PeteCress 0 Posted February 16, 2019 I am caving in to close family members' urging that we have cams monitoring stairwells and other places in the house where The Old People may fall. At first I was leaning towards stealth, since the wife is not going to be in love with the idea of Being On Candid Camera, but have moved away from that for various reasons. My favorite existing outdoor cams are 2.8 mm Hikvision turrets and, in spite of the size, am leaning towards using them indoors too. The Questions: - Is there any reason to consider dome cams? - Would I be wasting time trying to find a turret or dome cam without IR instead of simply turning IR off? - Is there any reason to explore brands other than Hikvision? Blue Iris. Share this post Link to post Share on other sites
Cortian 9 Posted February 16, 2019 If you're looking at stairwells, which tend to be long and narrow, I don't know as 2.8mm is what you want. The FoV you need will be very narrow. With a 2.8mm lens you may be wasting a lot of pixels on looking at walls. For relatively unobtrusive cameras perhaps you want to look into ones labelled as "mini-dome"s or "wedge"s. E.g.: For our family room I chose the Dahua IPC-HDBW4231F-AS 2MP Starlight Mini Dome with a 3.6mm lens. I chose that lens because the camera will be corner-mounted and it has an 87° horizontal FoV, which is about as close to perfect, for my application, as can be. The 6mm lens on that camera has a 51° FoV, which might do well for stairwells and hallways. The other way to go is a camera with a motorized, or otherwise adjustable, lens. Then you can optimize it in-place. Reasons to consider domes for inside use? Well, to me, they look less intimidating (Particularly the little Dahua mini-dome I have sitting here.) Why do you want either no IR or to turn it off? True, when somebody's going up/down the stairs they'll probably be lit. The key word there being "probably." No need to unnecessarily hobble yourself, IMO. There are many brands. I like Dahua. @tomcctv dislikes Hikvision with a passion , whereas my security professional relatives in Europe love Hik. There are others who won't used Chinese-made cameras on a bet. Share this post Link to post Share on other sites
tomcctv 190 Posted February 16, 2019 I don’t dislike hikvision .... I just don’t see the point in .. installing a recorder that a 3rd party can watch you .....hence the reason why a licences professional would and can’t install hikvision in any public space ... just like not used in USA or Australia and now Europe Share this post Link to post Share on other sites
Benson Chiang 0 Posted February 20, 2019 I'll say the housing doesn't really matter, just follow your heart. Nowadays most of the cameras have smart IR & IR cut filter, so it will adjust IR by itself. Even it is indoor use, you will still need IR to see clearly through the dark. Share this post Link to post Share on other sites
larry 2 Posted February 20, 2019 As far as appearance, indoors, i would pick a mini dome over a turret. Share this post Link to post Share on other sites
PeteCress 0 Posted February 20, 2019 On 2/16/2019 at 11:42 AM, tomcctv said: ... a recorder that a 3rd party can watch you ..... Is that to say that Hiks are somehow exposed to the WAN despite one's efforts at security? I set the ports on my cams to something different and set up a custom ID/PW on each cam. Share this post Link to post Share on other sites
larry 2 Posted February 20, 2019 To be fair, Dahua also had a backdoor discovered too: https://ipvm.com/reports/dahua-backdoor But since Hikvision is actually partially owned by the Chinese government, the company is justifiably more scrutinized and their backdoors are deemed to be more deliberate than mistakes. Share this post Link to post Share on other sites
tomcctv 190 Posted February 20, 2019 39 minutes ago, PeteCress said: Is that to say that Hiks are somehow exposed to the WAN despite one's efforts at security? Yes ... and like Larry has said dahua is also doing the same ..... but dahua did do a quick fix and now not only hikvision Swann (oem) has also now showing the same problems hikvision equipment and oem cant be used in most high security installs and those that have are being removed. Share this post Link to post Share on other sites
Sir Lenscelot 3 Posted February 20, 2019 If security is paramount, would you trust a cctv vendor to protect you. If it’s little old dears falling down stairs that you want to spy on then I say to China and anyone else, get on with it. If it’s truly high security then your protection should start and end at your network entry point. Nothing should leave your network without you knowing about it. Properly implemented firewalls are what should be protecting you. Or better yet just keep it off the net. Share this post Link to post Share on other sites
