I have 4 outside security cameras connected to a digital recorder which in turn is wired to my modem. I have a phone app which allows me to access my live cameras when I am not home. Last month my remote access stopped working. I had my private security man come out to the house and my port forwarding was no longer set up. We reconfigured the port forwarding which now works, however I am getting threatening messages from Xrinity that my system is at risk. They claim that they have blocked 25 attempts to access my computers and recommend that I disconnect the port forwarding. Not sure what to do.
Hi there, Joepict1. We want to help! We understand your security risk concerns and we're here to help! Did you guys go through the steps listed here: https://comca.st/3q9FDl0 and do you know if anything else was done setting-wise to the modem?
I had IT help with this. I do not have xFi so we tried to use the admin option. As I recall, Xfinity steered us to another port forwarding option which was quite seamless and worked well. I'm concerned about the potential intrusion upon my network by outside sources
@Joepict1 I would be happy to take a closer look into your unique situation. Can you send me a private message with your full name and service address? To send a private message, you can click my username and then select send message. I look forward to hearing from you.
Actually, you should be concerned if you exposed a port to a device that you don't control the software or firmware on, because you want to use a phone app.
In a bit of funny irony, it turns out "Security" devices like camera DVR's and IP cams have some of the the worst security out there. Although your camera images may be of interest, what they are usually after is your financial data. Your phone app becomes an attack vector to whatever is on phone when you connect to a hostile device. These devices have also been known to use DNS attacks to try to spoof internal devices on the same network into contacting hostile sites, or by effectively becoming a man in the middle to steal credentials.
US-CERT recommends you do not expose these devices to the internet, and that you place them on an internal network that is isolated from everything else you have connected to your gateway.
Instead of exposing these devices directly with a port forward, place an actual server or appliance on the same network with the device. Something running OpenVPN, Wireguard or an SSH server with tunneling to field an incoming connection to your isolated network, is a much better way to accomplish this. You then have control over the software for your inbound connection and can patch it when security issues are found.
If someone told you to just blast open a port to a DVR......you got really bad advice. Probably not what you want to hear, but it is the truth.