Slashdot Mirror
A DVR Security System That Isn't Based on Windows?
Brady J. Frey asks: "For months, I've had a client that has been looking for a Linux or Mac alternative for their DVR Security systems. They are a large Real Estate company with 200+ cameras world wide, and their Pelco PC DVR's are hubs for viruses. These systems cannot run anti-virus software at the same time they record -- but require internet inbound/outbound traffic through specific ports that leave some nice holes in the firewall for viruses to find their way in as needed. Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations. Therefore we are looking for alternatives. Any suggestions?"
"We've tried looking at Ben's Security Spy for Mac, and running a Quicktime server, but it was not industrial enough for us and the developer has been elusive. We're looking at Endura by Pelco, but there's some questions unanswered for it.
What I want is a high end, professional DVR system for a large business that does not run Windows. Budget isn't really an issue at this point, since we are just looking for options.
To note, I'm hearing I could possibly do IP cameras, and host any ol' web server I want to download those files, but I have no clue as to how to control the cameras, or if this is really a possibility. Any advice or information is appreciated. If you are an expert in this industry, we may have a need for your services and would welcome that too!"
What I want is a high end, professional DVR system for a large business that does not run Windows. Budget isn't really an issue at this point, since we are just looking for options.
To note, I'm hearing I could possibly do IP cameras, and host any ol' web server I want to download those files, but I have no clue as to how to control the cameras, or if this is really a possibility. Any advice or information is appreciated. If you are an expert in this industry, we may have a need for your services and would welcome that too!"
Isn't the camera traffic limited to known IP addresses/MAC addresses? Just lock it down to only accept traffic from those...
This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
Sad to say, SecuritySpy isn't even close to "industrial". They won't even support one of the newer D-Link cameras, the 6620G.
I have two D-Link 6620G cameras and have been looking for *any* solution, industrial or not, that would let me access my cameras via my Mac.
I am by no means an industry expert, I can tell you that the IP Camera solution is indeed viable. Several of them out there -- check out:
http://www.ipcamerademos.com/
and
http://www.ipcameraforums.com/
Also -- most of the IP cameras have their own software, access (and control) via a webserver built into the camera, or a client utility that allows multiple views (at least the D-link does, and I was led to believe that both Toshiba and Panasonic do as well).
There are some serious industrial IP cameras out there. Check out AXIS and I think Panasonic has some heavy-duty cameras as well.
Don't the applications hosting those ports have no protection?
Last time I heard about a protocol problem it was the application and not the OS that was at fault.
liqbase
I'm sort of the one man IT department for a small nonprofit that is dependent on technology for tons of different things. Recently, we've begun looking into security for our office (I'll spare you the grisly details.) A traditional CCTV system is completely out of the question. A network camera like the Axis 207 ($300 range) is doable in the hardware sense, but they want an additional $600 for DVR software. I have a spare box I could toss Linux on if there were a good F/OSS solution out there.
:)
In short: it's not just the big boys that are looking for these things!
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
mythtv?
Our company, while seemingly not nearly as large as yours, has several MythTV boxes doing exactly what you described.
Um, viruses don't just sneak in through open ports. Worms and trojans sneak in through exploits in programs running on those ports. Which exact ports are open? Look, I'm as big a linux zealot as the next guy, but this sounds like a scam. "See the, uhm, viruses are sneaking in through the, uhm, open ports in your windows. You need me to install all new Linux based stuff. See, linux doesn't have ports or windows, so the viruses can't sneak in!"
Really, wouldn't it be better to stick with a known system and, you know, do your job as a sysadmin by fixing any security holes?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I don't know if they have a turn-key solution for you, but Axis Communications has some of the best cameras I've seen. They are linux based and very easy to write glue code for between systems (very open API's and development models). In general they are high quality cameras I would stake my job against.
If an officer ever threatens to taze you, say you have a pacemaker.
Budget isn't an issue but something perhaps as simple as a monowall setup infront of it is prohibitive? What about a VPN, or a good old fashioned white list. Surely, they don't need to accept connections from any ip address?
Can't you toss the PVRs on DMZs off your existing firewalls?
and the equipment outlay for new Linux boxes with supported PVR security software, if they do exist, is probably more per unit than the cost of little PIXs, if you couldn't set up DMZs for some reason.
Have a look at this article. It describes how to use the motion program (home page).
As long as they make a backup copy, I'm fine with it.
For the Mac there's SecuritySpy, and for Linux there's Zone Minder. I haven't used ZoneMinder - I can say that I've used SecuritySpy and it's a very nice solution. Not sure how well it would work out with 200 cameras though - but it can accept multiple inputs per machine so it might be worth looking into.
are the DVR's capable of being configured to connect to a VPN?
if not is there any way to filter based on IP address or reverse DNS?
Snowden and Manning are heroes.
Apple is having a big media event to launch new products tomorrow. It's pretty much a given they'll be releasing the Intel Mini, and there's some strong speculation it will include a DVR and TiVo-killer software.
hey, this is slashdot; what answer were you expecting?
Opening a port for the video network traffic shouldn't open you up to viruses, even on Windows. If these machines are 'virus hubs' then they are certainly being used for other purposes. First, restrict access to the servers so that they are only used for their intended purpose of capturing video, and not, say, surfing the web. If you are really concerned, you should run the capture process under a non-administrator account, so that even if the application consuming and generating network traffic is insecure, it cannot own the system.
"Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations. "
You need to tie value to a firewall / router / vpn ( or all of the above even) so that you have a solution not just a band-aid. You can find a DVR that isn't windows-based, but it doesn't get you out of the mess you have in design.
I assume the cameras are used for security ? so it is not just worms that you need to protect against, you need to protect against some one deliberately attacking and or altering hte contents of these sytems, thieves are great inovators. ( excuse the spelling )
"Tolerance is a virtue of a man without convictions." G.K.Chesterton
Or look for a DVR system that uses a firewall. With the proper hardening of services and good firewall principles, one can be comfortable.
For Windows-based DVRs, look for one that is based on Windows XP Embedded (XPe) -- the developers can more easily customize and restrict exactly what is on the system.
Have a VM running the recording software and let the host machine filter the traffic and viruses.
I suggested mythtv earlier but a friend pointed to http://www.zoneminder.com/
We are a wealthy real estate company getting hit with a lot of viruses. Could you please post a phony news story about our plight, that way your zombie hoard of misanthropic programmers will code a free solution for us; for free! Ooops, gotta go, just sold another $8,000,000.00 house in La Jolla and we have to pick up our 8% commission.
Thanks,
Your Friends in the real estate business.
Put VPN tunels between those poot crap boxes and your main server. Problem solved. It will be $1K for consulting, I do checks and money transfer.
Who logs in to gdm? Not I, said the duck.
I agree, this sounds like big pile of horseshit to me. Really, it sounds like you're desperate to get Unix in there any way you can, so you're doing a crappy job and blaming Windows for it. Just because you're a shitty Windows administrator, doesn't mean Windows can't be well administered. How the hell are all those IIS web servers managing to stay up?
Try Myth TV PVR software and modify it to meet your needs. You can have the project team do it for you.
They you don't know a god-damned thing about Windows and that if they want you to administer their system, they will need to replace it with Unix. Or, alternately, you can just lie and tell them that Windows machines can't have ports open to the Internet. Let's just hope they don't figure out that something like 20% of all web servers run IIS and realize what a dumbshit you are.
Many people have posted that our experience in windows is probably questionable, and I don't doubt that - Since our servers here are mac/pc related, what do you suggest we do differently to protect our windows computers in a different manner?
As others have said and according to my own research into this area, AXIS seems to have the best cameras out there, hands down. They support low lux captures better than most and their features are superb, as is their selection. For the software, I would take a look at the F/OSS ZoneMinder (http://www.zoneminder.com/) project. This project seems to have a lot of momentum behind it and supports a wide variety of cameras.
I noticed that everyone got hung up on the DVR part of the post, not the complete post which is a DVR specifically made for a security system. My department is looking into this solution which looks pretty complete.
http://www.zoneminder.com/
I've worked with the Divar System from Bosch Security. I don't believe they are windows based and seem to work quite well. They have some nice features and are pretty well scalable from what I've seen.
good luck with it.
philo
and in case you need help, i run an it consulting company, you can reach me at this name @yahoo.com
Simple, use smoothwall. It blocks alot of worm propogation attempts, and if they have some old Pentium 1's or better kicking around your set.
Pay a bit for the enterprise license if needed. Then you can setup automatic updates so it recognizes new worms.
DarkMantle I been bored, so I started a blog.
There are several options:
Software:
ZoneMinder Welcome to ZoneMinder.com, home of ZoneMinder the top Linux video camera security and surveillance solution.
IPConfigure
Hardware:
Nuvico DVR's - advantage of being built on embedded Linux, with a good feature set.
