Re: webcam html and ftp servers: restricting access
* Andrew Sackville-West <firstname.lastname@example.org> [071001 23:00]:
> On Mon, Oct 01, 2007 at 07:30:06PM -0500, Russell L. Harris wrote:
>> * Andrew Sackville-West <email@example.com> [071001 17:42]:
>>> On Mon, Oct 01, 2007 at 03:58:26PM -0500, Russell L. Harris wrote:
>>>> I am planning to run a remote machine (running Debian "testing") with
>>>> a webcam for monitoring a remote location.
> I beg to differ as motion is pretty darn simple to setup and
Thanks, Andrew. This is the type of dialogue I need. I'll take
another look at motion.
> What specifically are you trying to do with ftp? If you want to be
> able to login remotely and pull images from the remote camera box,
> then certainly, sftp (or any number of other things) would work.
> If you set up pubkey authentication, then you're pretty secure at
> the remote end and there is nothing in the remote end that allows
> access to the local end.
I had not given much thought to this approach; but I could implement
it inexpensively with the aid of a dynamic dns service. It would be
much like fetching mail from a pop server.
> If you're trying to *push* images from the remote end to local,
> that's a different story. Pushing means you've got to run your
> authentication the other way and expose your local end to compromise
> from a compromised remote end.
That is the approach I had in mind, and that is why I was concerned.
But if the local machine goes out of service, there is no monitoring.
So the first approach would be better.
> So, maybe you could lay out exactly what you want to have happen,
Initially, all I need is the ability to glance at the remote site now
and then, using a single webcam, in order to satisfy myself that all
is well. It would be dandy to be able to listen in, also, using the
microphone on the webcam. I was not attempting to provide
comprehensive security monitoring.
It would be nice if I could check on the remote site from a machine of
a relative or friend. But they all run Window$, so that necessitates
that I implement a web server, either at the remote site or else at my
home. If the web server is at home, then the home machine is exposed
to attack (as well as to frequent lightning storms).
The issue with the remote system is not so much security as it is
keeping the system up and running despite hackers. I cannot afford
to reinstall the system every week. So I plan to use an external
firewall to protect the remote machine.
> also, if you are just tying to grab remote images every so often, and
> you have a web interface setup, you could just script wget to scrape
> the page every so often and save it locally.
Again, like automatically fetching the mail.