Remote Network Access for Video Surveillance Guide

Published Jul 27, 2020 16:35 PM

Remotely accessing surveillance systems is key in 2023, with more and more users relying on mobile apps as their main way of operating the system. However, remote access brings unique challenges with system security, ease of access, and configuration difficulty all needing to be weighed against each other.

IPVM Image

Five Remote Access Options for Video Surveillance

In this report, we explain how the four most common remote access options for video surveillance work:

  • Port forwarding
  • Universal Plug and Play (UPnP)
  • Cloud / 'Phone Home' (e.g., Hikvision Hik-Connect, Verkada, Nest)
  • Virtual Private Networks (VPNs)

We also explain why the ancillary remote access service Dynamic DNS is used with port forwarding and VPN.

(Related: Network Addressing for Video Surveillance Guide and Converged vs. Dedicated Networks For Surveillance).

2023: Cyber Security Is Critical

Before putting any surveillance system on the internet, it is critical that users understand the risks involved. Several major vulnerabilities were reported in major manufacturers' cameras, including:

  • December 2022 - Hikvision vulnerability impacting 400,000 Hikvision and OEM devices online. This vulnerability is critical as it allows a remote user, unauthenticated, to obtain the device's admin username and password.
  • December 2022 - LenelS2 critical vulnerability, with a 9.8 CVSS score, impacting software solutions used by enterprises and governments globally. IPVM examines a critical vulnerability that enables an authentication bypass through a bug in RabbitMQ's implementation of the TLS protocol.
  • January 2021 - ADT Technician Hacks Video Surveillance 9600+ Times For Sexual Gratification - Technician added his own email to customer accounts so he could log in to view customers, many of which had several underage children.
  • September 2021 - Dahua New Critical Vulnerabilities 2021 - Attackers may gain admin access to devices without credentials, potential for another mass hack.
  • June 2021 - Hackers Add Backdoor To CCTV Security Pros / Dahua SmartPSS - Hackers Trojanized downloads of Dahua's SmartPSS from OEM's website, CCTV Security Pros.
  • May 2020 - Dahua Critical Cloud Vulnerabilities - Dahua and 22 OEMs including Panasonic and Stanley had hard-coded cloud keys / passwords which were shared and could be used to ultimately gain full access to cloud connected equipment.
  • April 2020 - China Surveillance Vulnerabilities Used To Attack China - Anonymous-affiliated pro-Tibet activists Target PRC government by exploiting known vulnerabilities in equipment manufactured by Xiongmai and Dahua.
  • March 2020 - LILIN Vulnerabilities Used by DDoS Botnets - 3 Vulnerabilities: command injection vulnerabilities with NTUpdate, FTP, and NTP, hardcoded credentials, and arbitrary file reading vulnerability with LILIN DVRs.
  • February 2020 - Chinese NVR/DVR Vulnerability - Huawei (HiSilicon) backdoor uses a combination of port knocking to open enable telnet along with hardcoded root credentials.
  • February 2020 - Bosch, Multiple Self-Reported Vulnerabilities: two 10.0 critical vulnerabilities along with 8.6 and 7.7 rated vulnerabilities. The first 10.0 vulnerability affects Bosch BVMS and uses deserialization of untrusted data which attackers can use to remotely execute code. The other 10.0 vulnerability applies to their Video Streaming Gateway and is also remotely exploitable due to the VSG services missing authentication for critical functions.
  • January 2020 - Honeywell Maxpro VMS & NVR Vulnerability - Attackers are able to remotely execute code and via SQL injection vulnerability an attacker can could gain unauthenticated access to the web user interface with admin rights.

See our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits for more information on these and other issues, including new ones as they occur.

Because of the severity of these incidents and their increasing frequency, it is critical that users understand the basics of cybersecurity for surveillance systems, and how to protect against simple attacks at the very least.

We strongly recommend reviewing Network Security for IP Video Surveillance before proceeding.

Remote ****** ******* ***

*********** ********* *** **** *** **** / **** ********** **** * ******* minority ***** ***, ** ********** ***** ****** *****:

IPVM Image

Port **********

**** ********** **** *** ******* ** address ** *** ******** ** ** camera ** *** ****** ** ******* of * ****'* ****** ** **** it *** ** ******** **********. ***** so ******** ****** ************* ******* *********** enough **** **** ********** ******* **** struggle ** ** ** *********.