tomcctv 190 Posted February 20, 2019 35 minutes ago, Sir Lenscelot said: Properly implemented firewalls are what should be protecting you. Firewall will protect your inbound there not collecting data .... it’s sending it as soon as connected to internet 35 minutes ago, Sir Lenscelot said: If it’s little old dears falling down stairs that you want to spy on then I say to China and anyone else, get on with it. Ok ... can you post your systems ip and login information for us all to watch you and family..... and is it ok if we all record you and post on the internet Share this post Link to post Share on other sites
Sir Lenscelot 3 Posted February 21, 2019 15 hours ago, tomcctv said: Firewall will protect your inbound there not collecting data .... it’s sending it as soon as connected to internet Ok ... can you post your systems ip and login information for us all to watch you and family..... and is it ok if we all record you and post on the internet I think you will find a proper firewall will protect LAN to LAN, WAN to LAN and LAN to WAN. Both inbound and outbound. As i said if data is exiting your highly secure network then i suggest its your exit point you look at. Your lack of knowledge regarding this shows how dangerous it is to have CCTV installers configuring networks without the proper background in networking and network security. And your welcome to have my IP information and logins if i felt the need to install them, However it would do you no good as my network would be secure with a properly configured, good quality firewall. You know the kind that actually can be deemed a firewall which protects all directions. 1 Share this post Link to post Share on other sites
Cortian 9 Posted February 21, 2019 Sir Lenscelot has the right of it. Proper firewalling consists of both ingress and egress controls. The default policy on the most effective firewall is "That which is not explicitly allowed is denied." That is somewhat impractical, taken to its absolute, wrt egress filtering, but you can take measures to limit your exposure. E.g.: The only device on my LAN that's allowed to make outgoing connections on port 25 (SMTP) is the home LAN server. That way, even if a desktop, laptop or IoT thing does become compromised with a spam-generating Trojan, it isn't getting anywhere. For my cameras: I've put them all into a particular subnet and blocked that subnet for all outbound traffic. (Inbound connections are always default denied.) Soon I'll acquire a managed switch for our LAN's "backbone." I'll implement VLANs and one of those will be a VLAN for only IP cameras. The border router will prohibit connections from that VLAN. That way: Even if some camera comes with malware pre-loaded, malware that's smart enough to come up with its own legitimate IP address that's not blocked by the border router, it isn't getting anywhere. In fact: All IoT stuff is going on isolated VLANs like that. Not only will that stuff not be able to get to the Internet, but it won't be able to get to Other Stuff on the LAN to which is does not need access. The only reason I didn't already have a managed switch is, until recently, it hasn't been particularly necessary. Now, with all the IoT stuff, it is. 3 hours ago, Sir Lenscelot said: And your welcome to have my IP information and logins if i felt the need to install them, However it would do you no good as my network would be secure with a properly configured, good quality firewall. You know the kind that actually can be deemed a firewall which protects all directions. Indeed. Even I can't get directly to my IP cams from outside the LAN. Share this post Link to post Share on other sites
tomcctv 190 Posted February 21, 2019 yes This is why it’s banned in USA Canada Australia japan New Zealand soon Europe also oem of hik ...Swann now the same and taken from GDPR approval and a big court case starting and another manufacturer XMEye just made the headlines for the same thing ... hidden in there apps which is going to be another problem countie would not need to ban if it was as simple as firewall .... but even if was it’s also apps and China cloud services that’s another way out for data so yes the best thing is to stay away from hikvision But the bans are only on high security and commercial nothing for the domestic market ... home owners .... and home owners just relie on plug and play and routers supplied by there isp .... hence the reason lorex don’t have the USA or the Canadian ban it’s sold as domestic ... but still dahua owned dahua software Share this post Link to post Share on other sites
