On 02/07/2018 10:26 AM, Rick Stevens wrote: > On 02/06/2018 02:56 PM, Bob Goodwin wrote: >> I bought twoptz cameras which can be viewed and controlled with the >> family iPhonesand of course they would like to use the "Armcrest" >> cloud/server in order to view them while away during the day. The >> cameras would connect to my LAN and via my router to the Viasat modem. I >> have always tried to avoid such connections to my system and doing this >> is worrisome. > > This is typically how most things such as SimplySafe and most home > automation systems). It's essentially a TURN system to utilize the > restricted cone NAT on your firewall. The cameras report out to the > Armcrest server. This opens an outgoing pipe through your firewall > which permits Armcrest to come back through your firewall to connect > to the cameras. The app connects to Armcrest and uses the information > there to get back to your cameras. This is essentially the "RELATED, > ESTABLISHED" conditions you may be familiar with in iptables. > > In home automation, the cone NAT connection is generally only between > the automation hub and the cloud service, with the hub doing the heavy > lifting of talking to the automation devices (the individual devices do > NOT talk to the cloud--just the hub). > > Is it dangerous? Well, anything that permits incoming data through your > firewall can be bad, but this is generally restricted to just allowing > Armcrest through your firewall in a bidirectional mode. It doesn't poke > other holes and the TURN/cone mechanism only allows incoming data from > the Armcrest server. So it's something to watch, but I wouldn't panic. I should have added that your firewall on your router is NOT a replacement for having firewalls on your individual computers. I have home automation along with a number of cameras. I don't use the cloud to handle my cameras (Foscams) although I could. I use ZoneMinder on one of my systems and it controls the cameras. I have firewalls on all of my systems as well as the router's firewall. Thus, even if the router is compromised, my systems are still safe due to their own firewalls. Belts and suspenders, you know. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Blessed be the peacekeepers, for they shall be shot at from - - both sides. - - -- A.M. Greeley - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