Axis Video Servers I am presently in the process of installing and configuring a 300 camera system built utilizing IPConfigure and Axis 241Q video servers. I am finding my bigest hurdle is dealing with the corporate IT department for support. How I wish I had paid more attention to network design in school!
Supercircuits has a lot of camera and recording gear. The DMR3-CD-PW-16 has 16 channels, up to 2500GB disc capacity, compression, built-in CD-R, etc. If you're using regular composite video sources, it would be possible to build one of these yourself with a bunch of 4 input video capture cards.
If you're using IP cameras that stream MP4 or whatever over ethernet, why not employ a VPN? You can get a nice hardware VPN endpoint such as one of those SOHO Sonicwalls (google for it) on each end, or a linux box on both end as a VPN endpoint.. Most of those cameras don't support VPN but you can easily put a router in between that will do the job.
Good luck
Cool! Amazing Toys.
I've got one of those network enabled Q-See DVR's...the 4 camera version... and I've been trying to use it with a wireless bridge. However, I swear I can't find DHCP on the thing...anyone have experience with Q-See DVR's or getting their other brands wireless?
Here's one I am considering right now for my own security project with 4 cameras.
h tml
h tml
Honeywell HRHD410C320
http://honeywellvideo.com/products/dvs/dvr/40256.
I'm also considering this series which can have 4, 8 or 16 inputs.
Honeywell HRHD4C160
http://honeywellvideo.com/products/dvs/dvr/40248.
Their Sprite 2 is one of the best security recorders available. www.dedicatedmicros.com
-a.e.mossberg
There are countless ways of securing Windows itself. But, one of the most straightforward solutions would be to wall off the Windows machines form the outside world. This means putting them behind firewalls and using secure means, such as VPN's, to access them remotely. This lets you in and keeps the bad guys/malware out.
There have been many good suggestions already. If you're not up to a roll your own solution like FreeBSD and M0n0wall, then perhaps an off the shelf firewall/VPN device would better suit your needs. If you are inexperienced with securing networks (no offense but, it sounds like you are) then hire someone who is experienced in that arena.
There are too many ways to "skin this cat" for you to get a silver bullet answer form Ask Slashdot. Have someone who knows what they are doing look at the problem and develop a solution that will work. It may have an undesirable up front cost but, in the end you and your client will be much happier.
That word.... I do not think it means what you think it means.
http://outcampaign.org/
I believe there are many embeded DVR systems over there, based on DSPs and OSes like pSOS, VxWorks, Linux.
Try this one: http://www.objectvideo.com/ .
I'm getting good quality responses -- more so than from Security firms I've talked with in the Bay Area. If you are a consultant experienced in this, I'm happy to connect you with this company, feel free to email me at brady at my website url.
V P N
Others have suggested restricting your open ports to only those IP's that need access, and this is a good idea assuming you have static IPs. You should also look at using a VPN tunnel between your remote sites and your central DVR location. Check out OpenVPN for this.
And make sure you are solving the right problem. Your problem isn't Windows or viruses, it's your network setup.
I don't understand, aren't these dedicated boxes? Just turn off unnecessary services, run the service packs, and use a firewall to restrict access by IP address (even the XP SP2 / W2K3 built in firewall can do this). Windows isn't that vulnerable with basic precautions. Especially dedicated and presumably mostly locked down machines.
Guess what? If you want remote access to the camera, every OS or hardware IP camera will require open ports! It's just a matter of working within that requirement - e.g. IP filters or VPN. For most folks, a $50 router with decent NAT + port forwarding + inbound IP address rules will be sufficient. For $100 you can probably get a VPN server (well, maybe 200?).
Are you using the the current product as it was intended to be used by the manufacturer ?
If so, then ask them to fix the problem.
If not, then whoever built the initial system is a mug.
Failing that, stick with the solution you currently have, but just lock it down. There are many resources on the Internet that can help you secure Windows - the inbuilt packet filtering (behind the 'Advanced' button) can help you significantly.
Install a reliable third party firewall - Zone Alarm will do what you need.
Has anyone started a project like MythTV for security cameras? Something that will record video to my hard-drive. In a perfect world, it would only record when it detects motion. I'm assuming I would need to get as many video capture cards as there are cameras... It seems like this would be a great open source project. Anyone think someone should be working on this?
http://www.k5n.us
Any decent PC + mythTV or LANVLC or any other OSS software would make a great DVR
S hareShow.asp?ID=1921721
Something like this perhaps:
http://secure.newegg.com/NewVersion/Wishlist/Wish
No problem! This open solution has been used in prisons, hospitals and even elementary schools for over a hundred years!
But unless I'm at a Windows computer, I can't log into my DVR security remotely to see what's going on. About once or twice a year, I get a call from my security company because an alarm has gone off. I can't check on my building from the comfort of my bedroom and my Mac laptop. I have to head downstairs to the office, and boot my desktop PC.
Iam a DVR security consultant. I used to work for a major mfg that was Pelcos OEM. So I know alot about the industry and the right solutions. There are a couple of units I can think of that are Linux based and harware compression that will fit your need. email me if you want some help Regards Erik research_gate@yahoo.com
Pelcos that run off of Windows are not what I call secure. I constantly work with DVRs (I'm in the IT dept, but I know all the Integrated Systems people) and Dedicated Micros provide top notch REAL DVRs. Don't piddle around with Pelco.
i use mini-itx based systems with bt848 boards using debian.
contact me for further details. zurktech AT gmail DOT com
www.flextps.org is a GPL package that works really well with Axis video servers. Its main purpose is to stream video streams over the web, but it also has a DVR functionality where you specify which streams you want to record, the frame rate and the duration of recording. It's all perl-based and you could probably use a cronjob to start a 24h recording every midnight.
Basic firewall routers cost $29, and you can set them up to only allow connections from your headquarters location, or even to do IPSEC tunnels if your video application doesn't get into PMTU-discovery problems. Installing them at existing locations costs significantly more than $29, but for new locations it's just an extra couple of minutes to plug in the box when you're plugging in the camera.
Basic PCs cost $250, so if you need a headquarters firewall or IPSEC tunnel server, that's basically free - certainly less than you'd charge your client for the amount of time you're reading Slashdot responses \\\\\\\ \\\\ \\\\\\\ researching solutions. And you can run ClamAV on it to protect outgoing traffic.
If your remote sites are using the video box as a general-purpose PC to surf the net and read email, then you need to run an anti-virus application on it and either run a basic firewall box (wimpy, but a good start), or use the firewall to tunnel all your browsing traffic back to a server at headquarters, where you're running Squid and ClamAV and some decent Linux firewalling, and give them an email server that does some anti-virus and spam blocking and an email client that doesn't come from Microsoft. (If this weren't a real estate company, I'd recommend a text-only email system like Pine, but realistically your real estate people need to send pictures to their clients.) Another choice would be to run VNC, in one of its tighter forms, and run any applications on the headquarters server, wiht appropriate anti-virusing there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Why are these systems exposed to viruses or worms or whatever? Why are they networked at all? If you need remote monitoring, you can get a one-way connection that will completely isolate your system.
People who think they know everything really piss off those of us that actually do.
Smart Network Device's Embedded Network Operating System - HyNetOS.
There are tons of different security DVR's out there and everybody has their favorite. I personally like Dedicated Micros. If you really have worldwide cameras you might consider going to the ISC west show in Vegas. International Security Conference and Expo http://www.iscwest.com/ There will be at least 50 different DVR sellers there and you can find one that will work well for your application. Besides that its a trip to Vegas.
Check out our product: http://www.clarityvi.com/ a distributed network video system running under linux that performs distribution, recording, analysis and visualisation of surveillance video. Runs on standard PCs and supports IP, analog, firewire and PTZ cameras including joystick control. This is a very feature rich high-end product with a high tech UI for viewing real-time alerts and video streams, as well as reviewing past data. For review the Clarity product has a multi-resolution time line that allows activity and other analysis results to be viewed at a glance for ranges from years down to seconds. Some of the analysis functions we offer are: adaptive activity detection, people counting, behaivour analysis (e.g. running, left objects), face detection, face recognition, car number plate detection. We can definitely advise you on this space, and give you a presentation on our product. Regards, Jamie Sherrah
Check out DVRs based on an embedded OS.
:)
A friend of mine works for http://www.dedicatedmicros.com/. They sure make some neat products
their sales dept. can send a case of beer to PO Box 55, Fort Washington.
Have you looked at Zone Minder for this? It's open-sourced and it works very well with a wide variety of cameras. We use it to monitor our exterior sites and our data center. The really nice features for us include being able to zone out sections of the camera's view so that motion of plants or motion past door windows won't set off an alert. I don't know if this is industrial enough for your needs, but its probably at least worth a look.
Speco DVRs (www.specotech.com) are very reliable.... i've been installing cctv systems including DVR's for 6 years. From my experience you should try non-PC based DVRs..they're more secure, reliable and dont crash at all.. you dont need a firewall to protect the dvr from viruses and they work with dynamic IPs too... .... Speco has a great line of DVRs that are based on an embedded linux kernel....they're cheaper than Kalatel (GE) dvrs....
