Announcement

Collapse
No announcement yet.

Blue Iris Computer - Network Setup Recommendations

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • socalsharky
    replied
    Originally posted by bmsmithvb View Post
    I'd have to know more about your network specifically to properly answer the question.

    If you have 2 seperate networks and they are connected together at the same host machine, all you have done is created a bridge between them -- which then mitigates any security you have in place from a network perspective.

    I would set up your cameras and blue iris server on a "security vlan" and only allow those cameras to talk to the Blue Iris server and not the Internet for example. Another network would be for your users/laptops/phones and so on. Therefore, no one on your "user" network can get into your security cameras and so on. I've achieved this with a Ubiquiti Security Gateway and several switches.
    I have been looking into the Ubiquiti gear. Could you go into some more detail about your equipment and network configuration? Thanks!

    Leave a comment:


  • srodgers
    replied
    Here is a good resource that helped me setup Ubiquity gear and create a secure vlan for IP camera and BI.

    https://www.handymanhowto.com/ubiqui...etwork-design/

    I have a similar setup with a edge router ERPOE5 and a Edge Switch ES-24 250W Poe managed switch. Kind of overkill but will power as many cameras as I can install. Also have two AC AP Pro access points that are poe and give excellent home Wi-Fi coverage.




    Sent from my iPhone using Tapatalk
    Attached Files

    Leave a comment:


  • cc4005
    replied
    Originally posted by socalsharky View Post

    Can you give me a list of the UniFi equipment that you are using? I have heard UniFI mentioned a few times here before, but don't know much about it. As mentioned above, I am using an Orbi mesh router, which does have VPN capabilities.
    You might find these articles of interest. Link

    Leave a comment:


  • socalsharky
    replied
    Originally posted by Rvtravlr View Post
    We use UniFi equipment and its built in VPN. We run native iOS VPN on our cellphones. This way, there are no open ports.

    All communication functions of the camera except TCP/IP and Onvif are disabled. No UPNP on the cameras nor on our router.
    Can you give me a list of the UniFi equipment that you are using? I have heard UniFI mentioned a few times here before, but don't know much about it. As mentioned above, I am using an Orbi mesh router, which does have VPN capabilities.

    Leave a comment:


  • Rvtravlr
    replied
    A good resource for cameras, Blue Iris and VPN setup is ipcamtalk.com

    Leave a comment:


  • Rvtravlr
    replied
    We use UniFi equipment and its built in VPN. We run native iOS VPN on our cellphones. This way, there are no open ports.

    All communication functions of the camera except TCP/IP and Onvif are disabled. No UPNP on the cameras nor on our router.

    Click image for larger version

Name:	A2833449-D051-4604-B7FA-F38E009E86C7.jpeg
Views:	1164
Size:	40.0 KB
ID:	1294831

    Leave a comment:


  • logbuilder
    replied
    I also have BI. It is on the same server as HS3.

    There was a youtube video I watched about network security and it discussed a 'three router' solution. That is what I have implemented. In front of those routers is a pfSense firewall with rules that control what comes in or out of each network. All of my home automation devices are on the IOT network and few are able to get out of that network. On the IOT network, only known devices are allowed to connect. This is controlled by DHCP only providing IP addresses to known mac addresses. Hopefully this configuration is secure.

    Here is the video:
    https://www.youtube.com/watch?v=tsSFzq_m9Vo

    Leave a comment:


  • socalsharky
    replied
    Right now I have a Netgear Orbi router. The cable modem is a separate device, and is connected via Ethernet to the Orbi. I have a 24-port switch that handles all of the Ethernet connections, and is connected to the router. I will be installing a separate PoE switch for the cameras, and I was initially planning to connect the PoE switch to one of the ports in the main switch. Currently everything is on a single LAN (router is 192.168.1.1)

    Leave a comment:


  • bmsmithvb
    replied
    I'd have to know more about your network specifically to properly answer the question.

    If you have 2 seperate networks and they are connected together at the same host machine, all you have done is created a bridge between them -- which then mitigates any security you have in place from a network perspective.

    I would set up your cameras and blue iris server on a "security vlan" and only allow those cameras to talk to the Blue Iris server and not the Internet for example. Another network would be for your users/laptops/phones and so on. Therefore, no one on your "user" network can get into your security cameras and so on. I've achieved this with a Ubiquiti Security Gateway and several switches.

    Leave a comment:


  • socalsharky
    started a topic Blue Iris Computer - Network Setup Recommendations

    Blue Iris Computer - Network Setup Recommendations

    I am going to set up 4 IP security cameras using a dedicated Blue Iris computer. What is the most practical, secure way to set up the camera system? I have read suggestions to use a VPN on my router, and to shut down the ability of the cameras to phone home. Is it ok to connect the PoE switch that is running the cameras into my main switch, or is that a security risk? I see that some have installed a second NIC in the Blue Iris machine, allowing one NIC to talk to the cameras, and the second to interface with the rest of the main network.

    I am looking for a suggestions or a guide on how to accomplish the appropriate setup.
Working...
X