How I hopefully secured a webcam to spy on my turtles. by Ben from 26 Oct 2016

I have 5 Red Eared Slider turtles or “RES” that I keep as pets. I like them a lot, and I have spent a good amount of time and money caring for them. They actually require quite a bit of things to care for them properly. After having spent all this energy and effort caring for them it kinda sucks to not be able to see them all the time. So I setup a webcam. However, I am security minded so I wanted to setup a cam in a secure way. I don't want to contribute to current global crisis of webcam botnets destroying the internet. And I also would like to obscure my home IP as well so that hordes of the internet are one step removed from me.

Let’s first walk through the gear I used first. Then we can dive into how all the various things are configured. And lastly we can discuss some of the steps I have taken to secure this entire setup. The gear list is as follows.

The Raspberry Pi is hooked up in my garage on the shelf were I put all the other electrical things required to operate a turtle tank. The camera and WiFi dongle are both USB. I hard-coded the IP of the Raspberry Pi on my home network. The Raspberry Pi itself has the newest Raspbian on it with the new Pixel gui. On the Pi I also installed a webcam server application called Motion. The Digital Ocean droplet has Ubuntu Server with a LAMP stack on it, it is my webserver. The webserver that you are reading this on right now in fact.

So to secure things a bit more, I initially switched my webserver to use SSH keys instead of a password for initial login. I then set the password for running commands to be long passphrase with capitals and characters in it. I keep the SSH keys on a USB drive and only use them when I need to login to something. After updating everything I then did the same with the Raspberry Pi. Now both can only be logged into with my SSH key. Speaking of SSH I use remote SSH port forwarding to forward the webcam server port on the Raspberry Pi to the webserver via an SSH tunnel. The webserver in effect is acting a proxy for my webcam. The biggest benefit is that it hides the back-end location of my webcam, IE my home IP. So if you look at the source of the turtle cam page the IP of the webcam image will be that of the webserver. Another great benefit is that none of this requires opening ports on my local router. Obscuring my location and keeping my attack surface minimized FTW! If you can think of a better way to do this or think this way is insecure please please contact me and let me know.