Setup Guides

Camera Setup Guides

Step-by-step instructions for securely installing and configuring security cameras. Protect your property without compromising your privacy.

Setup Guide Sections

Before You Buy

Selection criteria and verification checklist

Initial Setup

First-time configuration and hardening

Network Security

VLAN isolation and firewall rules

Ongoing Maintenance

Updates, monitoring, and auditing

Before You Buy: Selection Checklist

Before purchasing any security camera, verify these critical criteria to ensure you're not buying a device that could compromise your privacy.

Pre-Purchase Verification

Verify manufacturer country of originRequired

Check actual manufacturing locationRequired

Confirm not on FCC Covered Equipment ListRequired

Confirm not on Commerce Entity ListRequired

Verify data storage/processing location

Check CVE history for past vulnerabilities

Confirm security update policy (minimum 3 years)

Verify can operate without cloud services

Check Government Lists

Verify the camera is not on the FCC Covered Equipment List (fcc.gov/supplychain/coveredlist) or the Commerce Entity List (bis.doc.gov). Products from Hikvision, Dahua, and other banned manufacturers pose significant security risks.

Essential Security Features

When evaluating cameras, look for these security features to ensure your system can be properly hardened.

Authentication & Access

HTTPS/TLS

Encrypts video streams

Look for: TLS 1.2 or 1.3

802.1X

Network access control

Look for: Enterprise

Digest Auth

Password protection

Look for: Basic auth insecure

RBAC

Role-based access

Look for: Multiple levels

Certificate Management

Digital identity

Look for: Signed certs

Network Security

VLAN Support

Network segmentation

Look for: Tagged VLAN

Built-in Firewall

Block traffic

Look for: IP filtering

Port Filtering

Limit services

Look for: Disable unused

VPN Support

Secure remote access

Look for: IPsec/OpenVPN

No P2P Required

Avoid cloud dependency

Look for: Local option

Data Protection

Local Storage

On-device recording

Look for: SD card slot

Encrypted Storage

Protect recordings

Look for: AES-256

Secure Boot

Prevent tampering

Look for: Signed firmware

Audit Logging

Track access

Look for: Detailed logs

Privacy Masking

Limit areas

Look for: Configurable

Initial Setup Checklists

After installation, complete these configuration steps to secure your camera.

Immediate Actions

Change default username and password

Create unique strong password (16+ characters)

Enable HTTPS and disable HTTP

Update firmware to latest version

Disable unused services (Telnet, FTP, SNMP v1/v2)

Disable P2P/cloud features if not needed

Network Config

Assign static IP address

Place camera on isolated VLAN

Configure firewall rules to limit access

Enable 802.1X if available

Block outbound internet access if possible

Recording Config

Set motion detection sensitivity appropriately

Configure retention period

Enable tamper detection alerts

Set up backup recording location

Test alert notifications

Network Isolation Setup

Placing cameras on an isolated network segment prevents compromised cameras from accessing your other devices or leaking data.

Recommended Network Layout

Internet
    │
    ▼
[Router/Firewall]
    │
    ├─── Main Network (192.168.1.0/24)
    │    └── Office computers, family devices
    │
    ├─── IoT/Camera Network (192.168.2.0/24) ← ISOLATED
    │    └── Cameras, sensors, smart devices
    │
    └─── Guest Network (192.168.3.0/24) ← ISOLATED
         └── Visitors, contractors

Why Isolation Matters

Containment

If a camera is compromised, attackers can't access your main network

Visibility

Easier to monitor camera traffic for suspicious activity

Control

Block camera internet access entirely to prevent data exfiltration

Firewall Rules for Cameras

# Example firewall rules for camera VLAN (192.168.2.0/24)

# Allow NVR to access cameras for recording
ALLOW from 192.168.1.50 (NVR) to 192.168.2.0/24 ports 80,443,554

# Allow viewing from main network (optional)
ALLOW from 192.168.1.0/24 to 192.168.2.0/24 port 554 (RTSP)

# Block ALL internet access from cameras
DENY from 192.168.2.0/24 to 0.0.0.0/0

# Block cameras from accessing main network
DENY from 192.168.2.0/24 to 192.168.1.0/24

These rules prevent cameras from phoning home to Chinese servers while still allowing local recording and viewing.