Avermedia has a linux based system, as well as windows based. http://www.aver.com/
I have no problems locking down Windows. Seriously, wtf is wrong with everyone? From reading /. you would think that Windows is constantly being taken over by malware of all kinds. I have still never had a windows virus or spyware or anything else. How the fuck do you people get all this stuff? I have a pretty solid porn habit, so I travel in all sorts of places (running IE, not FF). I'm using Windows right now, somebody point me to a website that will install all sorts of nasties on my PC auto-magically when I go there. Where is this mythical site that loads IE with trash, because I bet I won't have any problems with it.
Anyhow, back to the topic at hand...
If you can't lock down Windows, tell your boss to replace your sorry ass with a competent worker. You are the type of dumb ass that runs around complaining about not being able to find work in IT. You can't even do basic security for the OS that covers more than 90% of destops, you are incompetent.
Oh...yay...quicktime...whoo... ò_ó
I have to agree with alot of the posts here... I use 13 something windows based DVR's, and although I have had virus problems, they are very securable. Video is almost always stored on a different partition (usually another hard drive), so just patch the windows partition up, and freeze it. Its usually a good idea to reboot any static continuous-duty piece of equipment once a day, and the DVR's I have let you do schedule that, so any changes get nuked at 10 pm.
However, I have two DVR's I cant readily get to (one in NY, one in Coronado CA), and there I installed an EasyProtect and DedicatedMicros DVR. The Easyprotect is linux based, and the DM runs its own in-house concoction. The DM is bulletproof, and I would recommend it to anyone. Its a little pricey, but way worth it. On the EasyProtect Linux one, you are pretty locked out of linux unless you boot something like a gentoo LiveCD.
One last thing... are you looking to MAKE your own hardware/software? IP cameras are one thing, but surely you arent going to replace ALL 200 cameras just because you are switching DVR's!
First of all, I think you should just look at keeping the existing system, just improve it. Changeover cost in hardware/software is going to be high, even if it's free software. Here's what I'd do to try to stay with Windows 2k or XP (throw this all out if you're on 98/ME and get a real OS!):
1. Antivirus
First of all, why no antivirus? Any reasonable Win2k/XP system should be able to run one. If you want something with very low cpu impact, try Eset's Nod32. Also exclude the directory that the DVR uses to write the videos from virus checks. The videos are unlikely to get infected, and virus checking on those directories will just muck things up. (I'm assuming that this is why you aren't using antivirus.) But everything else then can be protected.
If you have licenses for *any* antivirus product, try it again with excluding the videos directories. Any antivirus product worth more than a warm bucket of spit should be able to do that.
2. Disable services.
Disable every unneeded service on these machines. A *lot* of them shouldn't be on. These systems should be doing practically nothing but writing video files (ok maybe some backups, or transferring files to another server for backups). A decent guide to this is here: http://www.theeldergeek.com/services_guide.htm.
3. Consider turning off Windows networking.
Disabling SMB/Netbios calls should stop most viruses/worms/etc. If you need to transfer data for backups and such, use SSH and SFTP instead. SFTP is what you'd use on a Linux/Unix system, and is *much* more secure.
Free Win32 SFTP client:
http://winscp.net/eng/index.php
Free Win32 SFTP server:
http://itefix.no/copssh
Nice, and not too expensive pay SFTP client (Tunnelier) and server (WinSSHD):
http://www.bitvise.com/
(And you shouldn't be getting email-borne viruses -- these systems shouldn't be used for email.)
You can also use SSH on this to restrict all kinds of other access as well, while providing VPN-style access. Very, very nice. (e.g. you can only Remote Desktop or VNC through SSH)
4. Block ports and such, and firewall it.
Setup a firewall between these systems and the outside world. Restrict ports to *only* those needed (e.g. SSH on port 22). If possible, restrict outgoing data to *only* those IP addresses that need access. Yeah, IPs can be falsified, but it's an extra layer of defense.
You could do this through a software firewall, or even just some cheap $20 hardware firewall boxes.
The XP firewall is better than nothing, but it's only incoming. Much better incoming/outgoing freebie firewalls are available from these companies:
http://www.wyvernworks.com/firewall.html
http://www.jetico.com/
(I'd probably do the hardware firewall, but if you're cash is tight, or the time/cost of installing all these extra hardware boxes is high, at least deploy a software firewall.)
5. Other Windows hardening options
You can also try these two freebie Windows hardening programs. They probably aren't perfect, but they help:
Harden-it: http://www.sniff-em.com/hardenit.shtml
Secure-it: http://www.sniff-em.com/secureit.shtml
And decent googling should turn up lots of different hardening guides to Windows as well.
After these you should have antivirus, you're blocking ports, you've disabled almost all virus vectors, and should have systems that are reasonably secure and stable.
Yeah, you have Windows and not sexy or politically correct OSS. But it's what you have. If you can make it work, use it. Fixing up your Windows boxes is probably a lot less time and money than swapping over
Something to keep in mind: One reason why Windows-based systems have the problems they do with viruses, worms, and trojans, is that Windows-based systems still make up the bulk of the systems in use.
Linux, MacOSX, and other UNIX relatives are not necessarily more or less invulnerable to these pests; the people who create the pests are simply:
1) as or more likely to have Windows systems themselves (based simply on the odds);
2) more likely to find victims running Windows than other OSes because there are a vastly larger number of systems out there running Windows than any other single OS (than all other OSes combined, by a long shot!).
Of course, this is all my opinion; I can't point to scientific studies that prove it to be true. It's a simple logic exercise.
I'd give careful consideration to any advice given here that would allow you to retain the system you've got, if you are both used to it, and otherwise happy with it. Switching operating systems, toolsets, and possibly hardware could leave you having spent a lot of money for a system that you are ultimately less satisfied with in terms of features, functionality, and performance.
R David Francis
Check out the firm, Cryptocybernetics, LLC. as this is our bread and butter area of development. We work with such companies as General Dynamics (and Microsoft) for unique DRM solutions and have a DRM/PVR offering we can port to either Mac or Linux for PVR applications. I know DRM is not your primary concern, but one of our systems was approved by the major motion picture studios for early content release on portable players (for airplanes). We are security / virus protection aware and would welcome an oppurtunity to create a custom solution for you based on our existing code base and intellectual property. We also are the primary contractors for one of the top virus scanner companies in the US for cross platform solutions.
...
End soulless self promotion
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
Because from the post it seems like he has no idea what he's doing.
I'm about to get my hands on a few of these NVRs from March Networks. Apparently there are a couple thousand of cameras controlled by these puppies elsewhere in the company. Spoke to a few technical people at March and they seem to know what they are doing. Unrelated to how well the perform, but kind of nice to hear for me as a geek, is that the actual NVR/DVRs are based on an embedded linux distro and can be managed via SSH. Also, they have an Enterprise Security Manager which allows you to authenticate users against external sources like AD, which is nice for an enterprise. I'll be banging on these devices in a couple weeks.
It is with great pleasure I submit to your most humble presences a quandry of great proportions of which we are looking to resolve. My business is the sale of real estates, of which my client, who wishes to secure said estates, needs to have your asistance in transferring 200 (US) video data bit streams, securely, from the camreas to a secure data center of your design. Please, I am so rude as to not introduce myself, My name is Donale Trumpe (esq), of the famous lineage of Trumpes, from the Isle of Manhatt.
It is with every intention that we conduct this business in the strictest of confidences, and will do so in turn. Upon remittance of complete said designs to be deposited in to the mailbox of my choosing, you will be handsomely reawarded by a gift from Ivahnah. I await your reply, and in most sincerity, thank you.
At the ICS West security conference last year, there were dozens of vendors showing Linux based DVR security systems. Some were even just their capture card and an IDE dongle containing the entire Linux OS and their DVR application. Just put it in a system with an existing HD on the secondary IDE bus and you'll soon be running a Linux based DVR. Most were advertising "embedded OS" and higher reliability than PC( Windows ) based DVRs.
m m #pricingr ity.htm
;-)
I had put together a list a couple of years ago and will post them here. you'll be better served by also google'ing for yourself and filtering out the Virus prone models.
http://www.spysource.net/digitalvideorecorders.ht
http://www.cctvsentry.com/Sentry_leseries_dvrs.ht
http://www.linuxmedialabs.com/
http://www.ituner.com/spectra.htm
http://www.sonerik.com/linux.asp
http://www.provideo.com.tw/DVR800.htm
http://www.at-fairfax.com/DVR/Info/Sentinel4.htm
http://www.avdeals.com/csispecosecure/digitalsecu
http://www.tech-island.com.tw/ep1.htm
ICS West is April 5-7th so I'd be putting in a request for a trip to Las Vegas if I were you.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
I'm gonna guess that, if he goes to a different Windows solution, there are two fears:
(1) the new 'solution' will be as messed up as the current one, and
(2) The PHB's are going to ask "Why are we going to this new system", and if you answer 'security', they're going to point to fear #1. (3) if both (1) and (2) happen then you are soooo DEAD.
