Security - Modem and Router, what is the best way to get best security

Hi,

I am wondering if it is better to use a separate modem and router so that the traffic and devices need to go through a router first? If so, could anyone recommend a combination of types of modems and routers etc? i think my security camera was hacked/broken into.What is the best way to get very high security in every way,from intruders via the modem router as well as via any connected devices.Is it possible to add a wireless router that is connected to my modem as well as a wired only router,that that there are 2 routers connected to the modem.

thanks in advance

windows 10 and probably 11 as i seem to be getting a popup offering a free upgrade to 11.

Hi,

Physical factor is not really relevant, All really depends on the feature set available in the device you have.

If you think your CCTV recorder got hacked, the first thing to do is change the password of all users on the router / recorder / all other edge device / all windows users.... Run antimalware and antivirus scans on all computers. Then check for firmwares updates for all your devices and upgrade them.

Having the most secure Router does not protect from exploitable services you expose trough it eg: Your CCTV system. depending on the vulnerabilities of the device... Packet capture software could have been installed and remotely monitored.

If your CCTV recorder is old and does not have new firmware updates, you should consider replacing it for a new one that is actively maintained.

All CCTV system give the options to manually select TCP port they use. Changing those to very uncommon port is also very effective against discovery by internet port scanners.

That said... If you're ready, there are some enterprise router with complete statefull packet inspection that is going to log every TCP transaction that occurs if you want. And they also have automated interactive capability to detect stealth port scans, Dos attacks, with automatic blacklisting and tarpitting, in line with full statistics of attacks and users uses.

If your in for a good learning curve MikrotiKs and Ubiquiti have both unbelievable feature set in very affordable packages.

Enterprise grade routing for the masses... I use a Ubiquiti EdgeRouter lite and a Afoundry EW1200 as AP in my Home

it really depends on your need.

MaloK said:

Packet capture software

hi,

thanks for your reply.How easy will it be to use the Packet capture software,would you have any tips about that? I will look them up myself but a few tips may help?

thanks for the help
regards

- - - Updated - - -

MaloK said:

Hi,

If you think your CCTV recorder got hacked, the first thing to do is change the password of all users on the router / recorder / all other edge device / all windows users.... Run antimalware and antivirus scans on all computers. Then check for firmwares updates for all your devices and upgrade them.
it really depends on your need.

yes,i think it came through my security camera.its one of the cheaper ones that are wifi but work very well for the price,they are very common.I have noticed something strange going on with it for somewhile and was watching it.How easy are they to break into once someone knows they are there.Also the security cameras these days all go through the security camera manufacturers servers,as you log in to their server via their app and i checked with one of the companies that do these and they confirmed that the videos do go through their servers.I am wondering what people think of this these days,if all your security camera videos are going through a companies server and there was a news article quite recently that a particular company saves all your security camera videos etc.It was a big article.Anyhow mine was hacked.

Hi,

I never suggest the uses of any kind of Cloud based security solution. of course they protect you against the recorder been stolen. but they do uses continuous bandwidth and privacy concerns are immediately sparking in my mind...

If you don't have your own recorder on your network the first step would be to re-design your CCTV System based on a local Embedded network recorder,

Like W Box Technologies, they have Very nice equipment for all scales of setups. the software supports modern browsers and smartphones securely they also supports https and provide the option to run as complete standalone. W Box is a subsidiary of Ademco USA.

At them moment they look clear of backdoors and remote exploit and are not reported to phone home.

We are actively dismantling and removing every Hikvision / HHDT / Dahua network recorders and IP cameras we encounter on daily basis. Replaced 9 crappy Recorders in a local school board a few weeks ago. For one Pelco.

There are also third party CCTV recording software you can use to connect your cameras and then block their internet access with your router. only allowing them to talk to the recorder. SecureCam and iSpy are both my favourite. They are free and open source.

About the packet capture, I meant that a packet capture software could have been installed on the device by a remote attacker.

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors | SecurityWeek.Com

Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise | The Daily Swig

5 Cybersecurity Considerations Related to IP Security Cameras

Combination modem/routers also have NAT - as well as many modem only units. For example, Netgear's very basic C6220 has NAT:
NETGEAR C6220 - AC1900 WiFi Cable Modem Router | NETGEAR

Basically, if your LAN is running on IP addresses of 192.168.xx.xx, you have NAT enabled on either your modem or your router.

