with system security, ease of access, and configuration difficulty all needing to be weighed against each other.

IPVM Image

Five Remote Access Options for Video Surveillance

In this report, we explain how the four most common remote access options for video surveillance work:

  • Port forwarding
  • Universal Plug and Play (UPnP)
  • Cloud / 'Phone Home' (e.g., Hikvision Hik-Connect, Verkada, Nest)
  • Virtual Private Networks (VPNs)

We also explain why the ancillary remote access service Dynamic DNS is used with port forwarding and VPN.

(Related: Network Addressing for Video Surveillance Guide and Converged vs. Dedicated Networks For Surveillance).

2020: Cyber Security Is Critical

Before putting any surveillance system on the internet, it is critical that users understand the risks involved. Several major vulnerabilities were reported in major manufacturers' cameras, including:

  • May 2020 - Dahua Critical Cloud Vulnerabilities - Dahua and 22 OEMs including Panasonic and Stanley had hard-coded cloud keys / passwords which were shared and could be used to ultimately gain full access to cloud connected equipment.
  • April 2020 - China Surveillance Vulnerabilities Used To Attack China - Anonymous-affiliated pro-Tibet activists Target PRC government by exploiting known vulnerabilities in equipment manufactured by Xiongmai and Dahua.
  • March 2020 - LILIN Vulnerabilities Used by DDoS Botnets - 3 Vulnerabilities: command injection vulnerabilities with NTUpdate, FTP, and NTP, hardcoded credentials, and arbitrary file reading vulnerability with LILIN DVRs.
  • February 2020 - Chinese NVR/DVR Vulnerability - Huawei (HiSilicon) backdoor uses a combination of port knocking to open enable telnet along with hardcoded root credentials.
  • February 2020 - Bosch, Multiple Self-Reported Vulnerabilities: two 10.0 critical vulnerabilities along with 8.6 and 7.7 rated vulnerabilities. The first 10.0 vulnerability affects Bosch BVMS and uses deserialization of untrusted data which attackers can use to remotely execute code. The other 10.0 vulnerability applies to their Video Streaming Gateway and is also remotely exploitable due to the VSG services missing authentication for critical functions.
  • January 2020 - Honeywell Maxpro VMS & NVR Vulnerability - Attackers are able to remotely execute code and via SQL injection vulnerability an attacker can could gain unauthenticated access to the web user interface with admin rights.

See our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits for more information on these and other issues, including new ones as they occur.

Because of the severity of these incidents and their increasing frequency, it is critical that users understand the basics of cybersecurity for surveillance systems, and how to protect against simple attacks at the very least.

We strongly recommend reviewing Network Security for IP Video Surveillance before proceeding.

******** ********* ************ ******* is *** ** ****, with**** *** **** ***** relying ** ****** ****** ***** **** *** of ********* *** ******. However, ****** ****** ****** unique ********** **** ****** security, **** ** ******, and ************* ********** *** needing ** ** ******* against **** *****.

IPVM Image

Five ****** ****** ******* *** ***** ************

** **** ******, ** explain *** *** **** most ****** ****** ****** options *** ***** ************ work:

  • **** **********
  • ********* **** *** **** (UPnP)
  • ***** / '***** ****' (e.g., ********* ***-*******, *******, Nest)
  • ******* ******* ******** (****)

** **** ******* *** the ********* ****** ****** service ******* *** ** used **** **** ********** and ***.

(*******:******* ********** *** ***** Surveillance ***************** **. ********* ******** For ************).