So the best thing to do is go to Linux or Mac so that 98% of the bosses' viruses won't infect the DVR boxes.
Free Software: Like love, it grows best when given away.
If only things were that easy. Give the questioner the benefit of the doubt and expect that obvious solutions have been tried.
The program inspecting the mac addresses itself could be exploited, if the questioner could run one ... but he said he can't!
Because he can't, he's stuck sitting behind a hardware firewall that only allows traffic on ports required for servicing the camera. We can imagine he's been bright enough to try that and it did not work because the camera software itself has problems or some other service he can't identify or turn off does.
Friends don't help friends install M$ junk.
...on your website freaked me out.
Anyway, I just have to point out a few things:
1) You say, "Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations," but then go on to say, "Budget isn't really an issue at this point, since we are just looking for options." Which is it?
2) Why is it you can't run anti-virus while recording? I'll bet it's a performance issue and if so, you've either looked at some crappy antivirus options, or whom ever decided on the hardware cheaped out.
3) Virus problems are caused by at least two things: lack of AV software (which we've already discussed), and unpatched software. Either you're not keeping these Windows installations up to date, or you're not keeping the PVR software up to date (or both). You know what to do.
You're making it sound like this is all Window's fault. It's not -- it's your's. Given, a haphazard use of *nix in this situation would probably be better than your haphazard use of Windows, but I think you'd be better off fixing up what you've got than just jumping ship.
This sig rocks the casbah.
I suspect that this question/problem is actually thinly veiled propaganda from the Macintosh/homosexual/communist lobby that's just upset there are no "Mac" solutions for security DVR.
There's no way a dedicated, locked down machine could be a "virus magnet" except in some deranged homosexual Macintosh fantasy.
We geeks have a tendency to learn the definitions of things, and assume that other people have, too. Guess what? When a business owner says "I have a virus problem with these devices", chances are good that the business user has not, in fact, read geek references that clarify the virus vs. worm distinction. If you work with non-technical people, when one of them describes a problem, you have to assume that they are being imprecise (perhaps because they don't know correct terminology, perhaps because they don't even understand the technology or the problem.) The first step in troubleshooting is figuring out what the real problem is.
I have users who say "the email server is having problems" when the reality is that their dialup is down; they don't understand networking or email, so if they can't reach the mail server, they tell me what it means to them (ie. they can't reach their email.) "My VPN won't work" could mean that their DHCP is out. "My firewall rule doesn't work" could mean that they haven't actually asked for the firewall rule yet. After you've troubleshot enough user problems, you learn that you cannot take users' up-front complaints too literally.
So I would not be surprised to hear that the real problem here is network intrusions/worms rather than viruses.
The good news is that if the problem really is worms, the easiest solution is a host-based firewall that blocks access to all ports except the ones that are actually needed. The more recent Windows products come with one built in, and various free alternatives also exist. I'm coming to like wipfw; it's free, stateful, and unlike the Windows built-ins, you can allow some sources and deny others. wipfw might be a bit too new for production use, though; kerio (hit google) has reasonably nice server- and desktop- class firewalls that can also restrict access to known IPs.
As some others have alluded, the real question you should be asking yourself is WTF are security assets doing on your public network where anybody can have a shot at them? For crying out loud, set up a DMZ. It shouldn't matter if the OS is a craptastic sploitfest, because only trusted hosts should be able to access specific ports on them. That being said, when you do replace that system it would be a good idea to use an OS that's not a craptastic sploitfest.
Instead of buying a new CCTV system, you could probably spend the same money (or less) and put in DMZs / VLANs, and solve all sorts of other security concerns at the same time.
Help save the critically endangered Blue Iguana
Budget isn't really an issue at this point, since we are just looking for options.
Obviously, budget is an issue. You just said so. You state that you "are just looking for options" and you've already ruled out some based on cost. Are you looking for a turn-key solution? Something off the shelf? A custom job? Each of these have pros and cons, and will cost you something. Will you need new hardware to run your new set-up? What will that cost? Still less than putting a firewall in front of your Windows systems? If you want to look at options, that's great, but don't starting ruling anything out on cost, until you know what you're willing to spend.
Because you have not provided a budget, yet feel that an additional server to act as a firewall/virus blocker is too expensive, it's hard to offer a good recomendation.
In any case there are a few options using Linux. If you are looking to capture/collect snapshots over time, you could do anything from ip based webcams with a backend on Linux using wget to collect snapshots from each camera. Those get hosted on the Linux box as a web page for each location. On each of those pages, display the last 6 or so snapshots gathered. (one everry five minutes? whatever sort of schedule you want.) then include a link to the webcam itself for live video. Possibly proxied through the linux box to reduce the number of addresses that the webcams themselves are directly feeding.
Another option would be a Linux box at each location with a video capture card like a Hauppauge WinTVGo, or other bt484 card with a camcorder attached to video in. The big downside of this is likely to be the bandwidth for upstream transfers of video. Many Broadband providers restrict upload speeds from the site to 128kbps, which isn't much for video. At the same time you could use memcorder to capture to one video format in blocks of an hour or something, then downconvert that to divx, or mpeg-4. Then use something like wput to copy the compressed video to some other location with better bandwidth for downloads. Obviously there will be some delay built into this in that you will have to wait for the converstion to compressed video to happen before it can be made available. Optionally if you have a camera or capture directly to mpeg4 or divx you may get faster response. One downside of that is that you may have artifacts in the resulting video that may make the captured video useless as a security system. In that case something like 'motion' as mentioned earlier may be useful.
You may have other concerns as well. None of what I have described above have anything built into them that support tilt-pan-zoom features that may be of interest to you. Considering that most broadband connections in residential areas are using something like dhcp, meaning you are never entirely sure what IP address the site will have the next time you want to access it, you very possibly already use something like dyndns or perhaps some other system to keep track of the current IP address for each location.
One concern may be the expense of the equipment you put on site, and the prospect of that equipment being stolen. A reasonably good video camera still has value, even if you have to spend time hacking it to make it useful for your own purposes. Likewise a computer that can do the video transcoding mentioned above has some value as well. Obviously if you can hide the camera in something that looks like it has no value, or is part of the structure, it will be less likely to be pilfered. If the Linux computer making things available is a Linksys 54g wap, with a hard drive attached to a USB port, and the camera is a wireless cam, you would have additional flexibility in instalation, however processing power would be reduced. It may be enough, though you might be better with a box that looks like a utilities box next to the utilites entry point of the house. It would be a custom build of course, but that may be the best long term solution. You could even build it with it's own internal backup batteries. Include a cable modem, or dsl adapter as necessary and you can possibly have limited access to what is happening if local power is interupted. The wireless wifi camera could be located anywhere that power would be available to it. Whether you would want to provide it with backup power or not would be up to you.
As far as securing the box, I would recommend using some sort of vpn to provide a connection between the box on site, and some server located elsewhere that provides a web server, or other solution for your users to keep track of each property. Along the way you may want to determine how restrictive you want to be about access to the imagry collect
You never know...
Hi,
My IT Consultancy (picoSpace PTY LTD) has some involvement in the video surveillance industry in Australia, and nearly all the DVRs we encounter are Linux-based DVRs manufactured by Dallmeier. Have a look here for an overview of their specifications on one page or straight from the manufacturer.
Given the situation you've described, and the situations where we've seen them deployed, I'd say these would be ideal. I suspect IP cameras may not be practical, due to the need to refit the existing setup (going from video cable everywhere to ethernet everywhere); to say nothing of bandwidth requirements.
Putting a 50 dollar router on each location which allows traffic only from predefined hosts to predefined ports in front of each location is "not a cost effective method" for you, but switching to an entire new DVR hardware-software combo is ok?
...company with 200+ cameras.
The problem with the Pelco devices is they are sold as is without any easy way to keep the OS up to date. Our company remembers to update DVR OS software as new things come out.
I myself have asked the exact question to our security cam vendors (and so have all the other larger real estate companies in my city) in part because of the updated software issue. For me, even more helpful would be a more open platform. Pelco (and all DVR vendors) lock you into their hardware platform, and if you so much as add or replace one of their $2000 120GB hard drives, they will discontinue your support. I would love a more open platform so I could network all my video systems together and store archival info on an UNLIMITED (or size of MY choosing) storage system.
The company I work for also sells internet services to other multiple tenant properties. This is something that comes up in almost every large company with lots of cameras. If you actually find a good solution, let me know.