** ****** * ****** ** ********, ports ** (****) *** *** (**** video *********) *** **** ***** **** and **** ***** ******. **** ******* require ********** ***** ** ** ****** for *************, *******, ** **************, ** well. *** *******, **** ***** ***** all *** ***** ********* ** * Dahua *** ** * ******** ******:

IPVM Image

**** **** ** ******** ******* *** to ** ****** *** *** ********, different ******** ***** **** ** ****** to ***** ******** *****, ** ********** the **** **** ** *** ******* results ** ******.

*** *******, ** *** **** *** to ** ****** ******** ***** ** address ***.**.***.**, *** **** *** **** 80, ******** *** **** **** ****:

  • ****: ***.**.***.**:**** ---> ***.***.*.*:**
  • ****: ***.**.***.**:**** ---> ***.***.*.*:**

Universal **** *** ****

********* **** *** **** (****)** * *** ** ********* ***** automate ****** ********* *** ************* ** a ***** *******. *** ** *** aims ** **** ** *********** ****** port ********** (*****), ******** * **** device ** ************* ****** **** ******** in * ****** ******* *** ************ from *** ****.

*** *******, *** ***** ***** ***** UPnP **** ********** ************* ********* ** three ******** ********* ** ******* (******** ports *** ******):

IPVM Image

*******, ** ********, **** ** ********** in **** *****. ** **** ******** networks, ***** *** *****, **** ********* are ****** ***, ********* ****** **** forwarding. ** ******** ***, **** ******** may *** ******** ********, *** ** added **** **** ****, *** ******** with ***** *******, ** *** ****** not ** ***** ** ***. ****** things *****, ***** *********** ** ****** available **** **** **** ******* *****, leaving *** **** ******* *** ***** of ***************. ******* ** ***** *******, manual **** ********** *** ****** **** common ** ********** ************.

Dynamic ***

*********, **** ** *** ******* ****** IP ********* ** *********** *** ***** business ******** (******* ** ********** ******), so **** ****, *** ****** ** address ******** ** **** *** ******. For *******, *** ****** ** ******* of **** ***** *** ** **.**.**.*** today *** ******** ** ***** ** 84.32.34.119. ** **** ****** ***** ****** is ********** ** ******* ** **.**.**.***, tomorrow ** ***** ****.

******* ***, ** ********* ****** ****** service, ******** **** ** ******* ** a ******* ********, *.*. *****-****.******.*** ******* of ***.***.***.***. *** **** ******* ******* the ** ******* ************* ** **** hostname ************, ** ************* ******* ******* and ******* *********** ** **** *****.

** ************, **** ** **** ******** used **** ****/**** **** **** **** port *********. **** ************* **** ***** own ******* **** ******** **** ** users *** ******** ***** ********* (****** ********* ** ****** ****), *** ****, ** *** ****, modern **** ******* * *****-** **** client, **** ** **** *** ******'* IP ******* ** ** ****. ****** may ****** ** *** **** **** when **** **** * ****** ******* as * **** ******** ****** **** may ** ********* **** ** ** address. *** ******* ***** ***** **** services *************.

**** ** ****** **** ** ******* individual ******* ** * ***, ***** the ****** ******* ** ****** *** IP ******* **** * ****** **** render ** ***********, ********* ** **** video *** ********* * **** ***** to ******. ********, ** ************ ************ environments ** ** **** ****** ** remotely ******* ** *** ***/*** *** directly ** *******.

**** ** **** **** **** *** connections *** ******** *** ************** ******* IP ******* ****** ** **** *** users, *******, *** ***** ***** *** access *** *** ****** / ************ even **** *** ** *** *******. DDNS ** **** **** **** *** to ******* * **** **** ******** address ** ****** **** ****** **** an ** *******.

Public ********** ******* **** - ****, ****, *** **** **********

***** ****, **** ***/** **** ********** exposes ***'* ******* ** *** ****** public ********, ******* **** ****** *** attempt ** ******* *** ****** ***'* device ******* (*.*., ****** ** ********). Hackers *** ****** ******** ** ******** of ******* * *** ****** *** public ********, ****** ****** ** ******** trying ** ********* ** ** ******* lists ** *********** ********** ******* (*.*.,****** **** ** ********* ****** ********** - ********* **** ********* *******). *** ***** ********** **** **** risk, ****** ********'* *** ************* ** ***** Hacked: ** ***** * **** *** toaster, *** ** *** *********** ** an ****. **** ******** ******* ** ***** surveillance, ********** ***** ********** ************ ** ****** ********** ****** ** ***** ******* ***** either **** ********* ****** *******. ** ** *** ********* ****** your ******* ******** **********.

