mateck8888 0 Posted May 12, 2010 Hello: I'm wondering if someone can help me. I have a Hikvision / Netvision system I want to access from the outside via internet. It is a high-security environment, so I'm wondering what the likely hood is of the system getting hacked. I have DSL, and of course I would have NAT Turned on in the router, and the Windows Firewall turned on on the server. The password for the system would be something like Lkv4$@9. I know people can find our static IP and open required port by port scanning, but is my security limited to whatever Netvision has in their software? How safe can I tell my client they will be? Thanks, Matt Share this post Link to post Share on other sites
edselrt 0 Posted May 12, 2010 Hello: . It is a high-security environment, Thanks, Matt If it is a high security environment, your client will not allow you to forward ports. If they are concerned with security you should just ask your client's network admin to set up a VPN connection. With this configuration, all remote pc's that are connecting to the dvr will need to access the VPN connection first, then connect to the DVR Share this post Link to post Share on other sites
mateck8888 0 Posted May 12, 2010 Actually, I control the entire network, because we wanted it to be unfettered with their everyday network. So the two do not touch each other at all. So I control the router myself. I can open up ports. I wanted to avoid a VPN because of the more complex work of setting it up on the client side, in peoples homes after hours. So my security concern is with the open port. How hard is it to hack with brute force against Netvisions username/password access? Should I drop the simple idea, and just go with a VPN? Thanks for your advise. Matt Share this post Link to post Share on other sites
edselrt 0 Posted May 13, 2010 Hi Matt, IMO.. just keep it simple. Just open up ports and make sure you change the default ports especially the http port. For me, its not worth the hassle setting up VPN since your DVR is on a dedicated network. A determined hacker can hack a secured network if he wants to. Edsel Share this post Link to post Share on other sites
mateck8888 0 Posted May 13, 2010 Thanks Edsel. I think you are right... in the end I guess they can get you. But that is a good idea not to use the standard port 80 or something. Thanks for the advise. Share this post Link to post Share on other sites
DKtucson 0 Posted May 14, 2010 What I advise people who are worried that a hacker can access their system and use their own cams to "case" their place is that besides the normal firewalls and such the hacker will need to know: 1. Their DDNS host name 2. What port they use--the above advice of NOT using port 80 is right on--as a matter of fact some ISP's won't let you serve on port 80 anyways. If they are uber paranoid they can periodically change the port and forward a new one 3. They will also have to break what should be a strong password into the dvr system Share this post Link to post Share on other sites
mateck8888 0 Posted May 14, 2010 Attacking past a NAT and Windows firewall does seem like it would be a lot of work, so in most cases, unless you are putting a system in the Pentagon, no one is going to do high level hacking at a small installation. As to port 80, I thought it really didn't matter what port you choose, because they use port scanners that look for any open ports, not just 80. However, your post got me to reading on the internet, and I see where that can take days to do, so they often just pick common ports to scan. So I'm glad you noted that, and I'm going to change the port to something in the 50,000 range. As to the DVR software... I don't know how well it would hold up to a brute force attack. I don't know if all DVR software security is equal, or if some is real bad. Seems like all they would have to do is make it so the software only allows for a few tries before locking out that user name. Matt Share this post Link to post Share on other sites