2020: ***** ******** ** ********

****** ******* *** ************ system ** *** ********, it ************** *************** *** ***** ********. ******* ***** *************** were ******** ** ***** manufacturers' *******, *********:

  • *** **** -***** ******** ***** ***************- ***** *** ** OEMs ********* ********* *** Stanley *** ****-***** ***** keys / ********* ***** were ****** *** ***** be **** ** ********** gain **** ****** ** cloud ********* *********.
  • ***** **** -***** ************ *************** **** To ****** *****- *********-********** ***-***** ********* Target *** ********** ** exploiting ***** *************** ** equipment ************ ** ******** and *****.
  • ***** **** -***** *************** **** ** DDoS *******- * ***************: ******* injection *************** **** ********, FTP, *** ***, ********* credentials, *** ********* **** reading ************* **** ***** DVRs.
  • ******** **** -******* ***/*** *************- ****** (*********) ******** uses * *********** ** port ******** ** **** enable ****** ***** **** hardcoded **** ***********.
  • ******** **** -*****, ******** ****-******** ***************: *** **.* ******** vulnerabilities ***** **** *.* and *.* ***** ***************. The ***** **.* ************* affects ***** **** *** uses *************** ** ********* data ***** ********* *** use ** ******** ******* code. *** ***** **.* vulnerability ******* ** ***** Video ********* ******* *** is **** ******** *********** due ** *** *** services ******* ************** *** critical *********.
  • ******* **** -********* ****** *** & NVR *************- ********* *** **** to ******** ******* **** and *** *** ********* vulnerability ** ******** *** could **** *************** ****** to *** *** **** interface **** ***** ******.

*** ************ ** ***** ************ Cybersecurity *************** *** *********** **** *********** ** these *** ***** ******, including *** **** ** they *****.

******* ** *** ******** of ***** ********* *** their ********** *********, ** is ******** **** ***** understand *** ****** ** cybersecurity *** ************ *******, and *** ** ******* against ****** ******* ** the **** *****.

** ******** ********* **************** ******** *** ** Video ****************** **********.

[***************]

Remote ****** ******* ***

*********** ********* *** **** and **** / **** forwarding **** * ******* minority ***** ***, ** our******* ***** ****** *****:

IPVM Image

Port **********

**** ********** **** *** private ** ******* ** the ******** ** ** camera ** *** ****** IP ******* ** * user's ****** ** **** it *** ** ******** accessible. ***** ** ******** router ************* ******* *********** enough **** **** ********** novices **** ******** ** do ** *********.

** ****** * ****** or ********, ***** ** (HTTP) *** *** (**** video *********) *** **** often **** *** **** often ******. **** ******* require ********** ***** ** be ****** *** *************, control, ** **************, ** well. *** *******, **** image ***** *** *** ports ********* ** * Dahua *** ** * consumer ******:

IPVM Image

**** **** ** ******** devices *** ** ** viewed *** *** ********, different ******** ***** **** be ****** ** ***** internal *****, ** ********** the **** **** ** two ******* ******* ** errors.

*** *******, ** *** NVRs *** ** ** viewed ******** ***** ** address ***.**.***.**, *** **** use **** **, ******** may **** **** ****:

  • ****: ***.**.***.**:**** ---> ***.***.*.*:**
  • ****: ***.**.***.**:**** ---> ***.***.*.*:**

Universal **** *** ****

********* **** *** **** (UPnP)** * *** ** protocols ***** ******** ****** discovery *** ************* ** a ***** *******. *** of *** **** ** UPnP ** *********** ****** port ********** (*****), ******** a **** ****** ** automatically ****** **** ******** in * ****** ******* any ************ **** *** user.

*** *******, *** ***** below ***** **** **** forwarding ************* ********* ** three ******** ********* ** cameras (******** ***** *** camera):

IPVM Image

*******, ** ********, **** is ********** ** **** cases. ** **** ******** networks, ***** *** *****, UPnP ********* *** ****** off, ********* ****** **** forwarding. ** ******** ***, port ******** *** *** function ********, *** ** added **** **** ****, may ******** **** ***** devices, ** *** ****** not ** ***** ** all. ****** ****** *****, error *********** ** ****** available **** **** **** mapping *****, ******* *** user ******* *** ***** of ***************. ******* ** these *******, ****** **** forwarding *** ****** **** common ** ********** ************.

Dynamic ***

*********, **** ** *** provide ****** ** ********* to *********** *** ***** business ******** (******* ** additional ******), ** **** time, *** ****** ** address ******** ** **** may ******. *** *******, the ****** ** ******* of **** ***** *** be **.**.**.*** ***** *** tomorrow ** ***** ** 84.32.34.119. ** **** ****** video ****** ** ********** to ******* ** **.**.**.***, tomorrow ** ***** ****.

