Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Topics (not sure which fora)
when not sure where to post, post here and mods will move it to right forum.

Moderators: leecollings, remb0

manjh
Posts: 708
Joined: Saturday 27 February 2016 12:49
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.2
Location: NL
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by manjh »

R0yk3 wrote: Thursday 21 September 2017 13:42 Why not use a vpn connection?
Sounds like a better solution.
Hans
dervogt
Posts: 26
Joined: Thursday 30 June 2016 9:00
Target OS: Raspberry Pi / ODroid
Domoticz version: BETA
Location: Amsterdam
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by dervogt »

how about using the login page of domoticz together with the well documented reverse nginx proxy setup from the wiki, this is as secure as you can get at this moment of time.....
jannl
Posts: 625
Joined: Thursday 02 October 2014 6:36
Target OS: Raspberry Pi / ODroid
Domoticz version: 2022.2
Location: Geleen
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by jannl »

That is indeed the best solution I think, but a bit harder to configure for a lot of people
manjh
Posts: 708
Joined: Saturday 27 February 2016 12:49
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.2
Location: NL
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by manjh »

jannl wrote: Thursday 21 September 2017 14:14 That is indeed the best solution I think, but a bit harder to configure for a lot of people
Well, after upgrading my Domoticz server HW to a R-Pi-3, I have a spare type-2 laying around. I'll have a go at setting that up as VPN server.
Or is it safe enough to run VPN on the same Pi as Domoticz?
Somehow it "feels" like a better solution to keep them separate, but.... :oops:
Hans
jannl
Posts: 625
Joined: Thursday 02 October 2014 6:36
Target OS: Raspberry Pi / ODroid
Domoticz version: 2022.2
Location: Geleen
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by jannl »

Seperate seems better. My VPN runs on my router (Fritzbox)
manjh
Posts: 708
Joined: Saturday 27 February 2016 12:49
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.2
Location: NL
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by manjh »

jannl wrote: Thursday 21 September 2017 15:44 Seperate seems better. My VPN runs on my router (Fritzbox)
Ah, there's an idea! I have a modem from my supplier that might hack it, and if that doesn't I can always try my own router (Netgear R9000). Thanks for the tip! I hadn't thought of that. :)
Hans
Jan Jansen
Posts: 229
Joined: Wednesday 30 April 2014 20:27
Target OS: Raspberry Pi / ODroid
Domoticz version: Stable
Location: The Netherlands
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by Jan Jansen »

jannl wrote: Thursday 21 September 2017 15:44 Seperate seems better. My VPN runs on my router (Fritzbox)
Why do you think it seems? What are the real risks?
jannl
Posts: 625
Joined: Thursday 02 October 2014 6:36
Target OS: Raspberry Pi / ODroid
Domoticz version: 2022.2
Location: Geleen
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by jannl »

As long as the vpn is not the first entry point, other hosts might get exppsed. Also depending on the security of your router.

Verstuurd vanaf mijn SM-G930F met Tapatalk

Jan Jansen
Posts: 229
Joined: Wednesday 30 April 2014 20:27
Target OS: Raspberry Pi / ODroid
Domoticz version: Stable
Location: The Netherlands
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by Jan Jansen »

I installed Domoticz and Openvpn on 1 rpi. In my router I only opened the openvpn port. At this point I'm a noob but I thought I'm safe. Now I'm beginning to doubt. Is that doubt right?
jannl
Posts: 625
Joined: Thursday 02 October 2014 6:36
Target OS: Raspberry Pi / ODroid
Domoticz version: 2022.2
Location: Geleen
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by jannl »

You are safe enough. No one will ever be 100% safe. Keep everything updated and you are good.

Verstuurd vanaf mijn SM-G930F met Tapatalk

R0yk3
Posts: 37
Joined: Sunday 24 July 2016 21:51
Target OS: Raspberry Pi / ODroid
Domoticz version: beta
Location: the Netherlands
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by R0yk3 »

manjh wrote: Thursday 21 September 2017 17:08
jannl wrote: Thursday 21 September 2017 15:44 Seperate seems better. My VPN runs on my router (Fritzbox)
Ah, there's an idea! I have a modem from my supplier that might hack it, and if that doesn't I can always try my own router (Netgear R9000). Thanks for the tip! I hadn't thought of that. :)
I let my (ziggo) router put in Bridge modus. So my router (r7000 with merlin firmware) handles directly the VPN requests. Works like a charm behind that i have my domoticz behind a password no https.
Raspberry PI 3, raspbian, ZwaveMe, RFLink
manjh
Posts: 708
Joined: Saturday 27 February 2016 12:49
Target OS: Raspberry Pi / ODroid
Domoticz version: 2020.2
Location: NL
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by manjh »

I decided to go the safe way: installed a VPN server, added it to my Domoticz R-Pi3.
Installation was really simpel: PiVPN. Check it out, it installs itself and only asks for a few minor things.
CPU load on the R-Pi did not increase much, it used to be at a steady 3%, now at 4.5%. Still well within safety margins.
Hans
Derik
Posts: 1601
Joined: Friday 18 October 2013 23:33
Target OS: Raspberry Pi / ODroid
Domoticz version: BETA
Location: Arnhem/Nijmegen Nederland
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by Derik »

how can i install fal to ban on my rpi near domoticz?
Xu4: Beta Extreme antenna RFXcomE,WU Fi Ping ip P1 Gen5 PVOutput Harmony HUE SolarmanPv OTG Winddelen Alive ESP Buienradar MySensors WOL Winddelen counting RPi: Beta SMAspot RFlinkTest Domoticz ...Different backups
User avatar
Egregius
Posts: 2582
Joined: Thursday 09 April 2015 12:19
Target OS: Linux
Domoticz version: v2024.7
Location: Beitem, BE
Contact:

Re: Dutch Newspaper: poor security for public camera’s. Specific Domoticz-install also vulnerable!

Post by Egregius »

apt-get install fail2ban?
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 1 guest