Jump to content
dereisbaer

Basics about network protocols and security issues

Recommended Posts

First I want to say hello.

 

I have a few ip-cameras (from longse) and a nvr for testing, which support onvif and many other protocols. I have changed the default password and all cameras and the nvr are working perfectly in the network.

 

To view the camera via browser I need my new password. To add the camera to the nvr I need the password, too.

 

But now I have installed Xeoma on my PC and Android phone to test this nvr-software. After starting the programm it will find all cameras in the network without any password. I can view the streams and record all of them without authorization. I think this has something to to with the RTSP/RTP protocol. but I'm not sure. I can't find any hint.

 

As I have to less knowledge about the basic function of the different protocols, I cant explain myself how this is possible.

 

So my question is. Has this anything to do with a specific protocol (maybe other protocol) and how can this be avoided? If I open an access to my network from the outside to this cameras can everyone view the stream with a software like Xeoma without authorization? Or has the problem something to do with the firmware of the cameras and they can't be installed secure in a network.

 

I hope my case is clear enough. If I can find something about this already anywhere else I would be happy about some keywords to search the net. All I have found until now, did not give me an answer to this question. But maybe I don't have the right keywords for searching.

 

Thank you very much for any help!

Momo

Share this post


Link to post
Share on other sites

First. It is necessary to ensure that the nvr settings recovery record not only access to a web browser and recovery record and access to cameras streams (if there is such a setting). As it is often a tick "to restrict rtsp access". Authentication setting for rtsp protocol. If there is no such a tick (or is disabled for the authorization of the protocol), then via rtsp protocol can receive the stream from the cameras and without a password.

Secondly, you need to make sure that the password is not too simple (like admin / admin) because usually Xeoma for the convenience of users itself can choose such passwords.

Share this post


Link to post
Share on other sites

Hello thank you very much.

 

At the NVR I don't have such settings. At the CMS (Herospeed) from the cameras I don't have anything like this, too.

 

But I have tried to stream the video via RTSP with VLC, whiteout password. It doesn't work. I have to log in first or put the username & password in the stream-address. (rtsp://user:pw@x.x.x.137:80)

So I think there is no problem with the security of the rtsp stream.

(For the RTP Stream it didn't work with or whiteout password with the same port. - I don't have different port settings at the CMS from the camera. So if RTP works with a different port I can try this, too.)

 

Password for the camera is no standard password.

 

So the questions are: How it is possible that Xeoma still gets access to the camera? Are there other ways to view a stream of network cameras? An even more important what can I do, that no one else can view the stream if I want to open my network to view the streams via mobile phone?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×