******* ***, ** ********* remote ****** *******, ******** this ** ******* ** a ******* ********, *.*. Site2-NVR3.dyndns.org ******* ** ***.***.***.***. The **** ******* ******* the ** ******* ************* to **** ******** ************, or ************* ******* ******* and ******* *********** ** some *****.

** ************, **** ** most ******** **** **** DVRs/NVRs **** **** **** port *********. **** ************* host ***** *** ******* DDNS ******** **** ** users *** ******** ***** equipment (****** ********* ** ****** does), *** ****, ** not ****, ****** **** include * *****-** **** client, **** ** **** the ******'* ** ******* up ** ****. ****** may ****** ** *** DDNS **** **** **** have * ****** ******* as * **** ******** domain **** *** ** preferred **** ** ** address. *** ******* ***** party **** ******** *************.

**** ** ****** **** to ******* ********** ******* to * ***, ***** the ****** ******* ** update *** ** ******* upon * ****** **** render ** ***********, ********* in **** ***** *** requiring * **** ***** to ******. ********, ** professional ************ ************ ** is **** ****** ** remotely ******* ** *** VMS/NVR *** ******** ** cameras.

**** ** **** **** with *** *********** *** managing *** ************** ******* IP ******* ****** ** that *** *****, *******, and ***** ***** *** access *** *** ****** / ************ **** **** the ** *** *******. DDNS ** **** **** with *** ** ******* a **** **** ******** address ** ****** **** rather **** ** ** address.

Public ********** ******* **** - ****, ****, *** **** **********

***** ****, **** ***/** port ********** ******* ***'* devices ** *** ****** public ********, ******* **** anyone *** ******* ** connect *** ****** ***'* device ******* (*.*., ****** or ********). ******* *** attack ******** ** ******** of ******* * *** across *** ****** ********, either ****** ** ******** trying ** ********* ** by ******* ***** ** potentially ********** ******* (*.*.,****** **** ** ********* public ********** - ********* port ********* *******). *** ***** ********** with **** ****, ****** ********'* *** ************* of ***** ******: ** built * **** *** toaster, *** ** *** compromised ** ** ****. **** ******** ******* to ***** ************, ********** ***** ********** ************ ** ****** ********** ****** ** ***** devices ***** ****** **** forwarded ****** *******. ** ** *** recommend ****** **** ******* publicly **********.

**** *** * ****** demonstrating*** **** **** ** these *************** *** ** exploit. ** **** **** a ******** ********** ** our********** ********** ******** ******** ** hack (*** ****** **********) cameras.

Cloud / '***** ****'

** ********* *** ********** and ********* *** ****** involved ** ****** **** forwarding, ****, *** ******* DNS, ***** *********** **** become **** *********. ***** connections *** * **** of *** (********* ****** application-specific ****) ***** ******** limited ** ** **** interaction ** *********.

******* ************* ***** ***** own ********* ***** ******* cameras *** **** ** the *****, **** ****** *********,********* (***** / ***-*******),*******, *** ******. ********/******** of ****** ******* *** security/home ********** ******* ********* also *** **** **** of ************, **** ****** ***,******* ********,******, ******.

**** ********, ***** *** been * ******* ***** of ***** ****** ***** access ** ***** *****, so ***** *** ** monitored ******** ** *** mobile ******* ***-****, *****************,*****, ********** *****. **** ****** ****** remote ********** ******* **** forwarding, *** **** *** directly ******* ******* ** the *****.

TLS *******

***** *********** *** ********* made *** * ********* (********* ***** ********, an ********** ********)******, *** ** *** these ***** ***** (***** on *** ***** *****):

  1. ********** ****** ***** * HELLO ******* ** ******* a **********.
  2. ****** ***** ***** ***** with ********* ***********.
  3. * ********* ** ********* and * ****** ****** is *** **.
  4. **** *** *** ****** is ** *****, **** sent ******* ** ** encrypted, **** ******** *** data ********* ******** (***** only ** "*********** ****" in *** ******* *****).

