BI webserver or open ports to cameras

N

nicopolous

n3wb
Mar 30, 2015
17
1
Hi all,

Long time user of BI here, have six IP cams and used BI for 4 years without a hitch.

I'm currently using the BI webserver on a custom port (i.e. not 80 or 8080 or anything like that). This is so that I don't have to open a port to each camera when I'm viewing remotely using my phone - I just have the one port open to the webserver port.

My question is: Would it actually be safer to open ports to each individual camera and disable to webserver? If someone managed to access the camera somehow, they would be able to view it. This is not good. However, my concern is that if someone could hack the BI webserver, then they could access the PC it resides on, which is far worse than simply being able to view the cameras.

Any thoughts?

Thanks!
 
If they access the camera they have the same capabilities as they would accessing your PC that camera is a full PC on your network... The firmware in these cameras are notoriously full vulnerabilities..use a vpn
 
Thanks for the speedy reply Fender. I realise VPN is a good solution, but I'm slightly confused by your answer, sorry. If the machine running BI can be compromised via the webserver, then I'd be concerned as there is a lot of other data on that machine that could be at risk. However, if just a camera got compromised, yes they would get onto my network, but that doesn't necessarily mean any other PCs/servers on the LAN would be compromised as they all have their own security...
 
nicopolous said:
Thanks for the speedy reply Fender. I realise VPN is a good solution, but I'm slightly confused by your answer, sorry. If the machine running BI can be compromised via the webserver, then I'd be concerned as there is a lot of other data on that machine that could be at risk. However, if just a camera got compromised, yes they would get onto my network, but that doesn't necessarily mean any other PCs/servers on the LAN would be compromised as they all have their own security...
Click to expand...
you should not be using the BI machine for any other purpose...use a dedicated machine...port forwarding a camera is extremely reckless unless - the camera is on its own VLAN, you dont mind if anyone views the camera, disables/bricks the camera and/or deletes footage...
 
  • Like
Reactions: Camit
You must log in or register to reply here.
Top Bottom