MaloK said:

Hi,

I never suggest the uses of any kind of Cloud based security solution. of course they protect you against the recorder been stolen. but they do uses continuous bandwidth and privacy concerns are immediately sparking in my mind...


local Embedded network recorder

Like W Box Technologies, they have Very nice equipment for all scales of setups. the software supports modern browsers and smartphones securely they also supports https and provide the option to run as complete standalone. W Box is a subsidiary of Ademco USA.

There are also third party CCTV recording software you can use to connect your cameras and then block their internet access with your router. only allowing them to talk to the recorder. SecureCam and iSpy are both my favourite. They are free and open source.[/url]

yes the security and privacy concerns immediately sparked in my mind when i realised that i was logging into the manufacturers website to use the app,but i had innocently assumed that i was logging in there only to contact my cameras and that all the video or nearly all like 98% would not go through their servers,and that it would send the actual video direclty to me,as why would a camera manufacturer want to pay for a server and bandwidth just to send my videos through theirs for free.The cameras are cheap,very economical...Lately i came across a privacy related story a large story from reuters,i think it was some form of investigative journalism,will post it up when i find it again if i can.But it was to do with large companies and lobbying about privacy legislation (to change it,making legislation useless),and a section of the article was to do with google and amazon,and one of the companies was mentioned to keep all voice and video and anything else,absolutely everything,they have all your requests to do things for your devices and security video.If i wasnt concerned about hackers right at this moment,i would be concerned about that.So i am now trying to find a way to replace all my security cameras.

Thanks for the info about the setups.Are u able to recommend a particular setup,in the middle perhaps as a starting point to understand the issues involved to set up one that can be remotely accessed via smartphone,or else a completely closed cctc system.

I have an outdated camera from mitsubishi,it was a professional grade camera at the time,I do not have the software for it as i think it has dissapeared from the internet.It may have been something named video hunter or something similar.Would a modern day router work instead of a direct connection? Or what ip address do i need to use fora direct connection to a pc,191.168.30.220 doesnt seem to work.

Thanks for the informative post.I think a lot of people will find it helpful and interesting.

thanks

Connecting a camera wirelessly so people can see into your office will not be a problem, Now I am not going to call it CCTV. CCTV is it's own setup with it's own product and while you might connect it to the network it is not the same as

1. Setting a camera system via buying the cards, and making your computer into a camera system.
2. Using a service with google as many home owners ( more like idiots )
3. Using cheap product simular to google to install a camera that triggers on the network which means minus the google crap.
4. Using CCTV

When I hear CCTV I think about that big box you purchase that you plug in like magic jack,not a person who sets up a computer to record everything. Which is what I would do. Then gain access to my computer wirelessly using an remote access method to the actual computer. Team viewer is the most cheapest and fastest method while you might want to do other methods and or services to gain access to your computer.

Again my own opinion would be to setup a security system at home, then setup access to the computer this way you could do whatever you want. Maybe you could setup an alarm system that alerts you when somebody enters the place and then you check your computer you setup.

The most cheapest method would be to buy a some sorta movement activated camera and microphone then take matters into your own hands. They have tons of setups for that. works being marketed just hope the person breaking and entering does not think about cutting the power to your place but then again you would have to invest in backup electrics and make a trigger for that as well.

..........

Way I see security I would setup something that nobody would think of. I would go "Death Wish III" style and setup one of those traps, even something out of "Fallout" like a trip wire or bear trap, Even "Home Alone" and leave the person who breaks and enters staggering and or lost. Even a simple alarm system would work or a toy movement trigger. All of that junk is not needed, even something out of "Home Alone"

You just have to close the door

WBox DVRs / NVRs have IP filter and you can setup the device to communicate with only one machine if you want. They also have internal NAT. The newer firmwares also have an Autoban function that you can use, that will automatically ban a public IP after 5 authentication failure.

This is the kind of features you want in a CCTV system. Strong password support, encrypted communication, Self created SSL Certificates.

Or even put everything behind a VPN and be done with it.

I much prefer to have my surveillance system completely isolated from the network and well hidden in my house.

Recording in computers always get stolen all along.