Helping me testing my Cams

[khofo]

Hello Guys,
I am a bit paranoiac when it comes to privacy and I learned hacking basically for not being hacked. Yesterday I installed some cameras over the house and connected them to my hub they are controlled over ip. So I would like to test how secure these cams are I have Kali Linux installed and I want to know if someone can have access to them if he is connected to my wifi. If there any method that is know or techniques to try to "take over" my cams so I can set countermeasure. I really never tried it before. I don't want in details tutorial just the tool and a general idea.
Thanks fellow hackers

[Architect]

Please tell me you have a DMZ. If not, yes, they're internet accessible and you deserve to get your cameras hacked.

[Kulverstukas]

Well generally IP cams (if that's what you are referring to) have a simple log-in interface with no break-in countermeasures. Cheaper cams just gives you a basic HTTP auth window which can be easily brute-forced with shit like THC-Hydra or Medusa (personally I like Medusa more).
For countermeasures, I'd say, if it is possible, assign them local static IPs from your router DHCP and only make them accessible from the inside of your LAN. Oh and set an uber strong password too.

[iTpHo3NiX]

For countermeasures, I'd say, if it is possible, assign them local static IPs from your router DHCP and only make them accessible from the inside of your LAN. Oh and set an uber strong password too.

I just wanted to say that he mentioned that if they're connected to his wifi if they would be able to break in...

At a security standpoint and you want to be super paranoid, simply don't put the cameras online, however if you want the cameras to be viewed online, the most secure way to go about doing it is to have them only connectable from a VPN. Lock them to just a VPN and connect to your VPN to get access to your cameras. However if that's not an option a 15  character alpha-numeric non-dictionary password should suffice as it would take a LONG while to bruteforce that sumabitch.

Then who's to say what IP cams you're using and whether their remote viewing software has public or private exploits/bypasses and his dorkable or gets indexed with google.

[khofo]

Okay,
Thanks I am actually not connecting then to the intenet in my house I have multiple PC's and routers all connected to a hub where there is HDD's and managing and my cams are connected there 

[Architect]

@DeepCopy: That would be a bad idea in case his VPN decides to go offline or for any reason is not available, then he would be completely locked out.

Typically you want an internal network for the CCTVs which are separated from the internet, and completely isolated from any other network devices. Alternately you could just block everything by using iptables or straight from your router, and only allow certain IP's (like your controller PC) Basically this means you have maybe a router, switch, few laptops, desktop, and none of these can communicate with the cam setup but the one you need. And yes, strong passwords, a DMZ and maybe an IPS/IDS on the network with the cams (but all networks have/should have something similar if running security cameras).

Also note that you should not use common ports for these devices, which should prevent most skiddy attacks.

How many cameras are you trying to setup? I have experience with these things, not the setting up part but the "access" part. And I will tell you that most people have no idea how to really do it the correct way which leads them to getting their systems owned. That includes home and industrial CCTVs.

[iTpHo3NiX]

@DeepCopy: That would be a bad idea in case his VPN decides to go offline or for any reason is not available, then he would be completely locked out.

Are you sure you know what you're talking about? I've set up cameras for businesses that insisted they be able to opporate their cameras remotely although I strongly advised against it. The fact of the matter is no cameras should be online. The most secure way is to put them behind a VPN. So the setup would be offline cameras on a LAN with your VPN, the VPN acts as a gateway to the LAN with the cameras. Strong VPN password as well as DVR password.

So if his VPN goes out he can go home and restart it and his cameras wont be accessible in the meantime.

[Architect]

Yes, I know what I'm talking about. If his VPN is down indefinitely, how does he access a service hardwired to only accept connections from there and not elsewhere? Do you understand what I'm saying?

[iTpHo3NiX]

Yes, I know what I'm talking about. If his VPN is down indefinitely, how does he access a service hardwired to only accept connections from there and not elsewhere? Do you understand what I'm saying?

No I do not understand what you are talking about. He controls his VPN. A VPN is a Virtual Private Network. Its not a remote service that he connects to it's at his home. He sets up the VPN with something like OpenVPN server. Why would his VPN be down indefinitely? Its at his house, if there's an issue he goes and resets his box he's using as a VPN server. On top of that his cameras are at his own house.

Let me break this down as simple as possible

IP cameras connected to local lan with no direct access to the internet. On a seperated isolated network has a VPN that's connected to the isolated network thats has the IP Cameras, so the VPN is the only way to connect to his private LAN cameras. That way he needs to connect to his VPN as the only way to establish a LAN connection to his cameras.

He controls the VPN at home along with the cameras, so how is his VPN going to go down indefinitely? It's at his house along with the cameras?



Ex of how to set an OpenVPN up
http://www.instructables.com/id/Host-Your-Own-Virtual-Private-Network-VPN-with-O/?ALLSTEPS

[Architect]

Dude, you realize you never mentioned it would be a home VPN server, so don't be a dick.

[iTpHo3NiX]

Dude, you realize you never mentioned it would be a home VPN server, so don't be a dick.

Thought it was pretty straight forward... I wasn't being a dick, you just kept telling me how bad my suggestion was without even understanding what I was saying...

Plus 4 posts up I stated:

...
The most secure way is to put them behind a VPN. So the setup would be offline cameras on a LAN with your VPN, the VPN acts as a gateway to the LAN with the cameras.
...
So if his VPN goes out he can go home and restart it and his cameras wont be accessible in the meantime.

[Architect]

Then I probably misread what you were saying

[iTpHo3NiX]

Then I probably misread what you were saying

I said VPN and you automatically assumed a server in some distant country with a VPN server installed as an anonymity method that it's commonly used for instead of its original purpose to be able to connect to your local network from a remote connection.

Could also be set up the same way via SSH as well btw

[lucid]

Alright alright, twas a simple misunderstanding. I don't want to lock this so just stop arguing.

[proxx]

Hello Guys,
I am a bit paranoiac when it comes to privacy and I learned hacking basically for not being hacked. Yesterday I installed some cameras over the house and connected them to my hub they are controlled over ip. So I would like to test how secure these cams are I have Kali Linux installed and I want to know if someone can have access to them if he is connected to my wifi. If there any method that is know or techniques to try to "take over" my cams so I can set countermeasure. I really never tried it before. I don't want in details tutorial just the tool and a general idea.
Thanks fellow hackers

Are the camera's connected wireless or over ethernet ?
If they are connected wireless you are fucked basically, there is nothing more stupid than this.