How to create a safe way to access my home webcam?
Here's the problem. I own a Foscam cam that is used as a security camera. I haven't used it from external networks before, because I know they have their problems with login (no ssl support for login and more).
I tested a setup like this, and it works, but is it at all safe?
-Sense connected to adsl router with cable
-Adsl set in routing mode
-Port forwarding on adsl router with change of port
-Of course a second port forward on Sense (had to change management device to iPad, why can't multiple management devices be allowed?). No port change here because thet didn't work
-Foscam connected via wifi to Sense network
So I can access the cam from external network using dynamic dns services. But I don't feel a bit more secure. Still the frontend is unsecured and one port is opened from external network to my cam. The cam is on the same network as my other devices, so if someone hacks my cam they have access to the rest? I don't see any feature on Sense blocking this?
So Sense should have incoming vpn, ssl termination or separate networks for different types of devices.
Long text, short question.
Does Sense have a solution to make access like this secure? I know the biggest problem is Foscam who doesn't implement the right security options. If someone can access your Sense network, do they have access to all the non secured devices in your network?
It’s a difficult “philosophical” question, ie, should I use something known to be “weak” in cyber security? Really hard to say. Opening a port has its risks.
And yes, more layers of security would be there with VPN and network segmentation.
We are planning to add such features later on but currently they are not there.
One possibility is to run an application elsewhere on the network that accesses the webcam. For example, ISpyConnect. I can't vouch for the security of ISpyConnect but it would have to be very bad to be worse than many of the cheap IP cams out there!
Personally I use Synology Surveillance Station but external access only via VPN.