**** *** * ****** **************** **** **** ** ***** *************** are ** *******. ** **** **** * ******** assignment ** ************* ********** ******** ******** ** **** (*** sample **********) *******.

Cloud / '***** ****'

** ********* *** ********** *** ********* for ****** ******** ** ****** **** forwarding, ****, *** ******* ***, ***** connections **** ****** **** *********. ***** connections *** * **** ** *** (sometimes ****** ***********-******** ****) ***** ******** limited ** ** **** *********** ** configure.

******* ************* ***** ***** *** ********* which ******* ******* *** **** ** the *****, **** ****** *********,********* (***** / ***-*******),*******, *** ******. ********/******** ** ****** cameras *** ********/**** ********** ******* ********* also *** **** **** ** ************, such ******,**** ***, ******.

**** ********, ***** *** **** * growing ***** ** ***** ****** ***** access ** ***** *****, ** ***** may ** ********* ******** ** *** mobile ******* ***-****, *****************,*****, ********** *****. **** ****** ****** ****** ********** without **** **********, *** **** *** directly ******* ******* ** *** *****.

TLS *******

***** *********** *** ********* **** *** a ********* (********* ***** ********, ** ********** protocol)******, *** ** *** ***** ***** steps (***** ** *** ***** *****):

  1. ********** ****** ***** * ***** ******* to ******* * **********.
  2. ****** ***** ***** ***** **** ********* ***********.
  3. * ********* ** ********* *** * secure ****** ** *** **.
  4. **** *** *** ****** ** ** place, **** **** ******* ** ** encrypted, **** ******** *** **** ********* obscured (***** **** ** "*********** ****" in *** ******* *****).

***** ** * ********* ***** *** an **** ****** **** **** *******:

IPVM Image

****** ***** **** ** "*********** ****" above, **** *** ****** ** *** up, ******* ********* **** ** ****(*), RTSP,***, ***,***., *** **** *** ****** ******* and *********.

***** / '***** ****' *********** *** the ******* *** **** ******** ******* to ******* ****** ****** ** **** and ***** ********. *******, *** ********* or ******** *****, ** ************** *** be ********* ***** ******** ***** ******* to '*** ******' ***** *********.

Push ** **** ** *****

***** **** *** **** ********** **** been ******* *** *****, ***** *** been * **** ** **** ** cloud ******** ** *** **** *** years, ** ***** ** **** *** to *** ******** ********** *** ***** *******. ******* '*****-*****' ***** **** **** pushing **** *****, **** **************, ***** ********* ****************. ************, *** ********** **** ** Genetec *** ********* **** ******** ***** VMS, ** **** (******* ********************** *****).

**** **** **** ***** ***** ************* **** ****** ** ***** *** other **** ** *********** *** ****** tunnel, ******** ** ***** **** *** control ** ***** ** *** ************/********* providing *** *******, ** **** ** those ********* ******* ********. **** ***** that, *** *******, ***********'* ***** *******,***** *******, ********* ********, *** ***** ** *** service *** ****** ** ** ********, instead ** **** ******* ******* ******** associated **** ******** *****.

Dedicated ******* ******* ********

*** **** ****** ****** ************ *** larger ************* ** ******* ****** ******* and ***** ** * ********* ***, typically ***** ******** ********** (**** ** SonicWall ** ***** *********) ******* ** each ****. **** ********* ******* * tunnel ******* *** ******** ** *** server ********, *********** ******** * ****** video *******, ******* ***** ** ********* locations.

** ************, ********* **** *** ********* used **** **** ** ****** *****-**** installations. *** ********** **** ************ **** $300-500 *** ****, ****** ****** *** dropping, ******** ******* ******** ** $*** ** less.

