tommyxv 0 Posted June 14, 2012 I set my FIOS Router port 80 to forward to my PC NVR. What prevents someone from putting my public ip in and accessing the NVR? Share this post Link to post Share on other sites
groovyman 0 Posted June 14, 2012 Out of the box with no security configured, nothing. Share this post Link to post Share on other sites
tommyxv 0 Posted June 14, 2012 The CNB tech said this... NVR is a recording device you can’t access from remote site. You can only access the video through CMS. On the CMS, the setup page can be accessed with an id and password. Also, you can change the port to different number so other people can’t access by accident. I'm still a little confused though. Maybe this is just a general router security issue. How can I setup this up more securely? My routers default user and pw has been changed. My wireless network is pw protected and not broadcasting. It seems port 80 is a bad port to forward to my NVR PC. Share this post Link to post Share on other sites
groovyman 0 Posted June 14, 2012 I don't understand what the tech told you. First, that the device cannot be accessed from a remote site, then that it can only be accessed with CMS software. Well, either the device can be accessed over the internet or not. Can you access the NVR locally using a web browser? If you can, then it's highly probable that it can be accessed using a web browser from a remote site as well. There are several ways the NVR can be secured against unauthorized access. Changing the port number from the defaults to something else and using a username & password is a good start. I would google the term "secure remote access" and just start reading to learn about different techniques that can be used. Personally, I like using VPN routers. They can be purchased in the $150-$200 range and work very well. This is a very good line of defense against unauthorized remote intrusion to your network. They require that a VPN connection is first established before any network resources can be accessed. Share this post Link to post Share on other sites
tommyxv 0 Posted June 14, 2012 (edited) Thanks for the info. I am kind of forced to use Verizon's FIOS modem/wireless N router combo. I see what I can do when I get home. Here is a pic of my setup. Edited June 15, 2012 by Guest Share this post Link to post Share on other sites
tomcctv 190 Posted June 14, 2012 hi. the first thing is not to set port 80 up on your router (you dont need to portforward port 80) which other ports did you direct in your router for your CNB. Share this post Link to post Share on other sites
groovyman 0 Posted June 14, 2012 That's OK. A VPN router can be placed behind the Verizon device if that's the route you choose to go. There are other techniques as well - using a VPN router is just one that I happen to like and wanted to mention Also, take a look at the interface on the Verizon router. It's possible that some sort of secure remote functionality might be a built-in feature, either via VPN or other type of authentication. I'm not in a Verizon area and never used their equipment, so I don't know. Share this post Link to post Share on other sites
tommyxv 0 Posted June 14, 2012 (edited) hi. the first thing is not to set port 80 up on your router (you dont need to portforward port 80) which other ports did you direct in your router for your CNB. I only set port 80 to forward to my NVR server. Nothing else. The NVR found all the CNB camera automatically. Edited June 14, 2012 by Guest Share this post Link to post Share on other sites
tommyxv 0 Posted June 14, 2012 That's OK. A VPN router can be placed behind the Verizon device if that's the route you choose to go. There are other techniques as well - using a VPN router is just one that I happen to like and wanted to mention Also, take a look at the interface on the Verizon router. It's possible that some sort of secure remote functionality might be a built-in feature, either via VPN or other type of authentication. I'm not in a Verizon area and never used their equipment, so I don't know. This is the Fios router... http://support.actiontec.com/doc_files/MI424WR_Rev._E&F_User_Manual_20.10.7_v1_GPL.pdf I'll check the manual and the log into to when I get home to see if there is that option. Share this post Link to post Share on other sites
SEANHAWG 1 Posted June 15, 2012 What prevents someone from putting my public ip in and accessing the NVR? Simple, just setup a username and password for your NVR. It seems port 80 is a bad port to forward to my NVR PC. Yeah port 80 is the most predictable port, but changing it to another port doesnt necessarily secure it that much more at all, perhaps maybe just a tad. But all someone has to do is scan your IP address to see which ports are open which isnt hard at all to do. When the CNB rep said "NVR is a recording device you can’t access from remote site. You can only access the video through CMS. On the CMS, the setup page can be accessed with an id and password." I think he meant to say that you must connect to the NVR remotely from the CMS software. I assume the CMS software is the client software that connects to the NVR server. But basically the most simple answer is that you would just need to password protect the NVR server. Share this post Link to post Share on other sites
groovyman 0 Posted June 15, 2012 That's OK. A VPN router can be placed behind the Verizon device if that's the route you choose to go. There are other techniques as well - using a VPN router is just one that I happen to like and wanted to mention Also, take a look at the interface on the Verizon router. It's possible that some sort of secure remote functionality might be a built-in feature, either via VPN or other type of authentication. I'm not in a Verizon area and never used their equipment, so I don't know. This is the Fios router... http://support.actiontec.com/doc_files/MI424WR_Rev._E&F_User_Manual_20.10.7_v1_GPL.pdf I'll check the manual and the log into to when I get home to see if there is that option. A quick look through the manual and it appears that it does not natively support encrypted connections, except when it comes to remote access & management of the router itself. That's ok, because most routers don't have this feature - however some do and that's why I mentioned it. It does support VPN passthrough though, meaning that it will accept and pass-through vpn data packets originating via the Internet. Share this post Link to post Share on other sites
