Electryko 0 Posted February 24, 2016 Hi, I like to know if there's a good network security solution to prevent someone to unplug a network camera outside the building and connect a computer to the CCTV LAN to hack or attack with DDOS. I know about MAC security applied to a switch, but in some cases several camera's are connected to an outdoor switch or wireless receiver and from there connected to a single switchport of the indoor switch. I was thinking about a small business firewall to use mac security and to block all the ports except the streaming ports. Perhaps a IPsec connection from the IP camera to the firewall. (Axis and Bosch camera's are the only one used in the systems, they do support IPsec) Maybe it is a solution to place the outdoor camera's in a separate subnet and place a router/firewall inside the building, then route the outdoor subnet to the indoor subnet and block all the ports not in use. So when someone connects a PC to a camera networkcable and clones the mac address of the camera, still this person is not able to do anything on the CCTV network. Does anyone have any experience with this? Share this post Link to post Share on other sites
mptalaga 0 Posted April 8, 2016 I am interested in doing the same thing. Any suggestions? Share this post Link to post Share on other sites
shropna 0 Posted April 8, 2016 Separate vlan for cameras, and NVR with dual network cards, one for cameras, second - for workstations. Share this post Link to post Share on other sites
Electryko 0 Posted April 8, 2016 Separating the camera LAN from the workstation LAN is a good practise. But there have been known cases where hackers use software tools to gain access to a CCTV camera by brute force attacks to retrieve the password. In most cases the installer puts the same password in all the camera's, so if one is hacked the hacker can access all the others and shut them down. Also some camera's are vulnerable for HTTP flooding causing them to reboot all the time. I've never seen anything happen like this for real except in movies, but it is scary to know that with the right software tool you can bring down a complete CCTV system within a minute if you have physical access to the network cable of an outdoor camera. Share this post Link to post Share on other sites
shropna 0 Posted June 26, 2016 Interesting solution from Comnet - continuous ping to camera. If reply to ping disappears - port automatically switches off. Share this post Link to post Share on other sites