Netgear Genie R7000 Port Forwarding for Security DVR

Netgear Genie R7000 Port Forwarding for Security DVR 

Within the Netgear Genie Nighthawk R7000, there is a port forwarding section you will need to access for port forwarding. To enable port forwarding on your system you will need to make “port rules” in your router to allow select traffic from the internet to allow access to devices on your network.  Without this configuration you will not be able to view your surveillance cameras remotely either online or from your phone. Therefore you must go through the steps listed below to configure your router to allow for this traffic. This particular guide is for the Netgear Genie Nighthawk R7000..

You can use this guide to help configure port forwarding on the Netgear Genie router for any device on your network.  There are two rules that must be made on your router for your security surveillance system. One rule for port 80  and one rule for port 37777. Port 80 is a port that is commonly used by other applications as well, so in the event that it is already being used by another service, you will have to use another rule such as port 8080.  For this demonstration we will use port 8080 as an example.

You must check your DVR’s network menu and change the HTTP Port from 80 to 8080 if you need to utilize a different port number.

1) Access your router

You must access your router on your home network in order to make any changes. To do this you need to find your Default Gateway(Router’s IP address) of your network. You can follow this guide {here} to find your default gateway.  For this type of router, it is commonly 192.168.1.1.  Type this IP address directly into your internet browser bar to bring up the router login screen. Here you will be prompted for your login credentials. If you do not know your login  credentials, you can check online for the manufacturer default, or call your internet service provider..

2) Navigate to Port Forwarding Section

Once you have accessed your router, you will see two tabs at the top for “Basic” and “Advanced.”

Choose “Advanced” to bring up choices on the left side of the screen. Click on the “Advanced Setup” drop down menu and from here select the option “Port Forwarding / Port Triggering.” This will bring up the menu we need to create port rules in your router.

3) Create Port Forwarding Rules

First at the bottom of the menu there will be an icon for “add custom service.” Click here to make your first rule. You will see several areas that you need to fill out to create this rule. Let’s go through the steps and make the first rule for port 8080.

3.1) Service name

This is the name you want to give your port rule.  Make it something easy to find and distinguish later, such as “port 8080.”

3.2) Service type

This is the type of service you are creating. Keep this TCP/UDP

3.3) External starting point and External ending point

Both of these options must be the port number you are creating the rule for, in this case type 8080.

3.4) Internal Starting Port and Internal ending point

Again, both of these must be the port number you are creating the rule for, in this case type 8080.

3.5) Internal IP address

This is the IP address of the device you are accessing with this port rule. The device, you want internet traffic routed to. For this, you must type in your DVR’s, NVR IP address, found in the DVR’s, NVR networking section.

After these steps are completed, hit “apply” to create this rule. You have just created the necessary port rule for port 8080. Follow these steps again and create a rule for port 37777, using the same steps but everywhere you entered 8080 before, you would now enter 37777. If you have created these two rules appropriately, you should be ready to access your DVR, NVR remotely either online or through your phone.

4) Scanning your Ports

Last, you want to make sure that the rules you configured are applied to your router and active, meaning that these ports are now open for use. You can check if your ports are open by scanning the ports.

Go to GRC.com to scan for open ports on your internet connection. This must be done from the same internet connection as to which the DVR, NVR is connected.

Click Proceed to begin, and wait for the next page to load.

When the page reloads, you will then type just the two port numbers in the search bar separated by a comma such as "8080, 37777" not  "port 8080, port 37777."  Click "User Specified Custom Port Probe" to check for open ports on your router.

Look only at the status next to each port after the scan is complete  If the status next to the ports is "Open", then the port rules should be applied correctly and you are done. If they say "Closed" then the rules were not created properly or there is some other issue happening.  If they say "Stealth" however, this points to an issue with your internet service provider (ISP). Your ISP is blocking these or all ports from being used for whatever reason and you will have to contact them to resolve this issue.