Before I sold out for law school, I worked with some DVR software from Sony that was actually pretty good. Unfortunately, I can't for the life of me remember the name. (Just found it - Sony RealShot) At the time, it was pre-release, but I think it was supposed to come out in late 2004. I'm sure it's Windows-only, but it didn't require a dedicated box, like a lot of the commercial DVR providers. So, at least you'd be able to handle OS security without having to battle the DVR app, too.
.Net but I'm sure there are libraries to support this in whatever language you prefer.
Of course, it being Sony, there's a good chance that it only works with Sony cameras. I only worked with their cameras at the time.
As for rolling your own... I wouldn't think it would be that hard, if you're willing to put some developer hours to it. Most of these IP cameras use the same HTTP-based mechanisms for sending data. I managed to get video off of a couple different cameras without too much trouble. I developed in
I'm not an expert, but I worked in a place that used to sell these Windozy systems. It made me cringe at the time and I'm not surprised to learn they are a virus magnet and easy to 0wn. I never learned to do the same things with free software, but I did learn a few things.
Camera control is usually silly. For the price of one tilt device, you can buy two or three normal cameras which provide better coverage.
If you have the time to roll your own system, look into xawtv and myth tv. The capture technology is well developed, so you should be able to capture streams and represent them with thumbnail images you serve on a page if you can't figure out how to transmit the moving pictures themselves.
If you don't need full motion, but can get away with 1/second frame grabs, you will spare yourself a lot of storage space and greatly simplify your task. Gcam is something that I've played with that works and is easy to customize. There are other projects around that look promising, such as webcam one, axis network one, or cam portal manager.
I realize you need full motion video for cameras monitoring stores during working hours and wish that I knew more. Motion picture media is one of those areas where fierce patent/greed issues abound. Good luck.
Friends don't help friends install M$ junk.
Vistaplex is a professional Linux system, used by many casinos and businesses. I've had personal dealings with this company, and can highly recommend it. It's designed to be bulletproof.
If your running Windows 2000 or newer just set up some rules using IPSEC (under Local Security Policy in the Adminstrative Tools) you don't need to create a tunnel but you can. Make a rule that blocks everything, then create a rule that allow traffic BOTH ways on port 80. Set the Destination Address to the local machine and the Source address to the clients you want to have access to the video feeds. Do the same with port 9999
Have you had to use these in court? Any issues upholding timestamp/authenticity? Just curious.
Comment removed based on user account deletion
Check out the Netbotz product line. They are best designed for IT infrastructure, but with the additional management platform, they could be used for a security deployment. The devices are fully managed IP devices with a non-Windows OS and a lot more functionality than just a camera. Additional monitoring of temp, humidity, water detection, power dry, motion and noise detection... the use of these devices is endless.
Take a look at http://www.adome.net/ for their real-time embedded DVR's and they have software which allows you to pick whichever cameras you want to view from whichever DVR on the same screen. Also the DVR's are non PC, NON Linux based all proprietary operating systems.
Linux is STILL for fags.
What hardware is installed in the DVRs? If it's a PC-based system, it probably uses PCI-based quad-camera cards, and you might be able to locate Linux drivers for 'em.
axis.com I have been dealing with them for a long time. I also have security systems that my company installed in many downtown offices. One installation has 500+ cameras. Some IP, some Analog with the axis video servers. We have Buffalo 1 terrabyte NAS units where the video is uploaded to via FTP.
Intelligent Design
First, you say you can't change the ports that are used. But you can make it look like you changed the ports? Here is the idea: camera server must run on port 80 (or whatever). So you run a little program on the Windows box that takes any connections on port 8347 (just some random number) and forwards that connection (through the loopback) to port 80. Port 80 is never exposed outside of the the box (must be loopback to connect). I know this can be done on Unix, there must be a way on Windows.
As others have pointed out, how about a VPN? All networking gets done through the VPN, and the remote boxes (as part of startup) "dial home" to start the VPN connection. They simply never accept ANY incoming traffic. Even the Windows firewall must be able to do that.
The "unprofessional" solution. You can get little Linksys WAP11s (or something like that) and put Linux on them and set them up however you want cheap. There must be a wireless version you can do that with, or failing that just turn off the wireless functionality. You can use these little boxes as firewalls, configure them EXACTLY how you want, and they will sit there forever doing their jobs (no moving parts, after all). The only problem with this is it isn't exactly "professional". But it would work and would be cheap. Heck, you could get these to do the VPN part for you.
From your main question and a few of the posts in this thread you made, I don't blame you for wanting to ditch Windows (not that any of my solutions would help). It would be easier to guess if I knew what were going on better (security camera to video capture card? USB webcam based? what?).
Good luck though.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
http://www.dedicatedmicros.com/ Cheap they are not... but pretty freakin' solid and based on Linux. (I do not work for them).
Alright, so to note: The current setup is Analog Pelco Cameras, on Pelco 16 Channel 8000 DVR's running their dumbed down version of windows with a netscreen firewall -- the goal for this company was to move to IP cameras in the long run by recommendations anyhow. While it would not be financially reasonable to replace all cameras (over 250), it would be reasonable to replace the full DVR system if it were an improvement (hardware and software). I noted budget is not an issue -- but my comment regarding cost effectiveness still stands. The client is willing to pay for a high end system, from a personal opinion buying something more aggressive than a Juniper netscreen (though I personally like sonic wall since the netscreen doesn't have fallback IP) for a system that seems broken feels like a bandaid on a bullet wound. Those DVR's run 7000+ decked out, not including the expenses for cameras. We willing to have casino quality if it is just that, casino quality. In regards to the software, Pelco verified it cannot run anti-virus while recording. If anti-virus is needed to run, the recording shuts down as the framerate is unrealistic. This is a limitation of the software then, if needed. Of what I know, ports 80 and 9999 (not through 9999 -- my apologies if that was mis typed) are required open. The scenario worked like so: Speakeasy verified worm activity on the static IP, and we shut down the unit and verified the virus -- Pelco came out, wiped the system clean (disconnected), reinstalled fresh, reinstalled the router (verified) -- system received a worm, again, within a few days. The process continued twice by Pelco representatives. It is not a full version of windows that can be maintained in the same way, a limiation we're not happy with either. I'll take the blame that there are more experienced windows users than me -- but as a reminder, I didn't set this guy up, I'm coming in near the end -- so blaming me for the weakness in this system is unfounded. Regardless, Pelco verified the limiation in their software, and I'll agree this is a reason why we've shyed away, and continue to shy away, from a windows setup. Lack of updates, lack of patched software -- all a limitation of their application -- and I'll argue, a continual frustration with Windows in general. ...So I feel like half the feedback here is targeted towards helping me find alternative solutions or teaching me improved methods, and the other half protecting the Windows OS from being bashed as a insecure box compared to Mac and Linux. Regardless of what side you're on, if you want to boast windows, pitch me a software package (or hardware solution), the current stuff isn't staying in this fashion.
As previously noted, no filtered IP's, VPN not preferred.
I appreciate the emails and positive support from both sides of the camp -- it is being read, thank you. This is the best information we've received so far, and we've contacted as many people as we could here in San Francisco. Please continue to send me informative posts and emails.
http://www.zoneminder.com/
Check out zoneminder. This may be the kind of solution you are looking for.
** Disclaimer ** I'm a reseller. We're in the DVR market. Purpose of a Security DVR is only one - to record / archive / stream video. Not to run windows in the backround. You will NOT find a more solid device then Dedicate micros sprite... We have numerous of clients who still run 1st generation recorder (4+) years with no headaches. I'm not going to post our Demo URL since we like having our web server / demo DM up and running but if interested contact me.
-- I Dont Deserve A Sig I Have Bad Karma
Benchmark Automation is selling a Linux Based DVR with IP cameras. Their system is decent. You can tag the video with information and search on it later. They currently are focused on the Steel Industry. Their system is written in Java. The only complaint that I have about the system is that the system requires 5 TB of disk space to record 22 cameras at 5fps. At roughly 40 grand for a system, its not cheap.
my UID is Prime. It makes me special.
Disclaimer: I'm an engineer who develops video cameras.
I kind of hate to turn this into a shameless plug, but my company has been developing exactly what you need. We've got a linux-based network camera which would be perfect for your application. Google Ingenient Technologies.
Okay, now here's the problem: We are an engineering firm - we sell the reference design to other companies which actually manufacture and market the hardware. However, we might be able to work something out with an intermediary company if the order was large enough.
The society for a thought-free internet welcomes you.
Why on earth can't they run virus software? Switch off packet sniffing, shore up the firewall, but get antivirus software on those. If you're saying it's too much of a performance penalty, that's a bit hard to believe. If that's the case your hardware is just too slow anyway. The hard drives should probably SATA, but if a virus scan is bogging it down I venture to guess you're using slow IDE drives. Big mistake. Linux isn't going to be all that much more secure if you can't even make a baseline investment in the system.
www.blueapples.org
this company has it's own DVR boards and developer kits for window and linux... www.exacq.com
I personally run 50 IP cameras (Axis) to 5 Xserve DP G5s.
