Community home

Br04dB4ndAl · ‎02-05-2021

Hi,

I just received my new THG 3000 Router following an upgrade but notriced on the order paperwork it's designated "Lite".

Does this mean there are versions and I've received the cheaper one?

Also, why is it run by Vodafone Firmware? I understaood this was supposed to be a highly capable top of the line Router yet it doesn't even have a built in VPN - essential for security cameras to avoid being hacked ( the alternative is to port forward which = free hacking for everyone on your network and botted cameras).

Given the prevalence of CCTV cameras these days in people's home, you'd have though that Vodafone would have included a VPN facility in their router (I'm gueessing the aprent router it's based on has one), unless of course there is a non "Lite" version and I got the crappy one.

Anonymous · ‎06-05-2021

I have a couple of those old easily hackable cameras - they are sat in a bin with a pile of other network equipment that I may dismantle or repurpose at some point! The ones I have were fine, just so long as you used the correct app to access them remotely and your local network was properly (securely) configured - sure if not any moron could view them using just a web browser.

I now have some more modern cameras, and their internals apear locked down much better!

As for VPNs, I think I've posted a few times on here about setting up using VPNs. VPNs are great if you want to create the illusion of a network that spans locations, or you want to shield your devices when you are remote working and can't trust the network you are on. But frankly, beyond that, a great deal of guff is talked about them. Router-level VPNs especially, if not properly configured they can potentially open up your entire home network to hackers.

Have I been known to port forward? Yup, and sometimes I've even brave enough to use uPNP! When port forwarding though it's always going to be assumed that you are taking measures to use as much security on those ports as you can - such as ghosting them (stealth) or setting up tarpits along with complex usernames and passwords.

There is no panacea for network protection, but there are ways you can stress test your own networks (never stress test someone else's network without permission) and the security of each individual device on your network. Properly configured cameras, on a properly configured network, should be sufficient to defeat all but seriously knowledgeable hackers!

Br04dB4ndAl · ‎11-05-2021

All cameras can be hacked Keith even those from top commercial vendors.

Here was a single reported hack against a professional security installer - 150,000 cameras allegedly compromised:

https://www.bbc.co.uk/news/technology-56342525

I doubt these were cheap AliExpress Cameras given the companies where they were allegedly installed eg inside Tesla, Police Stations, Hospitals, Schools.

gipjon · ‎11-05-2021

one of the biggest issues here is. A lot of the time. the software developing company make the software and the staff are the ones doing the viewing or selling the access route etc,

so in simple terms,

my cameras are open to anyone, don't see the point in trying to make them secure because if someone wanted to hack them they can and will, so don't have a camera in the bedroom or bathroom etc. you need to be sensible where you put them and having open camera systems is great for the neighborhood watch users

support your local neighborhood watch

Br04dB4ndAl · ‎12-05-2021

As I said above there's no charge to a router based VPN, EVER.

It's entirely different to a VPN service - one provides a secure connection to your router from a mobile device eg remote viewing on your mobile phone of your cameras, the other is a service you pay for to try and hide your browsing from your ISP.

The router one is entirely free. There is no 3rd party watching as there are no servers or services. You pay for nothing. The connection is your router one end your mobile device the other.

As for having the CCTV cameras port forwarded and unsecure it's only a matter of time before you either lose them or they become part of the wider problem of DDos attacks on large companies.

There's little more I can say on the subject. Go to www.ipcamtalk.com and ask the opinion there about port forwarding or if anyone's ever had cameras hacked. It's a well known CCTV forum full of professionals and amateurs. Just treat the admin Fenderman with kid gloves as he has a reuptation for being a bit ban happy.

gipjon · ‎12-05-2021

I think there should be a law to make all live camera available to every one . As most camera are illegally recording the neighbour's property. If you are film by a security camera there is a law to say you can request a copy of the video so you dont even have to hack. you can just request a copy

Keep Britain great unlock the cameras

Br04dB4ndAl · ‎12-05-2021

There is a law already - its' the GDPR.