MINIMIZE VULNERABILITIES IN YOUR IP SECURITY CAMERA

MINIMIZE VULNERABILITIES IN YOUR IP SECURITY CAMERA 

A security consultant can act as an adviser for a building owner, occupant or property developer in relation to the design and incorporation of the security solutions. Clients typically require security consultants to advice on potential security threats and potential breaches, and to create contingency protocols to safeguard their organisation or assets. Every security consultant should guide about Camera vulnerabilities to there customers.

Internet Protocol (IP) cameras are an important component of state-of-the-art video surveillance systems. Unlike analog closed-circuit cameras, IP security cameras, which send and receive data through a computer network and the Internet, offer businesses a number of benefits. These benefits include the ability to monitor and control their video surveillance system remotely and a significant cost savings by allowing cloud storage of video files. However, like any device that is plugged into the Internet, without proper attention to cybersecurity, the same IP security cameras you have installed to improve security in your business may, in fact, be making it more vulnerable to physical and network attacks.

What are Hackers Looking For?

Hackers look for vulnerabilities to exploit, usually for malicious purposes. There are plenty of reasons why hackers might want to break into your IP security camera surveillance system, including some that promise potentially huge rewards:

·        They may be planning a burglary or a physical attack on your building or its occupants. If they can break into your network cameras, they can observe your physical security practices, including when guards come and go and where there are opportunities to enter the building. Once they know where and when to break in, your entire facility and all of its occupants are at risk.

·        They may want to take advantage of your business computing resources, such as your network’s processing power, for the purpose of stealing large data sets or more recently, mining cryptocurrencies.

·        To steal high-value trade secrets to sell to your competitors on the black market.

·        To steal personal information for the purposes of conducting phishing attacks to obtain credit card and banking information from individuals.

·        To install malware, such as keyloggers, to capture passwords as they are entered or ransomware that takes your system hostage until you pay the hacker to release it.

Are Your IP Security Cameras Vulnerable?

The short answer is yes. All security cameras are vulnerable to hacking. The unfortunate reality is that in today’s cybersecurity environment, the question is not whether your system will be hacked but when, which makes ongoing and proactive cybersecurity measures a must.

Hackers can break into your video surveillance system in a variety of ways. In addition to hacking the cameras themselves, they can get into your network through:

·        The computer operating system you use (e.g. Microsoft Windows, Linux, etc.)

·        The software your system uses, including digital video recording (DVR), network video recording (NVR), or video management system (VMS) software

·        Any firewall ports you may be using to access the system controls

Given these additional entry points, the security of your IP cameras depends not only on the cameras you use but also on the network technology and configuration of your system. In general, the relative security the system provides depends on how access is configured:

Most Secure — The safest system uses the local network equipped with a network firewall and virtual private network (VPN) software for access. With this type of system, the only way to get through the firewall is through a secure, encrypted connection.

An alternative to this would be to use a cloud-managed IP security camera. With this type of system, rather than opening the firewall and relying on a password to gain access to the camera on a local network, cloud-managed IP cameras are configured to communicate with a secured server in the cloud over an encrypted connection, and users gain access by linking up their devices with those servers. Cloud-managed devices offer a good alternative to locally networked systems because most cloud services monitor their servers continuously.

Least Secure — The least secure type of IP security camera is used in conjunction with a system that relies on port forwarding (China based OEM propose) for access, which allows users to access the camera through a network firewall with nothing other than a password. With this type of system, the only thing keeping a hacker out is the strength of the password used.

How to Protect Your IP Security Cameras

One of the most important things you can do to protect your IP security cameras is to know what you have and whether there are any known vulnerabilities. The CVE Security Vulnerabilities Database is a great place to start. This site tracks the vulnerabilities of all kinds of Internet of Things (IoT) devices and is searchable by the vendor (manufacturer), product and version, specific vulnerabilities and their severity. When checked regularly, this information can help you identify and address new issues with your IP security cameras so that you can address them more quickly.

