Discussion came up in the grow house journal of @Hyena Merica, so I thought I would take the side-track over here and not further distract from his excellent journal.
Quick back history of the continuing discussion: Whether or not having cameras monitoring your grow, that you can view online, is a security risk or not. Some would be nervous and not want to do it, I've suggested that it's possible under the right security precautions. Specifically, only allowing the cameras to be viewed over the local network, setting up a VPN into the local network, and then only allowing access to the internal network for authorized devices.
In the long run, maybe. Obviously can't get hacked if there isn't anything there to hack into in the first place. Me personally, I'm comfortable enough to set something up that's going to keep all but the most determined out. Of course at that point being a target becomes less feasible as the effort far outweighs the reward.
I do think it is possible to set up a stealthy, secure, remote viewing of the grow. It wouldn't be for the faint of heart, and would take some good tech skills, but properly set up would be secure enough that it wouldn't be worth any script-kiddies time to try and break in.
First and foremost, anyone from the outside network (aka: internet) would not be aware that the cameras are even there. So they wouldn't know what cameras to hack to begin with.
The overall concept (big picture) is something like this:
internet -> VPN -> Internal Network Device Authentication -> Camera Viewing
With a properly setup VPN (with stupid long passwords and secret, the kind you can't remember), that's the biggest battle right there. If the username is also something along the same line, even better.
If the VPN is set up to only allow access from specific IP addresses, that makes it even tighter. Of course that assumes you only check from a location(s) with dedicated IP's. (Note that the network being logged into also needs a static IP, although there are ways around that if need be. Typically anymore, with good broadband access, IP's don't change nearly as frequently as they used to.)
Once logged into the VPN, the router further scrutinizes the device accessing the network. If it's not an authorized device, it can't access any network resources (or see them.)
Then of course you have the camera software itself, and its login/authentication as well.
Now obviously if something is connected to the internet, there is always a chance. Proper network security really, really lessens that chance significantly. Why? Because most of the "attacks" are from script kiddies that are looking for an easy target to hit. They find a little port scanner, looking for something vulnerable. A proper network setup thwarts that. No ping response, nothing visible from the outside; move along, nothing to see here.
Whether or not the time invested in that is worth it to someone, that's another matter. Someone not comfortable with setting up a router, firewall, VPN, etc should probably not attempt it. However it can, and does, work.
What are some benefits of having a remote monitoring setup like that?
First, and most obvious, is checking on your plants. Are they still there? Did something happen?
Next, with the right camera or combination of cameras, if you have a constant monitoring device for temp/ph/humidity/res level/etc then you could see that at any time and check your parameters.
Next would be having additional cameras outside of the garden for additional security.
The types of cameras we're talking about have the ability to record to a local DVR, and either be on-demand only or motion triggered. The ones inside the garden would be on-demand, outside would be motion triggered.
These aren't your $100 nest cams that run over wifi. We're talking about much better, more secure systems.
Of course you're not going to go running to johnny law if someone breaks into your grow (unless you're a fully licensed, legal business and then that's different, even if your grow is legal), but maybe it's someone you recognize and then, well... oops.
So, what other nifty security ideas do others have?
Me, I have a brute force magnetic lock with access control to the part of the house where my (legal) garden is located. Why? Meh, something different than just a lock or whatever. It's a gadget, and I like toys. I did of course take precautions in case of an issue with it, and can disable it with a switch that is hidden in another part of the house.
From the outside, just walking by, it looks like a normal interior door. I hid the keypad in the closet next to it, in what looks like a breaker box. Not that it overly matters, but I wouldn't want a nosy guest wandering around and wondering what was up with that.
At some point I would like to build a purely dedicated room for an indoor garden. Set up filtration, ventilation, water supply and drainage, etc. Then not worry about messing with a tent. With the right space I could modularize it to be able to have separate veg/flower spots. But that's for another time, and another house in a few years.
Of course the biggest security is keeping your mouth shut.
