Video Screencast Help

Cheap home/ SME DIY cctv security idea for computer/DVR/mobile CCTV IP camera equiptment

Created: 03 Feb 2013 | 1 comment


The company I work for sells cheap CCTV equipment for the home and small to medium size businesses in the UK. I sometimes get asked on cheap and simple ways to secure their IP CCTV camera / DVR surveillance system.

At the moment, the standard procedure is to just hook their CCTV equipment to the internet and the customer views and control their DVR/ camera remotely through their iphone/ ipad/ laptop etc... The only real protection they have is their computer firewall and a usename and password they set up once the CCTV system was installed. With all these programmes on TV, showing hackers easily being able to hack into company's security system, it leaves one wondering if having so many cameras in the house would be really beneficial? The worry is that these cameras can show burglars that no one is home. Is there a simple and cheap method to resolve this concern, and how easy would it  be a hacker to control someone’s home/small office CCTV system. 

All ideas are welcome.

Kindest regards


Comments 1 CommentJump to latest comment

Mick2009's picture

Hi Sam,

The DVR systems that I have seen (only a few of them, I must admit) have had an option to run a web server and allow remote users to monitor from anywhere in the world.  These have allowed login through either a webpage or via an app on a smartphone, like you say.  I have connected a few to iPads (as an example). It is cool technology and can be extremely useful.

As you mention, the defenses preventing an attacker from hacking in to these CCTV/DVR systems and viewing your cameras/recordings come down to two:

  1. obscurity (who would bother to come looking)? and
  2. strong username and password (can just anyone login)? 

The best defence would be to not advertize the make and model of the DVR system, or that there is a web-viewing option at all.  Ensure that there are very strong usernames and passwords configured, and check the logs to see if any connection attempts are being made.  If it is possible, configure the system to lock out failed logins after a few failed attempts.

And, of course, if this web option is never being used... don't run that webserver service!  &: )  

Hope this helps!

With thanks and best regards,