A comprehensive set of cybersecurity best practices can go a long way to improving the security of your IP security cameras and your video surveillance system as a whole:

·        Contain and compartmentalize your internal networks. Creating separate networks for your video surveillance system and your information systems not only saves on bandwidth, but also minimizes risk should any part of your system be compromised.

·        If you are not already using a firewall, implement one as soon as possible.

·        Use a unique, long, and non-obvious password for each camera. This is critical if you are allowing access with a port forwarding system. If your system employs a VPN, however, having a single strong password for all cameras will suffice.

·        Change all passwords every 90 days at a minimum.

·        Enable two- or multi-factor authentication for your system, which requires the user to provide another piece(s) of information unique to the user, such as a code sent via text or phone, secret questions, etc. This is critically important if you are using a port forwarding system.

·        Develop and document cybersecurity guidelines and provide cybersecurity training to all employees who will have access to your video surveillance system.

·        Establish a cybersecurity incident response team so that you can swiftly and effectively respond to any breaches.

·        Stay on top of the operating system and software updates and apply them promptly when they come out.

·        If you use a cloud-based system, make sure you use a trusted provider.

·        Stay up-to-date with the latest cybersecurity standards.

 

Cybersecurity concerns are a long-standing issue for Hikvision, e.g., it was US government federally banned by the 2019 NDAA and the US government is planning to ban FCC authorizations for Hikvision, so this admission comes at a critical time for the company.

Researcher describes only access to the http(s) server port (typically 80/443) is needed. No username or password needed nor any actions need to be initiated by camera owner. It will not be detectable by any logging on the camera itself. This is the worst Hikvision vulnerability since Hikvision's backdoor was discovered in 2017 where Hikvision included a magic (ostensibly secret) string that allowed anyone with that string to perform admin operations, without having the device's admin credentials.

The attack can be executed via HTTP (port 80) or HTTPS (port 443). Once a camera has been compromised, the attacker can use it as a starting point to explore the rest of a victim’s network. Past attacks on connected cameras have also sought to enlist the devices into botnet armies capable of launching massive DDoS (distributed denial of service) attacks or spam campaigns.

This vulnerability is about as serious as they come, rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).

IPVM estimate 100+ million devices globally are impacted by this vulnerability making it, by far, the biggest vulnerability to ever hit video surveillance. The combination of its critical nature (9.8 / "zero-click unauthenticated remote code execution") and Hikvision's massive market size make this risk unprecedented.

For background, back in 2016, Hikvision said they manufactured "more than 55M cameras" and the annual output has grown substantially since. Hikvision has therefore shipped a few hundred million cameras and tens of millions of recorders during the time frame the vulnerability covers.

The end-users who buy these cameras are responsible for the data/video footage they generate. They are, in other words, the data custodians who process the data and are in control of the video footage, which is required to be kept private by law (under the GDPR). Secret access to video footage on these devices is impossible without the consent of the end-user.

Dahua is another in Ban list. Watch above video. https://youtu.be/MtkeaoS3jBc

Keeping Up with Cybersecurity Threats Can be Daunting

Hackers are relentless in their attacks and there is not a single industry today that is immune to them. Almost half of all cybercrimes are committed against small businesses, and it has been predicted that a business will fall victim to a ransomware attack every 14 seconds by 2019.

If you need help with your video surveillance system, SSA Integrate can help. Our security experts stay on top of the technology and all the best practices in cybersecurity so you don’t have to. We give importance of our customer data security.

If you are installing a new video surveillance system, we can help you select the right technology to meet your needs and ensure it is properly configured to provide the top level security you expect. We can also look at your current system to identify and eliminate any vulnerabilities and provide the monitoring and updates you need to keep your system secure. Whether you need five cameras or 500, SSA Integrate can help. Contact us today to learn more.

Ref:

https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/?sh=138e83062f31

https://ipvm.com/reports/hikvision-36260

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36260

https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html