They all dump their data to dual XServe RAIDs (located in separate parts of the building for physcial separation) using XSan (with 1 XServe as a XSan controller), page me via an email when a camera should not be going off at night of the picture, run scripts that write out formatted logs for motion activity.
It took about 4 months to get everything running smoothly - camera settings, getting enough machines to do the work, compression levels that were sufficient for us... but it works fine.
We can even control the PTZ cameras from anywhere when we tunnel into our network.
You need a lot of horsepower to make this happen - you need lots of ram and you need disk drives running plenty fast.
If you're going to use 640x480x30fps, you are going to only be doing 3 cameras per Mac. maybe you could get away with more if you were using a quad G5 desktop instead of an XServe, but we don't need that much horsepower because only a few cameras are set to high resolution - and even those are set to low FPS (for capturing faces at the doors).
If money is not the object - then you need someone that knows Applescript, you need some freaking hard drives, and you need a lot of computer power... Security Spy (Ben lives in England, he's not elusive, i get email from him all the time, and he's even called me a few times) is plenty industrial for what i need.
guns kill people like spoons make Rosie O'Donnell fat.
We are upgrading from DX8000 to Honeywell fusion units at my workplace. They are linux based.
Adamant Computers (www.adamant.com) has several Linux DVR's in their product list. I have not used them, but Adamant seems pretty reasonable.
I am an electronic security professional, and our favorite DVR is the DigiEye, made in Italy by SYAC and non-Windows based. It runs about $12,000. It has a great motion detection interface, including directional motion detection, and good, secure remote viewing options. It is very stable and has very good resolution. Highly recomended!
If your client trusts in your expertise well enough to ask this question, and you've led them on by pretending to know what you're doing (we can deduce this based on your need to post a question to "Ask Slashdot"), maybe you ought to save yourself from the forthcoming embarassment and step down from this project?
It's OK to say "I don't know".
http://motion.sf.net/ (sourceforge, free software)
This, and some remote access should do what you want. With Liuux Mandrake and some others, it's easy to set up a firewall to only allow access to ports you need. You can easily set up a VPN (secure tunnel) or even use ssh to tunnel into your boxes when needed. You can also easily set up a rsync so that nightly your pictures (or mpg video of any motion) are transferred to one main machine.
The nice thing about using Linux is that you are not limited by some lame software company that thinks one software fits all.
As a Mfr.'s Rep, naturally I'm going to push a specific product. It has been mentioned here before, and with good reason. The Bosch Divar is probably the closest thing to what you are looking for. They run as a completely embedded system, and are thus (as you note) less prone to viruses. They also allow for easy spanning of locations, while allowing for centralized management. The other recommended option might be something like the philips netcam, which would allow you to implement using (perhaps existing) IP networks. We rep in the Midwest (Based near Chicago), so drop a reply if you're interested.
"Perennially barely legal"
Check out VBrick Systems. They make some cool encoders, some with built-in hard drives for recording. They also have software that can record from these streams (but it runs on Windoze - the actual "bricks" run a Unix-based embedded OS).
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
My company deploys Linux-powered DVRs all the time. They are basically bulletproof: embedded RHL-based systems running on commodity PC hardware. These things have zero downtime, have virtually no risk of hacking since they are embedded, and are very inexpensive to deploy. There is a company called Neon which puts together pre-configured PROMs, you just plug them into an IDE chain on a system which meets specs and you're good to go. These things are more like an appliance when they're setup than a computer, so there's not much margin for error. In fact there's no good reason I can think of to run a Windows DVR at all.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Linux Media Labs designs, makes, and markets multi channel unencoded and single channel hardware MPEG4 encoding boards. They offer a "clustered" video recording system with thousands of channels and advertise consulting services.
I have never dealt with them, but I think they this company is a husband and wife who make their own boards (which are only supported with Linux).
Also, check out their customer list! I'd like to know out what kind of work they did for companies like boeing, sun, nasa, google, lanl and mit.
First, if you havn't already you should head on over to www.cctvforum.com . It's not Linux focused but there are lots of folks there who know their DVRs.
Second, there are several "Linux on a DOM" solutions and I think one of the more popular is called VPON.
Third, are you sure you really want a PC based DVR rather than a dedicated solution. Many of the dedicated dvrs run Linux and even the ones that run Windows have striped it down to the point where it should be pretty safe.
Good Luck.
The Pelco DVR is a decent machine, and your company has invested a LOT of money in them. I work with them, so I know they're not cheap. Far, far more cost-effective would be to buy a case lot of inexpensive firewall routers that do NAT. You can configure them before shipping them out. If you buy all the same type you can just configure the first one, save the config to a file, and then just import that config to the rest of them. If you're going to buy new Linux DVRs that's going to be a huge expense in hardware. If you plan on putting Linux and a DVR app on the Pelco machines you're talking about a huge expense in manpower. Either way, it would be far more expensive than buying even a top of the line Cisco firewall/router for the site.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
I can't help but frown with chagrin when the OP originally asks for a non-Windows based solution to his problem, and from scanning the top-moderated responses, all the best answers are still Windows-based solutions. The best solutions involve adding additional hardware (e.g.: firewall router) to protect the travesty of a worm/virus nest that is the Windows operating system.
I searched for a similar solution last year when I went on vacation to set up a webcam in my home to "keep an eye on things" remotely, but gave up when I couldn't find something I could easily host via my Mac or a Linux partition on one of my PCs. Looks like the state of video servers on Linux/Mac has not advanced much since that time.
Seems to me the Linux market is ripe for remotely managed-type low end PC applications for just this kind of thing, with a great advantage over Windows-based solutions.
I install these systems for a living, and I have yet to see a system be infected by a virus. That being said I think it is a posibility. The bigger problem that I see wih many of these systems is that they are runing Window XP Embeded and as a result have many of the problems a typical Windows machine faces, and many of these problems can not be fix in the traditional way with out voiding the Waranty. You would be surprised as to how many times I've been called in to fix some ones DVR because some drivers locked up. I've also come across many other DVRs that have been pluged into the local network and have no firewall protection from any of the other computers on the network should they become vulnerable to viruses or Malware. Clients often don't un derstand the need for extra like this, and your average router will leave the DVR totaly open to all other computers on the local network. Setting up a seperate network with a seperate internet connection is rarly something that a client wants to pay for eather. Many of the lower end systems with 4 to 9 inputs have thier own OS, but all the high end systems these days are just windows embeded machines, most still have solitare on them, running IIS servers to stream the video to IE, (needs Active X.) I have asked many of our distributors if there is a linux or unix based DVR out there, only to have them look at me like I was crazy. But then having a system that is Vulnerable to all the things a typical windows system is, with out being able to fix it the way an admin normaly would, helps to sell those expensive waranties I guess.
Can I assume these machine are running either Win2k or WinXP?
If they are, read up on IPSEC. If not, bless your heart.
You can set a IPSEC policy on all of these machines that will make them require require authentication in order to communicate with each other and/or the servers they talk to. You can use, Kerberos (domain required for Kerberos. It's probably not for you), Certificate, or a shared key as the authentication mechanism. This will keep any foreign machines from connecting to and infecting your obviously un-patched/unsecured boxes. Shared key would be the most flexible, as any Windows 2k/XP/2k3 box could be set up to connect to the machines with very little hassle. Shared key is not the most secure method, but it would be good enough to stop nasties and script kids in their tracks.
This is all built into Windows, it's fairly easy to configure, and as long as your doing authentication only the overhead should be minimal.
I'm sorry I can't recommend a Linux solution to you, but it sounds like you've got much bigger problems than Windows, and that if you did move to a Linux solution, those machines would probably be owned in time anyway.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
My company runs 2 Pelco DX7000s, 26 cameras in total. i'm not sure what you mean when you say "their Pelco PC DVR's are hubs for viruses". i dont think we've ever had any sort of virus on either of our systems...
I set up a system for a building contractor where they were being raided every once in a while. I used SBC's and webcams that save the video over the network to a server, all linux, ports configurable to whatever you desire.
The only "extra" software I used was motion, which is easily installable on a debian GNU/Linux box (and probably others as well).
http://www.adpro.com.au/
I drink to make other people interesting!
uhm, just set up VPN end points. The linksys ones are pretty easy to set up--even for complete newbs.
Since you know the "allowed" type of traffic, put a proxy in front of them. Have the proxy only pass "approved" in and outbound types of traffic. Anything else just gets dropped.
TIVO is a DVR and it's linux based. I know that there was some open source stuff out there for a while, but it was missing a sufficient amount of proprietary code that no one was ever able to get it working. You might be able to do something with the Myth TV stuff, but that's more of PVR than DVR.
Frankly, I think that the issue here is that you 1) need disk space and 2) need some kind of a codec to decipher the output from the cameras & write it to disk and 3) take the info that's written to disk and stream it back across the internet.
