Be careful if you activate PTP on your NVR

observant1

observant1

Getting comfortable
Dec 2, 2018
464
856
alabama
It's very troublesome with cloud security. I'm no specialist, and there's a great deal of info in the WIKI on securing your camera system. Even if it's not 100% correct it may be just enough to get skipped over if or when a ddos attack happens using your cameras. It may even be worse with all the smart home gadgets.

Believe me when i say just because it's easy and stuff, be carefull. If I knew more I'd give simple reasons....but I've been down some rabbit holes that scare the shit out of me. Not because of my "simple home" but because so many like the convience of "smart home" gadgets which can include camera systems.
 
  • Like
Reactions: sejohnny
I have a total of 8 Dahua NVRs that I manage or help with that are/have been on Dahua P2P since at least last July.

Three are on a firewall appliance that allows me to see all network flows in and out.

Beyond the handshake with the P2P server and the keep alive ping, not a single inbound attempt has been made that I am aware of

I wish my Samsung TV was as safe...
 
  • Like
Reactions: observant1
I also have p2p activated on my dahua nvr. I need to work on a better firewall/DNS.
Some rabit hole i went down about ptp server locations and crap just made me think about it.

I rarely check my cam system thru a public network but like the ability to do so. I get no notifications except from my doorbell if pushed.


I do have a nice hard wired home alarm system with 4glte monitoring in attic, so if someone broke in hopefully the sirens blasting would make them leave before they stole my liquor hidden on the countertop beside the shot glass. :idk:
 
  • Like
Reactions: bigredfish
bigredfish said:
I have a total of 8 Dahua NVRs that I manage or help with that are/have been on Dahua P2P since at least last July.

Three are on a firewall appliance that allows me to see all network flows in and out.

Beyond the handshake with the P2P server and the keep alive ping, not a single inbound attempt has been made that I am aware of

I wish my Samsung TV was as safe...
Click to expand...
How are you running these firewall appliances? Or rather what are they exactly, I don't know much about that I would be interested to know more.
 
I’ve settled on the Firewalla appliance. Mostly because they are extremely flexible and easy to use. I don’t have packet level control per se, but quite powerful.

The Purple is quite enough for home or small office

Firewalla: Cybersecurity Firewall For Your Family and Business

Firewalla is an all-in-one intelligent Firewall that connects to your router and secures all of your digital things. It can protect your family and business from cyber threats, block ads, control kids' internet usage, and even protects you when you are out on public Wifi. There is no Monthly Fee.
firewalla.com firewalla.com
 
The purple, not the SE or cheaper. Certain features you will eventually want drop off below purple

firewalla.com

Firewalla Purple: Gigabit Cyber Security Firewall & Router with WiFi Protecting Your Family and Business (Ships Worldwide)

Powered by The Firewalla Security Stack For a Better Network Smart Traffic Management Easy to Install Simple to Use Sophisticated Security and Networking Features at Your Fingertips Powerful Hardware Gigabit Performance for Now and the Future Short-range and low-power Wi-Fi, perfect for light...
firewalla.com firewalla.com
 
observant1 said:
I do have a nice hard wired home alarm system with 4glte monitoring in attic, so if someone broke in hopefully the sirens blasting would make them leave before they stole my liquor hidden on the countertop beside the shot glass. :idk:
Click to expand...

Be forewarned.... bigredfish was a very proficient cat burglar before he retired and his specialty was fine whiskeys and liquors found in adjoining states....:rolleyes::winktongue:
 
  • Haha
Reactions: bigredfish
observant1 said:
Some rabit hole i went down about ptp server locations and crap just made me think about it.
Click to expand...
P2P is neither inherently secure or inherently insecure. It's all up to the quality of its implementation and the trustworthiness of whoever is able to see your data. Since P2P requires contact with a server somewhere, whoever has access to that server could misuse the information passing through it. You're therefore at the mercy of whoever built and maintains the P2P you're using, just as you're at the mercy of whoever controls the OS you're using, the browser, the CPU chip, the BIOS, and so forth. In past years the camera manufacturers have built a well deserved reputation for lousy data security. At least some have significantly cleaned up their act on this the past few years. Does the dahua P2P software have holes or intentional bad behavior? Same question for the servers? I don't know, and the best I can ask is if any problems have actually happened. There's a parallel with Blue Iris. Its preferred remote access mechanism is port forwarding, considered at least here as riskier than P2P. While in theory it's easy to hack, AFAIK, there have been no known cases that it has actually happened. The widely considered safest remote access mechanism on the forum, a VPN, requires an open port! Other trusted options like wiregard and tailscale use P2P! Which gets me back to it's all about the quality of the implementation and the trustworthiness of other people.
 
  • Like
Reactions: TonyR and bigredfish
You must log in or register to reply here.
Top Bottom