Securing a Dahua NVR from local man in the middle attacks (not connected to internet)

[letmein]

Is it possible to protect against someone who somehow accessses the local network? Like someone adding a route or eavesdropping on the connection from the IP cameras to NVR?

The NVR is not going to be connected to the internet because of security concernes, but how do you make sure the traffic from the ipcam to the nvr and once on the nvr, that it is not compromised? and that no-one can add a way to view the system from outside?

 

[JET]

If the cameras are only connected to the NVR, then there would be no internet connection if you have it disabled in the NVR. I thought about this with my setup and I realized anyone with the know how to hack in to my system isn't going to want to be watching my house anyway.

 

[catcamstar]

@letmein: if you want to be 200% sure that no-one can "sniff"/"evesdrop/switchport mirroring on your cams, then I suggest you buy a POE NVR and make direct (point to point) connections from the CAMs to the NVR. You immediately put an alarm on the connected cams (to detect unplugged cables) AND you put an alarm on the open ports (to detect an newly plugged device).

However, if security is your concern, I would put other measures in place (eg vlans, with mac address filtering, authentication and other tricks) to protect your REAL (internal) network - like @JET wrote, who is interested in viewing your camera footage anyway. Except if you put a weak password on your cams/nvr and your device gets hijacked.

Good luck!
CC