VPN question
I am considering build a Virtual Private Network for remote security camera viewing. I don't want to do basic port forwarding for security reasons. I have found that VPN's can be hardware such as ...
Forum Discussion
I am an expert. First off you have to understand that VPN doesn't mean much without knowing the points the virtual private network is connecting. VPN services are designed to secure your browsing, not connect you to your home network and will provide no help with accessing your local security cameras (which I believe is what you want to do).
IMO using any consumer grade router VPN solution is a huge mistake. If you want to access security cameras at your home there are 3 reasonable options:
A) Buy cameras that connect to a service provider that has a means to view remotely. Personally I don't trust any of these providers, however you may find the risk acceptable.
B) run security camera monitoring software that pushes security camera data to the cloud, very similar to above but not built into the cameras. May be more secure that relying on camera manufacturer, typically more likely to patch however you'll need to keep up on your local software patching. iSpy might be useful in this regard: http://www.ispyconnect.com/
C) run a hardened SSH server on your local network, only auth with pre-shared keys, SSH2 run on an odd port and restricted tunnels. There are plenty of resources for SSH server best practices. Doing this can provide easy access to local resources, and depending on how configured can be very secure.
I use method C, however I also live this stuff. Doing anything with a decent level of security requires knowledge and continuing education that most will not be able to manage.
"A" using 'cloud connected' cameras is probably the least work, and least secure due to hardware providers being notoriously lazy about patching as well as often leaving backdoor hard coded passwords.
"B" may be a better choice, your cameras are not connected to the public network only connection is from software to remove server. It will require maintaining a local server 24x7, power backup if you care about downtime..etc...
in short, there is no easy answer ;-)
IMO using any consumer grade router VPN solution is a huge mistake. If you want to access security cameras at your home there are 3 reasonable options:
A) Buy cameras that connect to a service provider that has a means to view remotely. Personally I don't trust any of these providers, however you may find the risk acceptable.
B) run security camera monitoring software that pushes security camera data to the cloud, very similar to above but not built into the cameras. May be more secure that relying on camera manufacturer, typically more likely to patch however you'll need to keep up on your local software patching. iSpy might be useful in this regard: http://www.ispyconnect.com/
C) run a hardened SSH server on your local network, only auth with pre-shared keys, SSH2 run on an odd port and restricted tunnels. There are plenty of resources for SSH server best practices. Doing this can provide easy access to local resources, and depending on how configured can be very secure.
I use method C, however I also live this stuff. Doing anything with a decent level of security requires knowledge and continuing education that most will not be able to manage.
"A" using 'cloud connected' cameras is probably the least work, and least secure due to hardware providers being notoriously lazy about patching as well as often leaving backdoor hard coded passwords.
"B" may be a better choice, your cameras are not connected to the public network only connection is from software to remove server. It will require maintaining a local server 24x7, power backup if you care about downtime..etc...
in short, there is no easy answer ;-)