***** ** * ********* trace *** ** **** camera **** **** *******:

IPVM Image

****** ***** **** ** "Application ****" *****, **** the ****** ** *** up, ******* ********* **** as ****(*), ****,***, ***,***., *** **** *** camera ******* *** *********.

***** / '***** ****' connections *** *** ******* and **** ******** ******* to ******* ****** ****** to **** *** ***** business. *******, *** ********* or ******** *****, ** administrators *** ** ********* about ******** ***** ******* to '*** ******' ***** firewalls.

Push ** **** ** *****

***** **** *** **** forwarding **** **** ******* for *****, ***** *** been * **** ** move ** ***** ******** in *** **** *** years, ** ***** ** part *** ** *** increase ********** *** ***** *******. ******* '*****-*****' ***** have **** ******* **** trend, **** **************, ***** ********* ****************. ************, *** ********** such ** ******* *** Milestone **** ******** ***** VMS, ** **** (******* ********************** *****).

**** **** **** ***** cloud ************* **** ****** ** video *** ***** **** is *********** *** ****** tunnel, ******** ** ***** from *** ******* ** users ** *** ************/********* providing *** *******, ** well ** ***** ********* hosting ********. **** ***** that, *** *******, ***********'* ***** *******,***** *******, ********* ********, *** ***** of *** ******* *** likely ** ** ********, instead ** **** ******* numbers ******** ********** **** targeted *****.

Dedicated ******* ******* ********

*** **** ****** ****** historically *** ****** ************* to ******* ****** ******* and ***** ** * dedicated ***, ********* ***** hardware ********** (**** ** SonicWall ** ***** *********) located ** **** ****. This ********* ******* * tunnel ******* *** ******** to *** ****** ********, effectively ******** * ****** video *******, ******* ***** in ********* *********.

** ************, ********* **** are ********* **** **** used ** ****** *****-**** installations. *** ********** **** historically **** $***-*** *** site, ****** ****** *** dropping, ******** ******* ******** ** $100 ** ****.

Recommended - ****

** ********* ****** ******** ****** **** video ************ *******. ***** port ********** (** ****, DDNs, ***.) *** ** cheaper *** ******* ** front, **** ****** **** devices ** ***** ******** and ****** ** *** vulnerabilities *** *****. ***** cloud ******** *** ***** improved, *** *** *** risk ** **** ***** exploited ***/** *** ***** service ******** ********* ** abusing **** ******.

***** *** *** ****** VPN ************** **** ** video ************, **** ** site *** *** ****** access ***. * **** to **** *** ******** one ******** ** *******, like * **** ****** and * ********* ******. This ** ******** **** to ******* ** ******* and/or ******* ******** ** one ******** ** *******. This ** *********** *****:

IPVM Image

*** ***** ****** ***** is ****** ******. **** is **** *** * single ******, **** * laptop ** ****** ****** to ******** ******* ** the ***** ************ *******. This ** *********** *****:

IPVM Image

Test **** *********

**** ***** ******** *******.

Comments (8)

***** *** **** ***** of **** **** *** a ****** ********.

******* *** ******** ******* this ** ******* ** a ******* ********, *.*. Site2-NVR3.dyndns.org ******* ** **.***.*.*.

*** **** **** **.***.*.* is * ******* ** address, *****? **** ***'* going ** **** ****** access ** *** *********.

** ********* ****** ******** ****** **** video ************ *******. ***** port ********** (** ****, DDNs, ***.) *** ** cheaper *** ******* ** front, **** ****** **** devices ** ***** ******** and ****** ** *** vulnerabilities *** *****.

**** *** *** ** alternative ** ****. ** you ***'* **** * static ****** ** *******, you'll ***** **** ** set ** **** ** order ** ******* *** VPN. *********, *** ***** your *** ******** **** what ** ******* **?

