Announcement

Collapse
No announcement yet.

Blue Iris Computer - Network Setup Recommendations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Blue Iris Computer - Network Setup Recommendations

    I am going to set up 4 IP security cameras using a dedicated Blue Iris computer. What is the most practical, secure way to set up the camera system? I have read suggestions to use a VPN on my router, and to shut down the ability of the cameras to phone home. Is it ok to connect the PoE switch that is running the cameras into my main switch, or is that a security risk? I see that some have installed a second NIC in the Blue Iris machine, allowing one NIC to talk to the cameras, and the second to interface with the rest of the main network.

    I am looking for a suggestions or a guide on how to accomplish the appropriate setup.

  • #2
    I'd have to know more about your network specifically to properly answer the question.

    If you have 2 seperate networks and they are connected together at the same host machine, all you have done is created a bridge between them -- which then mitigates any security you have in place from a network perspective.

    I would set up your cameras and blue iris server on a "security vlan" and only allow those cameras to talk to the Blue Iris server and not the Internet for example. Another network would be for your users/laptops/phones and so on. Therefore, no one on your "user" network can get into your security cameras and so on. I've achieved this with a Ubiquiti Security Gateway and several switches.

    Comment


    • #3
      Right now I have a Netgear Orbi router. The cable modem is a separate device, and is connected via Ethernet to the Orbi. I have a 24-port switch that handles all of the Ethernet connections, and is connected to the router. I will be installing a separate PoE switch for the cameras, and I was initially planning to connect the PoE switch to one of the ports in the main switch. Currently everything is on a single LAN (router is 192.168.1.1)

      Comment


      • #4
        I also have BI. It is on the same server as HS3.

        There was a youtube video I watched about network security and it discussed a 'three router' solution. That is what I have implemented. In front of those routers is a pfSense firewall with rules that control what comes in or out of each network. All of my home automation devices are on the IOT network and few are able to get out of that network. On the IOT network, only known devices are allowed to connect. This is controlled by DHCP only providing IP addresses to known mac addresses. Hopefully this configuration is secure.

        Here is the video:
        https://www.youtube.com/watch?v=tsSFzq_m9Vo

        Comment


        • #5
          We use UniFi equipment and its built in VPN. We run native iOS VPN on our cellphones. This way, there are no open ports.

          All communication functions of the camera except TCP/IP and Onvif are disabled. No UPNP on the cameras nor on our router.

          Click image for larger version

Name:	A2833449-D051-4604-B7FA-F38E009E86C7.jpeg
Views:	1
Size:	40.0 KB
ID:	1294831
          Michael

          HS3 Pro 3.0.0.470 | 849 devices | 349 events | OpenSprinkler | BLShutdown | EasyTrigger | NetCAM | Harmony Hub | Sonos | SDJ-Health | BLUPS | PHLocation | BLBackup | BLLock | Z-Wave 3.0.1.243 | weatherXML | Pushover 3P | Blue-Iris | AirPlaySpeak

          Comment


          • #6
            A good resource for cameras, Blue Iris and VPN setup is ipcamtalk.com
            Michael

            HS3 Pro 3.0.0.470 | 849 devices | 349 events | OpenSprinkler | BLShutdown | EasyTrigger | NetCAM | Harmony Hub | Sonos | SDJ-Health | BLUPS | PHLocation | BLBackup | BLLock | Z-Wave 3.0.1.243 | weatherXML | Pushover 3P | Blue-Iris | AirPlaySpeak

            Comment


            • #7
              Originally posted by Rvtravlr View Post
              We use UniFi equipment and its built in VPN. We run native iOS VPN on our cellphones. This way, there are no open ports.

              All communication functions of the camera except TCP/IP and Onvif are disabled. No UPNP on the cameras nor on our router.
              Can you give me a list of the UniFi equipment that you are using? I have heard UniFI mentioned a few times here before, but don't know much about it. As mentioned above, I am using an Orbi mesh router, which does have VPN capabilities.

              Comment


              • #8
                Originally posted by socalsharky View Post

                Can you give me a list of the UniFi equipment that you are using? I have heard UniFI mentioned a few times here before, but don't know much about it. As mentioned above, I am using an Orbi mesh router, which does have VPN capabilities.
                You might find these articles of interest. Link
                -Wade

                Comment


                • #9
                  Here is a good resource that helped me setup Ubiquity gear and create a secure vlan for IP camera and BI.

                  https://www.handymanhowto.com/ubiqui...etwork-design/

                  I have a similar setup with a edge router ERPOE5 and a Edge Switch ES-24 250W Poe managed switch. Kind of overkill but will power as many cameras as I can install. Also have two AC AP Pro access points that are poe and give excellent home Wi-Fi coverage.




                  Sent from my iPhone using Tapatalk
                  Attached Files

                  Comment


                  • #10
                    Originally posted by bmsmithvb View Post
                    I'd have to know more about your network specifically to properly answer the question.

                    If you have 2 seperate networks and they are connected together at the same host machine, all you have done is created a bridge between them -- which then mitigates any security you have in place from a network perspective.

                    I would set up your cameras and blue iris server on a "security vlan" and only allow those cameras to talk to the Blue Iris server and not the Internet for example. Another network would be for your users/laptops/phones and so on. Therefore, no one on your "user" network can get into your security cameras and so on. I've achieved this with a Ubiquiti Security Gateway and several switches.
                    I have been looking into the Ubiquiti gear. Could you go into some more detail about your equipment and network configuration? Thanks!

                    Comment

                    Working...
                    X