Recommended - ****

** ********* ****** ******** ****** **** ***** ************ devices. ***** **** ********** (** ****, DDNs, ***.) *** ** ******* *** simpler ** *****, **** ****** **** devices ** ***** ******** *** ****** as *** *************** *** *****. ***** cloud ******** *** ***** ********, *** run *** **** ** **** ***** exploited ***/** *** ***** ******* ******** accessing ** ******* **** ******.

***** *** *** ****** *** ************** used ** ***** ************, **** ** site *** *** ****** ****** ***. A **** ** **** *** ******** one ******** ** *******, **** * main ****** *** * ********* ******. This ** ******** **** ** ******* to ******* ***/** ******* ******** ** one ******** ** *******. **** ** illustrated *****:

IPVM Image

*** ***** ****** ***** ** ****** access. **** ** **** *** * single ******, **** * ****** ** mobile ****** ** ******** ******* ** the ***** ************ *******. **** ** illustrated *****:

IPVM Image

Test **** *********

**** ***** ******** *******.

Comments (9)
UI
Undisclosed Integrator #1
Jul 27, 2020

***** *** **** ***** ** **** that *** * ****** ********.

******* *** ******** ******* **** ** address ** * ******* ********, *.*. Site2-NVR3.dyndns.org ******* ** **.***.*.*.

*** **** **** **.***.*.* ** * private ** *******, *****? **** ***'* going ** **** ****** ****** ** the *********.

** ********* ****** ******** ****** **** ***** ************ devices. ***** **** ********** (** ****, DDNs, ***.) *** ** ******* *** simpler ** *****, **** ****** **** devices ** ***** ******** *** ****** as *** *************** *** *****.

**** *** *** ** *********** ** DDNS. ** *** ***'* **** * static ****** ** *******, ***'** ***** need ** *** ** **** ** order ** ******* *** ***. *********, how ***** **** *** ******** **** what ** ******* **?

*** *** ****** ******* **** ******* to **** ** ***** **** *** options *******-**********, ***, ****, *** *****, ******* of ****, ***, ****, *** *****? DDNS ****** *** ** ********** **** the ***** ************ **** ****.

* *** **** *'* *** *** first ** ***** **** **. ******* ******* **** ****.

(2)
(2)
Avatar
John Scanlan
Jul 27, 2020
IPVM • IPVMU Certified

** - ******. *** ** ******* is *******, *** * **** ****** the ****** ** ******* **** **** is ** ********* ****** ****** ******* commonly **** **** **** ********** *** VPN ** ***** ******* ** ******* as **** ** ******* * **** user ******** **** ** ***** ** IP.

KE
Kahn Ely
Jul 28, 2020

**** **** *** ** ****** ** noted **** *** **** ***** ** a *** ********** ******* * ****** IP *******.

*** ******* ** * ******* ** have **** **** ******** **** ******* static ** *********. ******* *** ******* is ****** ** *** ***** ****** clients/cameras/entire ******* **** **** ******* ** addresses **** ** ** **** * VPN **** ** ******.

Avatar
John Scanlan
Jul 28, 2020
IPVM • IPVMU Certified

******* - ******, ****** ********* *** not ******** *** ****. * ***** IPVMs **** ***** * *********** ** both ****** *** ******* ********* ** different *********. * **** *** **** even **** ****** ********* *** ****. Using **** **** ****** ********* ****** us **** ** ***** ******* ~*.* years ***. *** ** ******* ** the ****** ******* **** ** *****, but * *** *** **** ** reconfigure ****** ******* *** ******* ******* they **** ********** **** *** ****** name ****** *** *** ** *******. DDNS ****** ***** **** ** ******** from ***** ** ***** *** *** IPs ******* *****.

(1)
TS
Tariq Saleh
Jul 28, 2020

*********** **** **** **** ** ***** depreciated *** **

JH
John Honovich
Jul 30, 2020
IPVM

*****, **** ********* ****** ******* *.* *** **** **** ** available ****** ******. ****** *** ******* this.

TS
Tariq Saleh
Jul 31, 2020

*** **** *** *** **** **** not *** *** *.*

*** *** **** *** ********* *** published ** ****** ****

UI
Undisclosed Integrator #2
Jul 28, 2020

* **** *** **** ** *** end ** **** *******! ***** *** to ********* ********. ****** ** **** more *****!

JF
Jon French
Aug 09, 2021
IPVMU Certified

*** *** ***** ** *** **** this *** *** ***.