01304 827609 info@use-ip.co.uk Find us

Secure network for Hikvision Camera?

Moley8

Member
Messages
14
Points
3
Hi all, bit of a brain overload (probable my 62 age) at the moment so can someone point me on the correct path please.
Current camera is DS-2CD2347G1-LU with SD card and will be used as standalone for a while.

(I currently have the setup of Virgin modem in bridge mode / Asus router with home I.O.T and guest networks, cat6 cable to unmanaged TP Link SF-1005P POE+ Switch and then cat6 cable to pc and camera)

I Got the camera up and running as per my diagram. I could alter settings etc on the camera, not tried yet but from reading and youtube and before i venture further on my cctv journey i cant get my head around how to secure my LAN network which is what i have read i need to do, as in putting camera on its own LAN.
i think i understand a VLAN is for wifi/wireless only and if i had a NVR it would seperate the networks to view the camera or if i had a pc with dual NIC.
Do i need to read and learn about subnets or my pc the public or private network settings (currently set as public) or wait till i buy an NVR.

I havent played around with the camera yet or is it connected to the internet until i understand about securing the network or separate LAN?
(So camera and switch is bypassed to use internet at moment)

Hope this makes sense and appreciate any help, ty
 

Attachments

  • setup1.jpg
    setup1.jpg
    2.7 MB · Views: 177
Hi all, bit of a brain overload (probable my 62 age) at the moment so can someone point me on the correct path please.
Current camera is DS-2CD2347G1-LU with SD card and will be used as standalone for a while.

(I currently have the setup of Virgin modem in bridge mode / Asus router with home I.O.T and guest networks, cat6 cable to unmanaged TP Link SF-1005P POE+ Switch and then cat6 cable to pc and camera)

I Got the camera up and running as per my diagram. I could alter settings etc on the camera, not tried yet but from reading and youtube and before i venture further on my cctv journey i cant get my head around how to secure my LAN network which is what i have read i need to do, as in putting camera on its own LAN.
i think i understand a VLAN is for wifi/wireless only and if i had a NVR it would seperate the networks to view the camera or if i had a pc with dual NIC.
Do i need to read and learn about subnets or my pc the public or private network settings (currently set as public) or wait till i buy an NVR.

I havent played around with the camera yet or is it connected to the internet until i understand about securing the network or separate LAN?
(So camera and switch is bypassed to use internet at moment)

Hope this makes sense and appreciate any help, ty
It's fine as it is. There are users who put cameras on separate VLANS but it's a little extreme for home use IMHO. If you want to be able to remotely view your camera, there are 3 options:

1 - Port forwarding in the router. After setting a static IP address on your camera, you set up port forwarding for the server (default port 8000) and RTSP (default port 554) in the router, forwarding those two TCP ports to the camera. Pro's: Fastest access not needing the cloud service. Con's: Opening ports in the router is considered insecure. No event notifications are possible from your camera to your phone app.

2 - VPN. Camera has a static IP address on the LAN. You set up a VPN server on your network and you connect to this server when you want to access your camera remotely with the app. No port forwarding is needed. While connected to the VPN server, your phone is effectively on the your home network while you're away from home. Pro's: Most secure as all traffic between your device and your VPN server at home is encrypted/tunelled so that it cannot be deciphered in transit. Con's: You have to connect to the VPN server each time you want to view your camera while away from home. No event notifications are possible from your camera to your phone app.

3 - Hik-Connect Service. Camera has a static IP address on your LAN and you add the camera to your Hik-Connect account. The service uses P2P communications so no port forwarding is needed. Pro's: Easy to access your camera while home or away. Push notifications can be received on your phone and event video clips and thumbnails stored for easy review of those events. The events can be armed and disarmed remotely in your app. Playback can be filtered to only show events for 'Human' or 'Vehicle' present. Con's: It sometimes takes a monumental 3 seconds for the camera to load while you're laying on Waikiki Beach drinking a Mai Tai.

Option 3 every time for me (except the Mai tai...I preferred a bottle of Longboard Island Lager when I was there). I'll usually also add the camera to the app using its local IP address as well. That way you've still access to the camera if the free Hik-Connect service has an outage (while you're phone is also on your home network)
 
That's very informative, hadn't really delved into hikconnect as thought network had to be secured first.
I originally set the camera with a static IP address. VPN do you mean OPENVPN installed onto my router which I have been reading about.?
But I think option 3 hikconnect sounds the way forward I can live with the monumental couple of seconds.
Mucho appreciated thanks
 
VPN do you mean OPENVPN installed onto my router which I have been reading about.?
There's a couple of uses for VPN so what you have on your router could vary. VPN can be used so that all traffic on your device (where a VPN app is installed on it) or your entire network (where VPN is on the router) is encrypted to the VPN providers server. This ensures that your ISP (Internet Service Provider) cannot track which websites you use. As the VPN servers are in multiple countries, you can appear to be in another country. Uses for this include:
  • accessing streaming services that are not available own this country
  • seeing different content in Netflix as the US has a different catalogue available)
  • accessing sites that your ISP blocks (bit torrent sites for instance where apparently you can download full blu ray copies of films that have been illegally shared)
  • securing unknown connections. If you're using airport, coffee shop/pub or hotel WiFi, you've no idea of how safe that is and whether anyone is snooping on the connection. VPN on your mobile device encrypts all of your data so that it cannot be deciphered.
If OPENVPN on your router provides a server, it can work the other way around. Once configured you can create a secure encrypted connection between your mobile device and your home network. Effectively wherever you are, you have access to your home network as if you were there connected to your WiFi. Additionally your mobile devices internet access can be diverted to use your home internet connection.
But I think option 3 hikconnect sounds the way forward I can live with the monumental couple of seconds.
Definitely. It gets around the need to port forward your router, requires no special configuration and ensures that you get the full feature set of the Hik-Connect app.
 
Last edited:
Thanks very much for the information, i`ll be digesting that later. Defo on option3 thank you
 
Back
Top