*** *** ****** ******* this ******* ** **** it ***** **** *** options *******-**********, ***, ****, *** cloud, ******* ** ****, VPN, ****, *** *****? DDNS ****** *** ** juxtaposed **** *** ***** technologies **** ****.

* *** **** *'* not *** ***** ** bring **** **. ******* ******* **** ****.

** - ******. *** IP ******* ** *******, and * **** ****** the ****** ** ******* that **** ** ** ancillary ****** ****** ******* commonly **** **** **** forwarding *** *** ** track ******* ** ******* as **** ** ******* a **** **** ******** name ** ***** ** IP.

**** **** *** ** should ** ***** **** not **** ***** ** a *** ********** ******* a ****** ** *******.

*** ******* ** * company ** **** **** good ******** **** ******* static ** *********. ******* our ******* ** ****** we *** ***** ****** clients/cameras/entire ******* **** **** dynamic ** ********* **** to ** **** * VPN **** ** ******.

******* - ******, ****** addresses *** *** ******** for ****. * ***** IPVMs **** ***** * combination ** **** ****** and ******* ********* ** different *********. * **** use **** **** **** static ********* *** ****. Using **** **** ****** addresses ****** ** **** we ***** ******* ~*.* years ***. *** ** address ** *** ****** changed **** ** *****, but * *** *** have ** *********** ****** devices *** ******* ******* they **** ********** **** the ****** **** ****** the *** ** *******. DDNS ****** ***** **** we ******** **** ***** to ***** *** *** IPs ******* *****.

*********** **** **** **** is ***** *********** *** v1

*****, **** ********* ****** that*** *.* *** **** will ** ********* ****** August. ****** *** ******* this.

*** **** *** *** they **** *** *** TLS *.*

*** *** **** *** finalized *** ********* ** August ****

* **** *** **** at *** *** ** this *******! ***** *** to ********* ********. ****** do **** **** *****!

Login to read this IPVM report.

Related Reports

Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101...
ISS Presents Face As A Credential and UVSS on Apr 30, 2020
ISS presented its security platform, including access control integration,...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Converged vs Dedicated Networks For Surveillance Tutorial on Feb 12, 2020
Use the existing network or deploy a new one? This is a critical choice in...
Help Security End Users Facing Coronavirus Improve Remote Access on Mar 24, 2020
Many end-users and integrators are struggling with the impact of coronavirus...
Cancel or Not? Industry Split Over ISC West on Feb 26, 2020
The industry is split, polarized, over whether ISC West 2020 should run or be...
Startup Videoloft Presents Cloud Storage on May 27, 2020
Videoloft presented offsite cloud storage at the May 2020 IPVM Startups...
ZKTeco Presents SpeedFace Recognition + Body Temperature Detection on Apr 21, 2020
ZKTeco presented its SF1008+ reader with body temperature and face mask...
Directory of 201 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
How Mobile Access Control Can and Cannot Help With Coronavirus on Mar 23, 2020
With coronavirus concerns continuing to rise, many access control companies...
Vehicle Gate Access Control Guide on Mar 19, 2020
Vehicle gate access control demands integrating various systems to keep...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
NetApp Presents Hybrid Cloud Video Archive on May 11, 2020
NetApp presented its hybrid S3 cloud video archive at the April 2020 IPVM New...
USA ICI Elevated Skin Temperature Detectors Examined on Apr 06, 2020
Infrared Cameras, Inc. (ICI) is aiming to help slow the spread of COVID-19...

Recent Reports

Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
"Grand Slam" For Pelco's PE Firm, A Risk For Motorola on Aug 07, 2020
The word "Pelco" and "grand slam" have not been said together for many years....
FLIR Stock Falls, Admits 'Decelerating' Demand For Temperature Screening on Aug 07, 2020
Is the boom going to bust for temperature screening? FLIR disappointed...
VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...
Dogs For Coronavirus Screening Examined on Aug 06, 2020
While thermal temperature screening is the surveillance industry's most...
ADT Slides Back, Disappointing Results, Poor Commercial Performance on Aug 06, 2020
While ADT had an incredible start to the week, driven by the Google...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...