Now, MPEG or a series of still images is the obvious codec since it's pretty much a "lowest common denominator". If you decide to do still, keep in mind that the human eye sees at 6 frames per second. Have the cameras record to the HDD. If you run linux, it's trivial to set up a web server that requires authentication to view the video.
Most cameras will do it. Many offer some nice features like night vision, IR, or automated motion tracking. It all depends on your budget. You can get the built into smoke detectors, clocks, stuffed animals, wall art, or most anything else you can name. They come in every size from the big black obnoxious balls all the way down to things that no bigger than a tube of lipstick. Don't let the size fool you, some of the smaller ones have features like wide-angle or high resolution.
2 cents,
Queen B
HDGary secures my bank
For a guy who links to DotFive - a computer Design and Consulting firm of some sort - I find this AskSlashdot typical of late. "I'm too lazy to do my research - hey, Slashdot, do it for me, K?"
Damn. Google, MSDN, etc., are all founts of information to draw your own conclusions from.
You get PAID for posting on Slashdot?! Fuck, I gotta find a new gig.
Not too long ago, we were looking at a similar solution to our DVR problems.
http://www.sonerik.com/linux.asp
There hasn't been a purchase yet, but we have been looking at the solution mentioned above.
Leave the ports open that you need to, close others with a software firewall. There definately won't be viruses/worms crawling in unless there is something suspicious listening at that port already. With a basic configured software firewall even a Win98 box is all safe left on the net on its own on a static ip address.
www.capturecctv.com. Look at the SDR / XDR series. They are good linux DVRs. If you think that a Windows based DVR's are all that's out there you should get out of the business.
This is a company with a downloadable 60 day trial. I've used their software alongside anti-virus software, I'd recommend trying it.
These things want plain old P4 Gigabyte motherboards with a few hundred megs of DDR, very affordable rigs and no Linux experience necessary. There's a pretty GUI on the DVR end if you choose to put a head on it, and there's a remote web interface from which you can watch & control feed in-browser. Here's a few screenshots for you on the client end:
#1 #2 #3
These particular units are limited to 16 cameras per unit, but there are higher-end DVRs which are very similar that scale higher if 'modular' isn't your bag. But these things work well. In fact, the first time I deployed one of these we put somebody away for a long time (3 strikes law) with footage from one of these DVRs, and that was before the building was even inhabited.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Clarity Vi runs some nice systems which do the background compression, face/activity detection, and other cool things which make it much nicer to go through the footage you get. I believe they run on linux machines. I'd check them out.
Skyway Security
Star Dot Technologies
Big thing to watch for is insist on seeing a simularly sized system to what you want in operation before you sign anything. When you are running the system, do a lot of browser backs. Interupt it in the middle of things. Bring up six live views at once.
Watch for systems that have to have componets reset/restarted. Computers, cameras, hubs, things like that. Insist on references, and check them. (Good idea for anything, really.)
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
As an strong Linux user (Gentoo servers RULE) and typing this on a PowerBook G4 I can tell you there really very few alternative to Windows based DVRs. There are several Linux on chip based systems that I have details on at the office and I will try and post details tommorow. Personally I love Milestone software with IP cameras, I sell it and find it needs almost zero support if installed correctly. No customer has ever had a server failure to my knowledge do to outside influences like viruses. I do agree that it is essential to have a minimum of third party software running on systems like these though. Look at the link in my Sig if you are interested.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
Wouldn't "port knocking" be an avenue to investigate here?
Once I was a four stone apology. Now I am two separate gorillas.
I suggest that you contact Axis. http://www.axis.com/ They are very Linux friendly. Call them up and explain your needs to them. They can most likely point you to a Linux based DVR.
This is a great field to be in.
http://www.rayn.net . Funny. Stuff.
http://www.eclipsecctv.com/
My first questions is, are you planning on replacing the entire system used, not only client/server but also camaras? My guess is that the camaras connect to a hub of sorts that then simply transfer the softare to a server, the server runs a web server with specific software that lets you view the incomming video/audio from the different locations.
If this was your situation then the camaras wouldnt need any type of computers or firewalls. If this isnt the solution you are using then your entire install was flawed from the get go.
Heres an example of what I am talking about, no computer per location, simply connect cables to hub and camara and your done.
Again if this isn't the type of solution you are using, and each location has a PC thats use, it's all ready flawed, with a system thats "hundreds world wide" the person who setup it up if not all ready should be fired.
If what your talking about is on the "server side" meaning not a deployed location, then you can really use any type of PC you want, since most modern and sane setups will only be accessable from a browser or remote connection. No specific ports need to be open besides 80 then.
There is TONS of information about this online, look up IP camaras online, if the company is willing to let you switch over hundreds of locations world wide to use linux then your better off saving the money on install times and just do it right this time.
TruePunk | Games
"Spoofing"
I would say the easiest way would be to stick with your windows based system and really strip it to a bare minimum. Then restart it once/day or something like that and in the process restore everything to a standard setup. Should be quite possible to do, not exactly sure how but it shouldn't be a big problem.
Otherwise I would say go with ip-cameras. But remember to isolate them from the rest of the internet, too many wide open cameras can be found through search engines like google and that isn't good at all.
At http://www.boschsecurity.com./ It's truly embedded and in fact quite flexible.
Try www.lookc.co.uk Been using them for years and have had few problems (We've sold hundreds of units).
http://www.dallmeier-electronic.com/ sell Linux-based DVRs, which we (a security and CCTV firm) have installed at many of our clients. We mostly use the http://www.dallmeier-electronic.de/product/hardwar e/hard_product.php?lang=en&prod=dls24_s1
Maybe this software can help you:
http://www.zoneminder.com/
Serge
We are producing a linux based NVR unit, it acts as a "proxy" server with recording. You can use any kind of IP camera on the inside, and have a axis compatible http interface on the outside. It,s secure to put on the internet, can do many types of recording, and we resell it as a hardware component. The smalest unit uses a 1ghz C3 cpu, and can do around 50Mbit live video, recoding and playback at the same time. If you need more speed, the large unit does ~500Mbit, over that you can do master/slave setups. You can add 512 cameras as sources (more with master/slave), and buy licenses for each recording you want. You can also use one unit as a source to another, so you can have on unit at the mainoffice where all cameras are present, organized in groups with different user access profiles. So for this setup, use a iRecord-100 at each location instead of the pelco, connect analog cameras to the network with axis 241s,240q,241q boxes and in the future, use ip cameras directly. You can use the axis boxes to trigger alarm recordings to, with motiondetect if you want. The main office only need a 100 unit to start (512 cameras), if you need more performance or more than 512 you need to upgrade to a 500 unit).
We have a demo system (currently offline due to isp swtiching connection) where I can give you an account, this has cameras from different locations and also from other iRecord systems. Out homepage is being rebuilt, not much good info about the product, but here we go. http://www.i-solutions.se/
I do like to see any solutions that keep Windows shut, but:
> require internet inbound/outbound traffic through specific ports
You don't write too much about why you need internet traffic, but I guess it's just needed to provide remote access to the cameras and to store the images somewhere.
To mee this sounds as if you'd need a VPN to connect all your equipment together and to keeping it completely separated from the internet.
k2r.
Dude, your .sig is fucking brilliant.
There are a lot of video surveillance systems out there that have a lot of solid field testing. Many of these systems are used in incredibly sensitive applications where security is literally a life and death issue. Honestly, if security is your biggest issue, then going with proven systems from companies who cater to mission critical video surveillance is you best way to go, no matter what OS they happen to use.
/. and fish around for people to tell you the whole thing can be done with some webcams and an Apache server. You will just end up making a very large headache for yourself and your customer.
This whole post smacks to me of trying to prove something can be done on a non-windows platform, just to prove it, and not because it in any way benefits the customer. There is an entire industry that does nothing but make cameras and servers for mission critical video, and to my knowledge they almost all use either Windows, or proprietary analog systems. If you really want to serve your customer, talk to those companies, and find out what they can do to service your contract. Don't get on
Also, if you close all the ports (except the ones the video streams need), move the video streams over to non-standard ports, and make sure no one runs any software other than the video software, then you will not get viruses on the machine, and are highly unlikely to get any worms. It is that simple. All the Windows vulnerabilities in the world won't be able to magically let traffic in through a closed port on your firewall. If the video server won't let you change the communication ports, you can always setup port forwarding at both ends of the connection, so that to the outside world you will be using different ports.
All of this said, have you tried talking to CoVi Technologies? Their system is Windows based, but I have worked with them in the past, and they are some pretty smart guys, with a good background in network distributed video, focused specifically on sensitive digital video applications.
This may work for you. http://www.zoneminder.com/
Changing OS to avoid security worries is an easy answer, but ultimately one that may prove fruitless. Yes, there are some residual issues with Windows, that other systems improve on, but they can ALL be affected by security issues.
