Network Video Security Issues

Bob La Londe · Sep 23, 2003

Anybody know any network security issues when using a Dedicated Micros DS2
over a the internet? The only possible security risk I can see is somebody
getting into the DVR and reviewing video from the site.

They would have to know or find the public IP for the site, then access the
port that redirects traffic to the DVR. Basically they have to use DM
Network Viewer, then guess or hack the password to the DVR. I don't see how
routing the port specifically to the DVR and then opening up the port could
cause any additional security risk to the machines on the LAN as they would
not be accessible via that port. Any other security risks would of course
remain unchanged.

Bob La Londe
Yuma, Az

Jackcsg · Sep 23, 2003

Bob,
The only issues would be using default passwords, which I know you would
change. I'm not sure which UDP Port the DS2 uses, but if it is configurable,
I'd change that from default. Passwords should protect you, as there is no
OS running, or should I say, accepting executable files from the Internet.
It's a dumb device. You should have no problems or issues.

Jack

Bob La Londe · Sep 23, 2003

According to DM the port can't be changed.

Of course those I have running with WAN / Internet connections do not have
default passwords.

I just had an IT guy get all stupid on me today, and I was trying to forsee
any possible risks. I asked him to program the router to redirect the port
to the machine, and he acted like I asked him to shut down his firewall and
set all his machines to opening file sharing from the root directory.

Typical defensive behavior of many IT guys. Of course the because I only
have an education in computers, but am not an IT guy I don't know shit
attitude from him didn't help matters any.

Bob La Londe
Yuma, Az
http://www.YumaBassMan.com

Jackcsg · Sep 24, 2003

Sounds like an IT guy. That's why their scarce. It's simple. Next I want you
start routing your alarm signals across the Internet, and use that DM for
video verification....

Jack

Rory · Sep 24, 2003

Bob La Londe said:
Anybody know any network security issues when using a Dedicated Micros DS2
over a the internet? The only possible security risk I can see is somebody
getting into the DVR and reviewing video from the site.

They would have to know or find the public IP for the site, then access the
port that redirects traffic to the DVR. Basically they have to use DM
Network Viewer, then guess or hack the password to the DVR. I don't see how
routing the port specifically to the DVR and then opening up the port could
cause any additional security risk to the machines on the LAN as they would
not be accessible via that port. Any other security risks would of course
remain unchanged.

Bob La Londe
Yuma, Az

the answer is yes.

But it would be very time consuming and the hacker does not gain
anything from it. Unless they are being paid to delete the video, but
it would take long just to find the IP address, let alone hacking the
password, then you'd have to learn the commands to make your own
program. You can normally view alot of or pieces of the commands using
something such as PE Explorer, but then the hacker would have to
really know the program. Ofcourse the hacker could also find out how
the embedded OS is programmed and learn the commands from that also,
thanks to search engines like google unfortunately they can most
likely download a free copy of the software!

Ohwell, I would worry about it, too much involved.

Rory

Bob La Londe · Sep 25, 2003

The IT guys is still all secretive and defensive of his network, but accept
for the possibility of somebody guessing or hacking the password for the DVR
and reviewing video remotely there does not appear to be any other security
risk to the network. Per an independent IT manager (50 sites and 6000
computers) and also per Dedicated Micros.

Yes, I have already figured out the way to hack into a DVR, but it requires
atleast some knowledge of the system, although I suppose one could setup a
routine to randomly scan all the IPs on the internet until they found one.
It might be harder to find the one they want.

I think I can get it working over his VPN atleast to their other offices
without his cooperation. I may have to go to the president of the company
(a personal client of mine also) and ask him to lean on his IT guy to show
me a real security issue with allowing their managers to access the DVR
remotely.

The secure approach would be to set your router to log all access to that
port and report it regularly to the IT manager if a public IP will be
allowed to access that port.

Bob La Londe
Yuma, Az

Bob La Londe · Sep 25, 2003

All working now. The IT guy came back and ANNOUNCED that he could find no
substantial security risk in allowing the port access.

He even programmed the router ports for me. Total attitude change.

I have test linked from two remote sites now. Unfortunately their VPN is
down so I could not test VPN access.

Bob La Londe
Yuma, Az 85364

fly in the ointment · Sep 26, 2003

Bob La Londe

All working now. The IT guy came back and ANNOUNCED that he could find no
substantial security risk in allowing the port access.

He even programmed the router ports for me. Total attitude change.

Yeah. I had to slap him around a little. Give me access to the video, and
we're even.

I have test linked from two remote sites now. Unfortunately their VPN is
down so I could not test VPN access.

Congrats. Glad you got it working.
js