Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I read an article on IP cameras and it struck me odd. Sure its great if you want to keep an eye on things, but how can you be sure no one else is watching? From what I can tell the companies that make these units use linux as the embedded OS in the camera. The device is assigned an IP address when it is manufactured (which I will get to later) and you type that address in and get a web based login screen. From here you can enter your login and view the camera's output. The boxes are equiped with SMTP to e-mail pics, FTP to send data, and support PHP3.
So here is my question...is this secure? Most of the IP address's that companies purchase are in blocks and a matter of public record, so either through some smart Google searches or a little reverse engineering from a list of IP camera IP's., could you not determine other IP camera's IPs??
Then all you have to go through once you get to the login prompt is you standered cracking programs. This does not seem like a secure way to watch your home or office. The chances someone could find your IP cam's IP, hack its box, check the SMTP or FTP setup and get your e-mail, find out who and where you are, and watch you seems a little risky.
Am I being paranoid or what??
--------------------- - - -------
Awwww, what do you mean it BROKE?!?!?!
--------------------- - - --------
Stupid Windows, Computers are for Linux!!!
Originally posted by ultreen144 Am I being paranoid or what??
That's quite interesting an interesting point. I wouldn't have thought many people (if anyone) would give an IP camera a public IP address, and instead, it would be put on an internal LAN.
If you did need to access it from the web, you would set up a port forward to the PC from an external router (and employ host based access) or download the images onto an area of a website or onto a server that you have secure access to.
Generally though, I'd have thought they'd be deployed on a LAN and not publically available. If you're also worried about internal access to the cameras - if some are in sensitive areas that not employees have access to, then you would either put them on a physical network (switched networks aren't safe) or behind routers with host based control on them - but due to their (probable) dispertion across a building, that would probably work out expensive.
In general, I don't think there's been alot of thought put into these new "semi-closed-circuit" security cam gizmos that are starting to hit the market. The setup you mentioned is probably one of the "safer" ones (and calling them safe in any terms is overly kind). The more prominent models are the 802.11 wireless models. Most of the ones I've seen don't include WEP or WPA or other encryption by default. So anyone within a several mile radius with some war-driving skilz will have access to it.
With the public IP models, you could try brute forcing the password only to end up staring at a parking garage security cam in DesMoines, Iowa (no offence to anyone in DesMoines). The point being, you really have no idea of what your looking at (as far as I am aware). With the wireless models, you know that the camera is somewhere close and can even triangulate it down and pinpoint the location. Which is especially creepy if you have the thing runnning in your house.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.