Cortian 9 Posted February 21, 2019 1 hour ago, tomcctv said: yes This is why it’s banned in USA .. That's a bit inaccurate. Hikvision (and Dahua I believe?) are banned for use by the U.S. government. (And, likely, by US Gov't contractors and others with sensitive US Gov't contracts.) They are not "banned in the USA." 1 hour ago, tomcctv said: countie would not need to ban if it was as simple as firewall .... Nobody's suggesting a firewall should be one's first line of defence. Egress filtering on a firewall's there in case other measures fail. E.g.: I would not buy and use Dahua cameras were I not relatively satisfied with Dahua's explanation of what happened and their assurances they've addressed it. My LAN and Internet border security measures are just in case they're misleading me, after all, or for potential future issues. That being said, and I meant to address this in my earlier comments, but forgot: The measures I've taken are well beyond the capabilities of the average (read: consumer) Internet user. What should really happen is Internet border routers should be configured for security stances similar to what I've described out-of-the-box. Problem with that is: Then a lot of plug-and-play IoT things would be difficult to get to play. It's the same reason MS-Windows was was so easy to compromise for so very long. If Microsoft had made it half as bullet-resistant as they should have: It in all probability would not have achieved the wide acceptance from non-techie end-users it did. So: Manufacturers are damned if they do and damned if they don't. On the gripping hand: Shunning Hikvision because the U.S. Government (or whomever) suggests they're a threat doesn't solve individuals' network security problems. Anything consumers (and, by "consumers," I mean all consumers--residential, business and government) install on their networks, particularly IoT devices, can be a threat. Share this post Link to post Share on other sites
tomcctv 190 Posted February 21, 2019 For a start I did say high security and commercial ... ok government 16 minutes ago, Cortian said: Anything consumers (and, by "consumers," I mean all consumers--residential, business and government) install on their networks, particularly IoT devices, can be a threat. Yes your right .... but when a company puts software onto there systems is different... it’s been put on there for a purpose which is not needed and should not be on there. But I’m not going to argue about it ... it is well documented the op asked a question and it was answered the problem with domestic is the cloud apps and it does not matter what security is on your network because the app cloud service has been aloud that is its failure point Share this post Link to post Share on other sites
Sir Lenscelot 3 Posted February 21, 2019 4 hours ago, Cortian said: On the gripping hand: Shunning Hikvision because the U.S. Government (or whomever) suggests they're a threat doesn't solve individuals' network security problems. Completely agree. So the basis for not using a product according to Tomcctv is that the USA don’t like them. This is a country than bans kinder surprise eggs but every man and his dog has a firearm. Please don’t make me laugh. A conspiracy theorist might say that there are very few cctv cameras made completely in house, let’s face it just about everything we use is made of parts manufactured overseas. Does that mean my ikettle is listening in. Or someone is making me a cup of tea without my knowledge. Who knows? It’s also in a countries best interest to discourage the use of these products for its own gain. Chinese companies especially hik are dominating the market and for good reason, The features for price point are undeniable. It’s understandable countries like the USA might be a little worried. Any manufacturer could be manipulated politically to introduce backdoors from one country to another. Why is one country more trustworthy than the other. One of the best cctv software systems I have seen is produced in Russia. This thing takes deep learning to the next level. Should we be frightened to use it? Unfortunately we live in a world where these systems are now required, with proper care and due diligence then the rewards far exceed the risks. I would like to steer the conversation back to the original question and say that, Personally I think internally I prefer domes as they look tidier and less obtrusive, I prefer a varifocal if your willing to pay a bit more as then you can set to suit when installing. As others have said just have IR then if needed it’s there, you won’t get a black image when someone turns the lights out. Use a manufacter your happy with. I’m sure your family’s worry is more about being there in case of emergency and not whether the Chinese have suddenly taken an interest in your decor. Share this post Link to post Share on other sites
tomcctv 190 Posted February 21, 2019 21 minutes ago, Sir Lenscelot said: Completely agree. So the basis for not using a product according to Tomcctv is that the USA don’t like them. What a stupid comment. Because the USA don’t like them ! There are far better recorders than hik. Listen read the reports BUT when you do I did not right them. 25 minutes ago, Sir Lenscelot said: This is a country than bans kinder surprise eggs but every man and his dog has a firearm. Please don’t make me laugh. I don’t know anything about that ... we’re talking cameras not kinder eggs 28 minutes ago, Sir Lenscelot said: I’m sure your family’s worry is more about being there in case of emergency and not whether the Chinese have suddenly taken an interest in your decor. So in reality....... even tho it may never be used as video evidence..... I can guarantee you 99% of people would not like to be watched in there home by strangers on there own cctv. Take last week 16.000 units of oem hik sent wrong customers footage to there apps ...... so if you logged onto your app to see your home but you got images of a gas station instead ...... just shows data is stored in China ........ if it does not bother you why argue Share this post Link to post Share on other sites