Quick back history of the continuing discussion: Whether or not having cameras monitoring your grow, that you can view online, is a security risk or not. Some would be nervous and not want to do it, I've suggested that it's possible under the right security precautions. Specifically, only allowing the cameras to be viewed over the local network, setting up a VPN into the local network, and then only allowing access to the internal network for authorized devices.
As appealing as having video access to your grow site, thats just a scary thought to me....even in a legal state. I think you are making the right decision in not putting cameras up.
In the long run, maybe. Obviously can't get hacked if there isn't anything there to hack into in the first place. Me personally, I'm comfortable enough to set something up that's going to keep all but the most determined out. Of course at that point being a target becomes less feasible as the effort far outweighs the reward.
I do think it is possible to set up a stealthy, secure, remote viewing of the grow. It wouldn't be for the faint of heart, and would take some good tech skills, but properly set up would be secure enough that it wouldn't be worth any script-kiddies time to try and break in.
First and foremost, anyone from the outside network (aka: internet) would not be aware that the cameras are even there. So they wouldn't know what cameras to hack to begin with.
The overall concept (big picture) is something like this:
internet -> VPN -> Internal Network Device Authentication -> Camera Viewing
With a properly setup VPN (with stupid long passwords and secret, the kind you can't remember), that's the biggest battle right there. If the username is also something along the same line, even better.
If the VPN is set up to only allow access from specific IP addresses, that makes it even tighter. Of course that assumes you only check from a location(s) with dedicated IP's. (Note that the network being logged into also needs a static IP, although there are ways around that if need be. Typically anymore, with good broadband access, IP's don't change nearly as frequently as they used to.)
Once logged into the VPN, the router further scrutinizes the device accessing the network. If it's not an authorized device, it can't access any network resources (or see them.)
Then of course you have the camera software itself, and its login/authentication as well.
Now obviously if something is connected to the internet, there is always a chance. Proper network security really, really lessens that chance significantly. Why? Because most of the "attacks" are from script kiddies that are looking for an easy target to hit. They find a little port scanner, looking for something vulnerable. A proper network setup thwarts that. No ping response, nothing visible from the outside; move along, nothing to see here.
Whether or not the time invested in that is worth it to someone, that's another matter. Someone not comfortable with setting up a router, firewall, VPN, etc should probably not attempt it. However it can, and does, work.
What are some benefits of having a remote monitoring setup like that?
First, and most obvious, is checking on your plants. Are they still there? Did something happen?
Next, with the right camera or combination of cameras, if you have a constant monitoring device for temp/ph/humidity/res level/etc then you could see that at any time and check your parameters.
Next would be having additional cameras outside of the garden for additional security.
The types of cameras we're talking about have the ability to record to a local DVR, and either be on-demand only or motion triggered. The ones inside the garden would be on-demand, outside would be motion triggered.
These aren't your $100 nest cams that run over wifi. We're talking about much better, more secure systems.
Of course you're not going to go running to johnny law if someone breaks into your grow (unless you're a fully licensed, legal business and then that's different, even if your grow is legal), but maybe it's someone you recognize and then, well... oops.
So, what other nifty security ideas do others have?
Me, I have a brute force magnetic lock with access control to the part of the house where my (legal) garden is located. Why? Meh, something different than just a lock or whatever. It's a gadget, and I like toys. I did of course take precautions in case of an issue with it, and can disable it with a switch that is hidden in another part of the house.
From the outside, just walking by, it looks like a normal interior door. I hid the keypad in the closet next to it, in what looks like a breaker box. Not that it overly matters, but I wouldn't want a nosy guest wandering around and wondering what was up with that.
At some point I would like to build a purely dedicated room for an indoor garden. Set up filtration, ventilation, water supply and drainage, etc. Then not worry about messing with a tent. With the right space I could modularize it to be able to have separate veg/flower spots. But that's for another time, and another house in a few years.
Of course the biggest security is keeping your mouth shut.