Outdoor Camera Specifications

For farm and ranch environments, cameras need to withstand harsh weather, temperature extremes, and potential tampering.

Physical Specifications

Specification	Minimum	Recommended
Ingress Protection	IP66	IP67
Impact Rating	IK08	IK10
Operating Temp	-20°C to 50°C	-40°C to 60°C
Corrosion Resistance	Standard	NEMA 4X

Image Specifications by Use Case

Use Case	Resolution	IR Range
General Monitoring	2MP (1080p)	30m
Detail Capture	4MP+	30m
License Plates	2MP+	50m+
Night Vision	Any	50m+ adaptive

NVR & Storage Setup

A Network Video Recorder (NVR) or NAS-based recording system stores your footage locally, keeping it out of the cloud.

Recommended NVR Options

Synology Surveillance Station

Recommended

Runs on Synology NAS devices. Excellent security, regular updates, full local control. Works with ONVIF cameras.

$300-800 (NAS) + drives

Blue Iris (Windows)

Powerful software NVR for Windows PCs. One-time license, full local control. Requires dedicated PC.

$70 license + hardware

Axis Camera Station

Professional VMS from Axis. Best with Axis cameras. Enterprise features with local control.

$300+ per camera license

Storage Security Checklist

Encryption

• Enable full volume encryption (AES-256)
• Use strong encryption password
• Store password securely (not on a sticky note!)

Access Control

• Create individual user accounts
• Enable two-factor authentication
• Limit admin access to necessary users

Backup

• Use RAID 1 minimum for redundancy
• Configure encrypted off-site backup
• Test restore process quarterly

Recommended Drives

• WD Purple (designed for surveillance)
• Seagate SkyHawk (continuous write)
• Avoid desktop drives for 24/7 recording

Ongoing Maintenance

Security is not a one-time setup. Regular maintenance keeps your camera system secure against new vulnerabilities.

Weekly

• Verify cameras are recording properly
• Check for motion alerts working
• Review any triggered recordings
• Check storage capacity

Monthly

• Check for firmware updates
• Review access logs for anomalies
• Test backup/restore process
• Clean camera lenses (physical)

Quarterly

• Full security audit of settings
• Review user accounts and permissions
• Update passwords if needed
• Check CVE database for new vulnerabilities

Download Printable Checklists

Get PDF versions of these checklists to use during installation and for ongoing maintenance schedules.

Related Guides

Safe Camera Alternatives

NDAA-compliant cameras from trusted manufacturers

View Recommendations

Brands to Avoid

Complete list of camera brands with security concerns

View List

Security Audit Tool

Get personalized recommendations for your setup

Start Audit

Internet │ ▼ [Router/Firewall] │ ├─── Main Network (192.168.1.0/24) │ └── Office computers, family devices │ ├─── IoT/Camera Network (192.168.2.0/24) ← ISOLATED │ └── Cameras, sensors, smart devices │ └─── Guest Network (192.168.3.0/24) ← ISOLATED └── Visitors, contractors

# Example firewall rules for camera VLAN (192.168.2.0/24) # Allow NVR to access cameras for recording ALLOW from 192.168.1.50 (NVR) to 192.168.2.0/24 ports 80,443,554 # Allow viewing from main network (optional) ALLOW from 192.168.1.0/24 to 192.168.2.0/24 port 554 (RTSP) # Block ALL internet access from cameras DENY from 192.168.2.0/24 to 0.0.0.0/0 # Block cameras from accessing main network DENY from 192.168.2.0/24 to 192.168.1.0/24

Specification

Minimum

Recommended

Ingress Protection

IP66

IP67

Impact Rating

IK08

IK10

Operating Temp

-20°C to 50°C

-40°C to 60°C

Corrosion Resistance

Standard

NEMA 4X

Use Case

Resolution

IR Range

General Monitoring

2MP (1080p)

30m

Detail Capture

4MP+

30m

License Plates

2MP+

50m+

Night Vision

Any

50m+ adaptive