Sir Lenscelot 3 Posted February 22, 2019 50 minutes ago, tomcctv said: What a stupid comment. Because the USA don’t like them ! There are far better recorders than hik. Not my stupid comment but yours. When did I say hik was the best, I merely pointed out for the price point they offer one hell of a package. Do you just quote what you read, do you do any thinking for yourself? I assume like myself you live in the west, where everything you see hear or read is engineered for us, sold as independent but ultimately has some bias, whether that’s pride in your country or some other motivation, it’s the way of the world. You think if you lived in the east the story would be the same, I think not, it would be that the Americans are spying on us or whatever. How do you think an exploit is found, by people that want to find them. If somebody ultimately wants in then they will get in. Like any incident that involves cyber security it’s all about target value. Why do hik get news coverage because they are pushing so much product, it’s that simple. Backdoors don’t get found in your favourite products because nobody actually cares about them. Why breach the 10 you buy when you can breach 1000’s. I didn’t say that people shouldn’t care who’s watching them but what do you actually thinks going on, the Chinese have rooms full of people watching you take a nap. It’s all about target value. And as for the 16000 then they must have been installed by plug and play installers like yourself using manufacturers proprietary services and servers to relay images. Because correct setups by networking professionals, it would be impossible to mix up video streams from different sites. Share this post Link to post Share on other sites
tomcctv 190 Posted February 22, 2019 18 minutes ago, Sir Lenscelot said: Not my stupid comment but yours. Point out we’re I did that comment .... it’s in your post. 20 minutes ago, Sir Lenscelot said: And as for the 16000 then they must have been installed by plug and play installers like yourself You know nothing about me ..... so don’t start bringing personal comments to the forum and read that part of the post again. cloud apps ... nothing to do with plug and play ..... it’s allowing footage to a 3rd party server and people login to that server not there home system. 30 minutes ago, Sir Lenscelot said: Do you just quote what you read, do you do any thinking for yourself? Again keep personal comments off the forum ... and again you know nothing of me a question was asked on this thread and a answer was given and the reason why ..... hik dahua Swann units contain spyware..... that’s a fact and nothing you or me can do can change it. Share this post Link to post Share on other sites
larry 2 Posted February 22, 2019 Please, lets not get personal or off track. Share this post Link to post Share on other sites
Sir Lenscelot 3 Posted February 22, 2019 8 hours ago, tomcctv said: cloud apps ... nothing to do with plug and play ..... it’s allowing footage to a 3rd party server and people login to that server not there home system. I’m sorry but the use of cloud apps is the lazy way out. If your going to use this then your basically agreeing for someone to watch you. How can you secure a network that you have no control of. Like I said before, proper network security wil l reduce risks in any product not just the Chinese ones. Quote a question was asked on this thread and a answer was given and the reason why ..... hik dahua Swann units contain spyware..... that’s a fact and nothing you or me can do can change it. When do backdoors or exploits contribute as spyware?. There’s nothing to suggest anything more here than poor judgement by the manufacturers. In dahua’s case, the devices are so cheap that security was probably an afterthought. There is no definitive proof so your conclusion is merely conjecture. Most of the electronics you use is made overseas. Does that mean you stop using them, no. You take reasonable precautions. In this case network security. You said the USA imposed a ban which by the way was signed off by the man that wants to build 3145 km wall across the Mexican border. Microsoft software is exploited daily which is why I am told to constantly upgrade my computer. Does anybody stop using it?, Does the US ban that?, I think not. If Microsoft was Chinese and part owned by the Chinese government then maybe. Why not go one further and call windows update a backdoor. Microsoft have the