If a camera is filming anything other than the owners own property, then it's covered by GDPR rules and you can request a copy of any footage that has you in it and they have to supply it.

Equally if you believe your property is bering filmed illegally (and not incidentally by a camera focused on the owners property), then you can complain to the Information Commissioner.

https://ico.org.uk/your-data-matters/domestic-cctv-systems-guidance-for-people-being-filmed/

Anonymous · ‎12-05-2021

So let me get my head around this. We are now talking about running a VPN server on the router - I would assume this would be OpenVPN - along with a VPN client on a mobile or other devices, and a pure IP based security camera on the local network? This approach also involves preventing the camera from having any internet access whatsoever, but obviously, the VPN client is seen as local...

In order to run a decently secure VPN server, you need a better than average router, and unless an ISP were to provide a Fritzbox (eg Zen Internet) I think it's beyond most ISP routers! Configuring an OpenVPN client to connect to your own hosted VPN server is not something that most people would ever do, and in order to make the tunnel secure, it takes a bit of work - do half a job and you are in danger of making your entire network insecure! In this day and age I'd not be running a pure IP camera anyhow, and the cameras I have don't need any open ports on the router.

I think even if this were possible with the VF equipment the first time you called customer support their heads would explode!!!

I also presume you are dead against network-enabled printers? It is important with these to figure out just how much remote access you need.

gipjon · ‎12-05-2021

Have you seen how much the ink cost nowadays

Anonymous · ‎12-05-2021

I have an ink tank printer, which is incredibly frugal with the ink. I can print to it remotely, but it's turned off when I'm away from home and so only prints out when I get home and power it up. If it were to receive a document from elsewhere I can always cancel it!

Regards the client/server setup for accessing security cams, I've had a play with this and can set up the VPN, however, the cams appear to use P2P protocols and with the cams regular internet access disabled they won't connect. Enable the cams internet, and they can then be accessed over the VPN with the client appearing to them to be on the home network, however, turn off the VPN and they are then accessible over the internet anyhow. *Oh, and not having a static IP address it of course means that I needed to enable the DDNS client, which increases security risks a little!

Br04dB4ndAl · ‎13-05-2021

@Anonymous wrote:
So let me get my head around this. We are now talking about running a VPN server on the router - I would assume this would be OpenVPN - along with a VPN client on a mobile or other devices, and a pure IP based security camera on the local network? This approach also involves preventing the camera from having any internet access whatsoever, but obviously, the VPN client is seen as local...

In order to run a decently secure VPN server, you need a better than average router, and unless an ISP were to provide a Fritzbox (eg Zen Internet) I think it's beyond most ISP routers! Configuring an OpenVPN client to connect to your own hosted VPN server is not something that most people would ever do, and in order to make the tunnel secure, it takes a bit of work - do half a job and you are in danger of making your entire network insecure! In this day and age I'd not be running a pure IP camera anyhow, and the cameras I have don't need any open ports on the router.

I think even if this were possible with the VF equipment the first time you called customer support their heads would explode!!!

I also presume you are dead against network-enabled printers? It is important with these to figure out just how much remote access you need.

There are routers, even recommended ones (PC Mag) for less than £60 with built in VPN:

https://www.amazon.co.uk/TP-Link-C7-Wireless-Supports-Parental/dp/B00CEB53MS?tag=pcmaguk-21&ascsubtag=06Nl8eElvs6bC9DbzLPjdyp

https://uk.pcmag.com/routers/8151/the-best-wireless-routers

A network enabled printer is usually on the Lan (local network) not WAN (internet) and if wifi is safe provided WAP is enabled.

I'm all out of VPN explanations and details on setup so I'm going to direct you to the aforementioned CCTV site as maybe they can make the reasons for using a VPN and it's setup more understandeable:

https://ipcamtalk.com/threads/vpn-primer-for-noobs.14601/

Community home

THG 3000 Lite / Lack of VPN?