What are the security risks (from being hacked)?
Posted on 2008-10-17
We just got this camera. It takes snapshots ever few seconds, and has uclinux embedded.
The documentation in numerous places strongly recommends using FTP (or numerous other methods) to get the files off of the camera's embedded linux server, to your own server(s) and eventually your enterprise web server.
We are a primarily windows shop, but we are (paradoxically) very security conscious for regulatory reasons. Even though the vendor provides a nice java applet to serve up the images after you get them to your server, and they also provide documentation on how to FTP or otherwise get the images, there is talk of just using the "guest" account and allowing visitors to access the camera directly, I think mainly because that would be easier, but also because people here don't like FTP, and the SMTP (method 2) and Linux scriptiing (method 3) routes to getting the files over to our windows IIS web server are too complicated for us.
So, it's FTP or else let visitors access the camera embedded server directly.
I think this server has very low memory capability (no idea performance handling capability really), so I'm personally worried about letting visitors get to it directly.
In addition, the native HTML page on the embedded server is ugly and clashes big-time with our CSS for our main website.
It may be that the only way that this is going to happen the "best and correct" way, is if there is a significant security risk to allowing visitors to access the camera directly (aka., the little HTML page with the view window and the config link that requests your password for admin).
So what are the security risks? If I am using the Firebug pluggin in FF3, can I determine what type of authentication this is using? (I can tell you it's not HTTPS, and I'm worried it might be simple clear text basic auth?).