Hey y’all,
I’m thinking about forwarding a couple of ports so that my wife can see our video camera feeds from a Smarttiles dashboard when she is away from home. Right now, we have to use the Synology Surveillance Station mobile app to see our cameras, and she absolutely hates that app. (She, of course, loves Smarttiles).
I’ve forwarded ports before for limited times/specific uses (so I understand the concept and how to set it up), but I’ve always been a little nervous about forwarding my cameras. We have two Foscam cameras, and while I have changed all the passwords, etc., the Foscam web app doesn’t exactly scream “high security” to me.
For those of you with more experience in this area, is there anything I should keep in mind?
Here is a link to how I have my network set up that I posted in another topic roughly on same lines as this, it should help.
It goes into a little more detail but a lot safer than port forwarding… especially with Foscam cameras which can be vulnerable and used as an in into the rest of your network
Basically you want to compartmentalize your cameras, IoT devices, and rest of network.
Thanks, @Crussell. I’ll look into this. I don’t think my current router setup offers this level of vlan control.
I’ll also have to experiment with what level of connectivity everything needs. My cameras connect to my Synology NAS locally, but obviously I don’t want to wall off my NAS from my other devices that need access to it.
As with all things, it’s a compromise between ease of use/reliability and security.
You can run an Apache server as a reverse proxy front end. Allow https (lets encrypt is free) to Apache on a non standard port. I do this with one of my servers, so I’m accessing Apache securely, that forwards all requests between endpoints locally on my network. This works good for things you can’t fully segment with vlan’s.
Google will be your friend on this one, a Pi could easily handle the task so it doesn’t have to cost much money or power.