Thread: Home Security Cameras
View Single Post
      06-12-2018, 09:30 PM   #182
dsad1
Colonel
1211
Rep
2,404
Posts

Drives: car
Join Date: Sep 2012
Location: United States

iTrader: (0)
Quote:
Originally Posted by zx10guy View Post
Thanks P1et.

djsaad1,

It depends on how much you want to spend, what your skill level is, and how paranoid you are.

In the world of firewalls, the current baseline standard is stateful packet inspection or SPI. The basic operation of these firewalls is a table that keeps track of network sessions via port numbers. A PC on your network starts a connection on port 11111 to a web server on the Internet on port 80. The return traffic the firewall expects is the web server on port 80 to your PC at port 11111. I've simplified this example as most people will be running a NAT overload configuration. The problem is some attacks or in the business world some people are looking to hide activity don't follow what the reserved port numbers are meant for. Take the above example with port 80. This port is reserved for HTTP web traffic. But it doesn't mean I have to follow that convention. I can shove FTP traffic down port 80. A SPI firewall will just allow it through because it conforms to the port sessions it is keeping track of.

Enter next generation firewalls which are also referred to as deep packet inspection (DPI) firewalls. These firewalls will actually peer into the packet data and see if the traffic inside of the packet conforms to the port number it is traveling over. These firewalls can also have rules set where you can allow/block traffic based on application/protocol. So these firewalls no longer only filter based on port number. However, doing this type of filtering taxes the hardware significantly. You won't find DPI firewalls with any SOHO product. And there are no freeware/open source products I know of which utilize DPI including the two you've referenced.

If you want to gain access securely to your camera feeds, I would recommend you set up a VPN server on your network. This is how I gain access to my camera feeds. I do not expose anything sensitive directly to the internet. The solution I'm using are as follows: SonicWall TZ400W (DPI) for my edge firewall and a SonicWall SSL VPN virtual appliance for remote access. The SonicWall SSL VPN solution has a mobile client which allows me to connect securely from my Android phone. Both solutions are not cheap and I have them due to my line of work.

Let me know if you have any specific questions.
I set up openvpn with untangled but my feeds are really slow through VPN, they also cut in and out. If I use TeamViewer to remote into that pc and look at the feeds, they are great. Anything I need to do on VPN settings?
Appreciate 0
Quote