Any clever way to receive motion detection from IB or cams blocked from the internet?

[New Daddy]

I've blocked all my cameras and the PC running BI from accessing the internet for security reasons.
Under these circumstances, is there a clever way to receive motion detection notice from BI?
I have a SmartThings hub at home, which can receive zigbee and z-wave, if that can be utilized in any way.

 

[Mike A.]

Just unblock the BI server. Don't need to block outgoing traffic from it anymore than you'd block outgoing traffic from any other computer on your network.

If you want incoming access to it from outside of your network, then set up VPN.

 

[New Daddy]

Just unblock the BI server. Don't need to block outgoing traffic from it anymore than you'd block outgoing traffic from any other computer on your network.

If you want incoming access to it from outside of your network, then set up VPN.

Just to make sure I understand you correctly, are you suggesting that I block only the incoming traffic, unblock the outgoing traffic from the BI server, and make use of BI's native notification function?
(I'm already using VPN to access BI from outside of my network.)

 

[looney2ns]

Just to make sure I understand you correctly, are you suggesting that I block only the incoming traffic, unblock the outgoing traffic from the BI server, and make use of BI's native notification function?
(I'm already using VPN to access BI from outside of my network.)

Yes. Push notifications work well to a phone with the BI app installed.
See: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

 

[wittaj]

In addition to the push notifications from the BI app, you can also have BI send you a SMS message (although your mobile provider may delay or not send), an email, or sign up for pushover to send it that way.

 

[New Daddy]

Yes. Push notifications work well to a phone with the BI app installed.
See: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

Solving one problem leads to another. Doesn't it always...

It turns out that my Verizon FiOS router has a rudimentary firewall functionality that can block the entire traffic but cannot selectively block the incoming traffic.
Short of replacing the router - it's an idea that was seriously considered before but had to be ditched due to a host of other issues -, what will be the quickest way to set up a firewall that can selectively block incoming traffic towards a specific IP?
I'm willing to pay for extra hardware.

 

[wittaj]

As someone else mentioned, no reason to block the BI computer from the internet. That computer is running the latest virus and firewalls that are recent as they come (unlike the cameras that are not).

As long as your cameras are on a separate NIC or VLAN they cannot reach the internet. You are overthinking it.

Probably not many here block the BI computer from talking to the internet.

 

[Mike A.]

Solving one problem leads to another. Doesn't it always...

It turns out that my Verizon FiOS router has a rudimentary firewall functionality that can block the entire traffic but cannot selectively block the incoming traffic.
Short of replacing the router - it's an idea that was seriously considered before but had to be ditched due to a host of other issues -, what will be the quickest way to set up a firewall that can selectively block incoming traffic towards a specific IP?
I'm willing to pay for extra hardware.

You don't really need to. Unless you open a port or otherwise pass traffic through to some inside host, then unsolicited incoming traffic will be blocked by default. Not sure what capability theirs has to block outgoing access from specific devices. Haven't looked at that for a long time and don't recall now.

I also have FIOS. I put another router in front of theirs which sits on another subnet. The FIOS router only has outgoing access which works for most everything other than what needs incoming access like remote DVR programming, using the app, etc. Basically, it just serves as a MoCA bridge to the set-top boxes and to pull the TV schedule, etc. If you don't have TV services you don't even need to do that. You can just replace the router entirely. If you have their new IP-based service and STBs then that's a little different. Haven't tried that yet.

How are you doing VPN? I didn't think that any of theirs had that. Maybe some newer one does.

 

[New Daddy]

How are you doing VPN? I didn't think that any of theirs had that. Maybe some newer one does.

I'm using my Synology NAS as the VPN server. I don't think the FiOS router can do VPN.

 

[Mike A.]

I'm using my Synology NAS as the VPN server. I don't think the FiOS router can do VPN.

Yeah, don't think that any of them do.

So you forward a port through to the Synology box? Assuming that you're aware of the exploits against Synology devices last year and have that all fixed up? I'd be more concerned about that than your BI box.

Really the best thing to do with FIOS is to get their router out of the way if you can. If not, the Synology obviously will work. Just cleaner and easier to do it on the edge router. But routers have their own vulnerabilities at times too.

 

[sebastiantombs]

Simplest solution is to buy your own router. I've got FiOS and as soon as the installer left I plunked my Asus in place of their POS. Built in VPN to boot.

 

[sebastiantombs]

I should add that I had to install a MOCA adapter to handle the TVs on one port of the router. Guess it could have gone onto the main LAN switch but, what the heck, one port shouldn't throttle things too much.

 

[M4DM4NZ]

As someone else mentioned, no reason to block the BI computer from the internet. That computer is running the latest virus and firewalls that are recent as they come (unlike the cameras that are not).

As long as your cameras are on a separate NIC or VLAN they cannot reach the internet. You are overthinking it.

Probably not many here block the BI computer from talking to the internet.

I block my BI machine from the internet completely, recently ive been playing with the FTP function to send alerts from BI over LAN to a HomeAssistant VM (where i trust the security of a lightweight linux distro vs Micro$oft) and then access the HA console via the internet.

 

[ipc824]

I block my BI machine from the internet completely, recently ive been playing with the FTP function to send alerts from BI over LAN to a HomeAssistant VM (where i trust the security of a lightweight linux distro vs Micro$oft) and then access the HA console via the internet.

I'd be interested in your solution.