Hey everyone, I’m installing a small 3-camera POE system for my parents, and it’s my first time working with wired cameras. The setup includes 2 Reolink 12MP cameras, 1 Duo2 camera, and a Reolink NVR. I’m planning to connect everything through a Netgear POE switch and put them on a separate VLAN for better security.
Does this sound like a good way to keep the system secure? Also, I want to make sure the cameras are safe for remote viewing through the app. Any advice on tightening security?
Setting up a VLAN for your cameras is a smart move. Keeping IoT devices isolated from the main network helps prevent data leaks. Some devices, though, still manage to communicate across networks, so you might want to check for any unexpected traffic.
Reolink cameras connect through their own servers, which makes remote access easy but could be a security risk. If you’re concerned about data leaving your network, you might want to block internet access for the cameras and only allow it for the NVR. If your NVR has a web interface, you could use port forwarding instead of the app, as long as the interface is secure. Make sure to only open the ports that are absolutely necessary for remote access.
@Washington
That makes a lot of sense. I’m still learning about networking, so do you have any recommendations on where I can learn more about opening ports securely? I understand VLAN basics, but I’m not too familiar with firewall rules and port management.
One thing you can do is set up a VPN for remote access instead of relying on the Reolink app. That way, you can access the cameras securely without exposing them to the internet.
You might also want to disable UPnP on your router if it’s enabled. Some devices automatically open ports without you realizing it, which could be a security risk.
If you’re worried about Reolink connecting to outside servers, you can block the cameras from reaching the internet entirely while still allowing local access. Just make sure the NVR has the connections it needs for remote access.
Good practice would be to use strong, unique passwords for each device and disable any default accounts if possible. Also, keep the firmware updated to patch any security flaws.