opportunity to install anything they want on millions of devices. Does anybody question it. No because it’s a necessary evil. Yes hik may have dropped the ball making it so easy but is it in there best interests to destroy their market share. Surely if anything underhand with the Chinese government was going on it wouldn't it make more sense to reap the revenue and use it for more targeted purposes. Also why make it so obvious and easy to find, like any government they have the means to employ the very best engineers but they resorted to secret urls and password hashes that can be copied. Doesn’t make sense. My point is not always things are black and white, there are always angles to any news story. Share this post Link to post Share on other sites
tomcctv 190 Posted February 22, 2019 2 hours ago, Sir Lenscelot said: I’m sorry but the use of cloud apps is the lazy way out. If your going to use this then your basically agreeing for someone to watch you. How can you secure a network that you have no control of. That’s exactly what I said .... and posted about for over 5 years on here but unfortunately people think it’s a good thing along with p2p the app problem is new and this is were forums come in ..... giving information on what is happening in the industry alerting people who are doing homework on what to buy ..... homeowners don’t get warnings on eBay and the likes ......... it would not sell if they put and other can also watch your system ..... that don’t have your ip your login op asks a question it was answered there is no point making a argument about a fact. People need to know about the apps because that’s what is embedded in there recorder it’s easy to do a QR swip and in other cases can only use that app...... so again the forum is giving good information 99% of people just want reliable cctv and not all the spy software and the politics that goes with some of the systems one the market today cctv has become a home or business intrusion for a 3rd party and it is best to stay away from those systems Share this post Link to post Share on other sites
Sir Lenscelot 3 Posted February 22, 2019 12 hours ago, Sir Lenscelot said: Personally I think internally I prefer domes as they look tidier and less obtrusive, I prefer a varifocal if your willing to pay a bit more as then you can set to suit when installing. As others have said just have IR then if needed it’s there, you won’t get a black image when someone turns the lights out. Use a manufacturer your happy with. I’m sure your family’s worry is more about being there in case of emergency and not whether the Chinese have suddenly taken an interest in your decor. Well answer the question then, i did, you used the post to focus on security vulnerabilities inherent to all internet connected devices. not limited to Chinese manufacturers. Pete wants the best solution to give his family piece of mind without being cost prohibitive. Why not actually answer his question and suggest some alternatives and the reason why?, include recent events in security if you must but do it in a comparison with an alternative product, not just saying all chinese CCTV is bad. You can pretty much find flaws in any device. That's why firmware updates exist. We can't pretend that everybody has got money to throw at network security or CCTV so if they must use Hik, dahua or whoever why not just give some simple tips like. Never use the default password, use a secure password with a combination of uppercase, lowercase, symbols, numbers and of a decent length Keep all devices regularly updated with the latest firmware and bug fixes. Employ a reputable company that consists of people trained in network security, IT companies are usually better for this. Disable P2P, uPNP, anonymous login, hikconnect and anything else that might communicate with the outside world. Also Disable upnp on your home router. Make sure you have the built in firewall in your router enabled and correctly configured. If possible lock down access to only access from specific ip addresses, Even better utilise an encrypted vpn connection for indirect access with a firewall with vpn specific traffic management. Only open access to the recorder and not every camera individually, then your limiting exposure. If you don't absolutely need remote access don't expose yourself to the internet in the first place. We can all sit here and quote some really expensive alternatives but then pete might not bother at all, then god forbid he or his wife falls, at which point it becomes less important that the chinese might have been watching. Share this post Link to post Share on other sites
51cent 8 Posted February 22, 2019 Quote this is a country than bans kinder surprise eggs but every man and his dog has a firearm. And please, no political statements, lets keep it about cameras. Share this post Link to post Share on other sites
larry 2 Posted February 22, 2019 I think we'll end this topic here. Share this post Link to post Share on other sites