Hello Community,
I was trying to secure as much as possible the Amcrest camera I bought, abut I didn't find any place where to DISABLE the HTTP, and HTTPS:
I just found this section with the following listening ports, but I they don't have any check box to enable/disable each: (I want to disable as much ports/services as possible just allowing the internal streaming communication).
TCP
UDP
HTTP
HTTPS
RTSP
I just found sections on: DDNS, SMTP, Multicast, etc.
How can we get the cameras best secured ? (in my case it's just for internal network), so this security need is HIGHER for cameras exposed to the internet when available via mobile app.
Your guidance is welcome.
Mike
How to Disable all Protocols & Services not needed
Re: How to Disable all Protocols & Services not needed
Hello and welcome to the forum.
I only use my cameras on my LAN and I prevent access to the WAN in two ways. In the camera network settings I have deliberately entered an incorrect IP address for my network gateway. I have also explicitly denied any outgoing traffic from the cameras in my router settings.
I'm not sure but I suspect that doing this may cause occasional problems when the cameras are trying to 'call home' but they do what I need.
I only use my cameras on my LAN and I prevent access to the WAN in two ways. In the camera network settings I have deliberately entered an incorrect IP address for my network gateway. I have also explicitly denied any outgoing traffic from the cameras in my router settings.
I'm not sure but I suspect that doing this may cause occasional problems when the cameras are trying to 'call home' but they do what I need.
My AMCREST Cameras:-
2 x IP3M-941B firmware V2.620.00AC00.3.R, Build Date: 2019-12-18
1 x IP2M-841B firmware V2.420.AC00.18.R, Build Date: 2019-08-03
2 x IP3M-941B firmware V2.620.00AC00.3.R, Build Date: 2019-12-18
1 x IP2M-841B firmware V2.420.AC00.18.R, Build Date: 2019-08-03
Re: How to Disable all Protocols & Services not needed
Hello,
If you install cameras via a third party app like IP Cam Viewer (Play Store) and do NOT use P2P setup for Amcrest apps, then you do not need to attempt to disable these protocols. In fact, some of the software such as Amcrest IP Config wont' work right and you may need that software.
To secure your cameras internally only on the lan, simply ensure you don't have port forwarding enabled on your router and of course don't do the P2P Amcrest app setup.
Further, you can create the self signed HTTPS certificates and still stay internal to the lan. You can further use tools like Nessus (home use) to do port scans and see if you are visible or other live internet tools to port scan your ip address.
If you install cameras via a third party app like IP Cam Viewer (Play Store) and do NOT use P2P setup for Amcrest apps, then you do not need to attempt to disable these protocols. In fact, some of the software such as Amcrest IP Config wont' work right and you may need that software.
To secure your cameras internally only on the lan, simply ensure you don't have port forwarding enabled on your router and of course don't do the P2P Amcrest app setup.
Further, you can create the self signed HTTPS certificates and still stay internal to the lan. You can further use tools like Nessus (home use) to do port scans and see if you are visible or other live internet tools to port scan your ip address.