Just ran across this topic and started doing my own searching.
I feel I've secured my system pretty good, before and after coming across this. Here's how I did it using Blue Iris Security & Windows Firewall. (I know boo, but it's better than nothing)
First, never allow unauthorized connections! Make a username, make it strong
(ie not admin, not administrator, not user, not guest, not test, etc)
Second, make a password, make it strong. Intel has a password checker.
Third, using windows firewall, only allow ip addresses that you trust to see that you have an open port. For example I know AT&T Cellular in my area will always give my iphone an ip address that starts with 166.x.x.x, so I only allow ip addresses that start with 166 in. That's it, no body else can even see I have a web server. This is what they call white listing and should be done if you want your cameras or other web services safe. Don't believe me? Look at your connections tab under status. You'll see a bunch of China, Russia, Japan, & Korea web addresses looking at your system
You can do this in XP/Server 2003 by:
Go to Control Panel -> Windows Firewall -> Exceptions tab -> Select Blue Iris -> Click Edit -> Click Change Scope -> Select Custom List -> Type in your ip range 220.127.116.11/255.0.0.0 (unless you know the specific ip range your provider has). Separate multiple external networks with commas.
Windows 7 is a little different
Start -> Type "Windows Firewall with Advanced Security" -> Choose Inbound Rules -> Double Click Blue Iris -> Scope tab. Under remote IP address choose "These IP Addresses:" and click Add. Add your remote devices IP address & subnet in. Keep adding until you get every remote connection you want to view from added.
To secure your cameras, simply don't forward their ports to the outside world or buy/make a stand alone firewall that. I suppose some nicer routers may allow you to do this as well.
If anyone else has more and/or better suggestions on how to lock down your system I am all ears. This has worked well for me thus far.
The best way I know of to notify some of these people is to contact their ISP and let them pass the word along.