groovyman 0 Posted June 15, 2012 What prevents someone from putting my public ip in and accessing the NVR? Simple, just setup a username and password for your NVR. Yes, for the most part that's true. However usernames & passwords do not provide 100% protection against unauthorized access, especially to someone determined to break in. Too many vulnerabilities exist, especially when usernames and passwords are sent over the Internet in plain text. You never know who or what may be sniffing the wires and what information is being collected. I don't want to turn this into a discussion on password security or conspiracy theories. My years spent wokring with a company producing encryption devices for corporate and government networks has forever changed the way I view electronic communications. I just want to point out that when dealing with the Internet vulnerabilities are always present. I'm posting these links from Wikipedia.org and I'm shutting up about the subject (everyone, hold your applause, please ): http://en.wikipedia.org/wiki/Password http://en.wikipedia.org/wiki/Computer_insecurity Share this post Link to post Share on other sites
tommyxv 0 Posted June 15, 2012 For now, I disabled the port forwarding because I'd go to my public IP and my NVR setup page was showing up. The NVR does not have an option for username and pw. Only the CMS does. But that doesn't make it any more secure. Anyone can download the CMS software and connect to my NVR if they know the ip and port. Everything is working fine within my network; CMS/Live monitoring from my laptop, Live monitoring from my iPhone, and of course CMS/Live monitoring on the NVR server too. So, I just have to figure out how to connect the CMS/Live monitoring to my NVR from an outside internet connection without compromising my NVR and network. Each ip camera can be logged into remotely if I set it up but that doesn't seem pratical when you have more than one camera. Share this post Link to post Share on other sites
SEANHAWG 1 Posted June 15, 2012 The NVR does not have an option for username and pw Are you sure? I have never seen an NVR or DVR that wasnt password protected. I doubt they would make it that easy for anyone to gain access. It may default to a non-authenticated login, but I bet somewhere in the settings you can password protect it. This would be something completely new that I have seen, I would be baffled if they didnt allow this. Share this post Link to post Share on other sites
tommyxv 0 Posted June 15, 2012 The NVR does not have an option for username and pw Are you sure? I have never seen an NVR or DVR that wasnt password protected. I doubt they would make it that easy for anyone to gain access. It may default to a non-authenticated login, but I bet somewhere in the settings you can password protect it. This would be something completely new that I have seen, I would be baffled if they didnt allow this. The NRV PDF manual can be found here... http://www.cnbtec.com/en/html/down/sw_down.php?seqx_prod=1278&seq_swmax=3 Security has and + next to it which means not avail yet. LOL Share this post Link to post Share on other sites
SEANHAWG 1 Posted June 15, 2012 I didnt read through it thoroughly but your right I didnt see any username and password info either. I havent really played much with CNB's software either, perhaps I dont have a good understanding of it but from what I see is the CMS software is the client software that connects to the NVR? If that is correct, then just like you said anyone can get the free CMS software and connect to your NVR if they had your IP address. If thats the case, thats outrageous. Share this post Link to post Share on other sites
tommyxv 0 Posted June 15, 2012 I didnt read through it thoroughly but your right I didnt see any username and password info either. I havent really played much with CNB's software either, perhaps I dont have a good understanding of it but from what I see is the CMS software is the client software that connects to the NVR? If that is correct, then just like you said anyone can get the free CMS software and connect to your NVR if they had your IP address. If thats the case, thats outrageous. Yeah, I think that is the case. I am going to ask the CNB tech about it. For now, I have disabled the port forwarding to the NVR until I can get it setup securely for remote access. Maybe there is another way I can protect it on my end. Share this post Link to post Share on other sites
groovyman 0 Posted June 15, 2012 For now, I have disabled the port forwarding to the NVR until I can get it setup securely for remote access. Maybe there is another way I can protect it on my end. I'm thinking something like LogMeIn, TeamViewer or other VNC software on the NVR will do what you want. Share this post Link to post Share on other sites
ak357 0 Posted June 15, 2012 For now, I have disabled the port forwarding to the NVR until I can get it setup securely for remote access. Maybe there is another way I can protect it on my end. I'm thinking something like LogMeIn, TeamViewer or other VNC software on the NVR will do what you want. He may or may not get video using remote help software plus speed can be issue Share this post Link to post Share on other sites
tommyxv 0 Posted June 16, 2012 Yeah, I do not know what to do right now. I guess I'll have to wait for CNB to fix their NVR software. Share this post Link to post Share on other sites
SEANHAWG 1 Posted June 16, 2012 Maybe look at the free version of Milestone or a similar software. Share this post Link to post Share on other sites
groovyman 0 Posted June 16, 2012 You could setup a VPN. That will secure the network against unauthorized access. Share this post Link to post Share on other sites
tommyxv 0 Posted June 16, 2012 You could setup a VPN. That will secure the network against unauthorized access. I know nothing about VPN, so bare with me.... In order to get the CMS to connect to my NVR from outside of my home network I need to provide my public ip and port number....There is also a username/ pw field. Is that used for VPN? Currently, I connect the CMS to the NVR from within my network using the NVR PC's ip address (assigned by my router) and port 80 (which was default). This is my current network setup...where would the VPN router go? Share this post Link to post Share on other sites
groovyman 0 Posted June 16, 2012 The VPN router would go between the Fios router and Trendnet switch. First a VPN connection would be made to the vpn router which will create an encrypted tunnel with your device (smartphone, laptop, desktop, etc.). Then you can access resources on the network as if you were physically on the network itself. Very simply, once connected via the VPN router you would use the internal IP address of the NVR because at this point the vpn router will handle all incoming requests. The VPN router actually assigns an internal ip address over the tunnel. Now, there are methods where a vpn router isn't needed and a vpn connection can be made directly to a PC or Server on the network. See these threads on getting started: http://www.sevenforums.com/tutorials/4517-virtual-private-network-vpn-enable-incoming-vpn-connections.html http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html Share this post Link to post Share on other sites
groovyman 0 Posted June 16, 2012 Here's another step by step guide on setting up a vpn using windows 7: http://www.pcworld.com/article/210562/how_to_set_up_vpn_in_windows_7.html Share this post Link to post Share on other sites