Rather than just think about switching OS, you really need to think about the overall system design. For example, why can't you run AntiVirus software? I can see why it might cause a problem for recording, but then recording should be done on at least a separate partition, if not an entirely different disk, and you can exclude the area you record on to from virus scanning. You would also want to rely mostly on the 'on-access' scanning, and if scheduled scans would be needed or desired, there could (should) be redundant systems that rotate active use, so that the scan can complete without affecting 'live' system resources.
As I said, security (and reliability) problems can occur on ANY platform - you need to incorporate defensive planning and/or isolation to your systems, not just pretend that they won't exist by switching OS.
there's a huge number of safety-critical medical systems based on windows. this is not a problem at all, provided you take proper precautions - isolate machines where appropriate, ensure they're secure - etc.
speaking as someone who does this for a living, if you don't know what a 510 is, you shouldn't be messing with stuff you don't understand as when you get audited it'll be *you* they come looking for with burning torches...
1) it's perfectly possible to secure windows in such a way as to run a webserver. this is common sense
2) it would appear that the whole problem is he's got port 80 open (i.e. running a webserver) and is getting hosed by the usual exploits for IIS etc.
3) what he needs to do is clean the system, patch the system and *then* connect it back to the internet with appropriate hardening
4) profit
"These systems cannot run anti-virus software at the same time they record "
/any/ OS) is to patch (and you can probably help out by e.g. ensuring that you use processors with non-exec page protection). Switching to some other platform will not remove the need to patch.
Rubbish.
AV software should impose zero overhead on the recording process, because AV software should not be scanning the (presumably large) data files produced by the recording. All online scanners I'm aware of let you choose between scanning only executables, all files, or user-specified extensions. Use this feature ffs.
And viruses don't just get onto a computer. Viruses get onto computers through improper user behaviour (namely, users running viruses). An online scanner can be effective against this (user education even more so, as well as telling people to stop running arbitrary programs on the recording computers...). Worms can get in through open ports, but the answer to that (on
IOW, do your job and stop blaming the OS.
Cognito is quite a compregensive Video Surveilance system with access control and other biometric functions built in... check it out.
I'm trying to push for it to go GPL, but it's a hard fight.
I wrote most of the system, and it's quite a powerful package... nice to play with iff you like Linux.
The front-ends are windows-only unfortunately... no Mac presence in my coiuntry so no Mac version. (Although I own a Mac)
Changing hardware on a Windows system is a dicey proposition at best. It's very typical to see Windows barf after spending 20 minutes at a "New Hardware Found" prompt and three reboots before bombing into uselessness.
This is bollocks, pure and simple. If you know what you're doing you can slipstream whatever drivers and patches you want into a Windows install: one reboot at the end and you're done. Takes me about 15 mins to crank out corporate images here for any of our hardware, and during that time the only interaction needed from me is to type in the asset tag of the PC.
http://freshmeat.net/search/?q=surveillance§io n=projects&Go.x=0&Go.y=0
I have just set up a Debian GNU/Linux based DVR system on commodity hardware for a London based construction firm. This was just one machine with eight inputs nowhere near the scale you are working with, however my experiences may be of interest. I used one of the clients existing Pentium 3 fileservers and standard video cameras connected to two IEI IVC-200 capture cards. The base system is Debian testing running motion and apache2.
Some of the replies you have here suggest Zoneminder is suited to a production environment, this is not my experience. Zoneminder is difficult to install, unreliable and over complicated. I'm sure in time the project will mature, however I could not recommend it at this time. Motion offers less functionality but is much easier to install and is reliable. You will have to write you own start and stop scripts as well as web pages to display pictures and video. You will also need to write scripts to periodically archive any video saved on hard disk. None of this should present any problems for a good GNU/Linux administrator. As you seem to have a large number of similar systems you would only need to write one set of scripts and replicate them on each system.
If I were in your situation I would try and use as much of your existing hardware as possible. I assume that you are running a single machine at a variety of remote sites. From a cursory look at the Pelco site the systems you have are standard hardware, and should run GNU/Linux fine. You may find that the capture cards that Pelco provide are not supported so you may need to replace these. If most of your hardware is the same then you can configure just one machine and replicate this on the other machines. Motion supports differing camera resolutions, video/still capture and motion sensing. The motion homepage is at http://www.lavrsen.dk/twiki/bin/view/Motion/WebHom e. If you need strong security GNU/Linux provides you with many options. You can easily verify the suitability of this approach at low cost on a small scale.
If you need any further help contact the company I work for Sirius IT http://www.siriusit.co.uk/. Sirius has good contacts with the free software community and may be able to provide further help.
Steve
If you want best of breed, take a look at these guys.
http://www.indigovision.com/
Supplied equipment for the olympics, winter olympics and dozens of airports worldwide.
I'd recommend reading through the website for details.
I am assuming from your comments that the cameras are analog NTSC, and need to be controlled with D, P, or coaxitron protocols, and the DVR is running a server app for remote monitoring and control. Get a hardware firewall and only allow inbound connections from your secured client machines.
I used to work for a security company selling DVR kit. I was responsible for building the DVR boxes and configuring them with DVR software (huperLabs running on WinXP). Your fear that by opening some select ports to enable remote clients to view live DVR footage (and presumably operate the archive etc.) will cause a security hole is unfounded.
h tml).
Simply opening ports does not in itself cause a security problem. You need to have a program listening on that port which is vulnerable to an exploit. Therefore, the only way you can realisticly be vulnerable to "viruses and worms" is if a cracker has specifically written a worm/virus that targets your DVR software, which is unlikely. Furthermore, running a linux DVR solution does not protect you from this scenario either (perhaps it does slightly in that you may be able to run the DVR software as an unprivilleged user thus limiting the scope of an exploit).
Some things you can do to enhance security on a Windows based DVR platform:
1). Firewall off all the ports except the ones required by the DVR software.
2). Change the ports the DVR software uses (i.e. don't use defaults).
3). Set the DVR software up so that it runs under a normal windows user account (i.e. no administrative privellegese). If the software requires Admin privs to run then consider using something like Emco RunAs Professional (http://www.emco.is/run_as_professional/features.
4). Disable USB on the DVR box.
5). Remove any CD/DVD drives.
6). Password protect the BIOS.
This should protect the DVR unit from most software and physical attacks.
...but my father works for a company which uses Linux for its "vivid" DVR systems which are for connecting and recording from connected CCTV cameras. see http://www.baxall.com/ or http://www.baxallusa.com/
Check this site: http://www.anextek.com/
The company I work for also uses the Pelco DX8000 DVRs. I did some research on Pelco's site, and here: http://www.pelco.com/products/default.aspx?id=315 under the Documentation you can find a couple of PDFs about installing and running antivirus software (McAffee and Symantec). I am also making the sugestion to my director to run one of these (one DVR was taken out about a month ago by a worm or virus).
We have one of these.
d ware/BMS.pdf
The server sits on a little 1U server and sucks video over IP from Axis cameras deployed wherever. The little Axis boxes run embedded Linux, and I think the server itself runs off a bootable LiveCD (I haven't really rebooted it much to check).
http://www.axis.com/
http://www.axis.com/adp_cd/adp_cd8/companies/broa
Too many postings to sift through, but the documentation states that the system uses Windows 2000 as its OS.
Show me packet captures and log entires, or it never happened.
Magal Dreambox.
Enjoy.
Um... can't run AV while recording? why precisely? If you mean that scanning the video files slows it down too much, just exclude your video directory from your on-access scanning. There are many applications which do not like to have theri data files/databases scanned, and yet I could not tell you when I set up one of my client's networks without some kind of Antivirus.
And as many have posted above, an up-to-date windows installation has many less risks as far as exploits which can lead to viruses. Honestly, if this is a DVR, why is there any port open from the Internet other than those managed by your DVR software? I mean, if the DVR requires you to run NetBios over the Internet, then you should fire them and get a DVR made by someone who knows at least a little about windows security. The only other assumption I can make is that these things are plugged in with no NAT or firewall of any kind, and if thats the case, then shame on you, give them at least a NAT device, even a LInksys would cause you much less headaches. If your DVR uses H.323 or some other protocol like that, then you have to invest a little more in a firewall that can do some packet inspection, like a PIX or NetScreen. Not doing so would be like installing a security system with a giant circuit breaker outside the premises labeled "Security System Cutoff" in neon orange letters. At some point, as a professional who is responsible for your customer's security, you have to override their reluctance to spend money and insist that they go with a solution that meets some minimum requirements. To do any less is irresponsible.
I know the post asks for a non-windows based DVR solution, but if you're looking for industrial-strength, commercially supported, you don't have much of an option.
I would suggest looking into the eWatch system. Their system relies on video encoders, located near the camera, that convert the images into low-res and/or high-res mpeg4, and/or jpeg stills. These data streams are sent via multicast to both the storage server, as well as any viewing stations.
This approach is superior to traditional DVRs - if the network is properly configured, it allows simultaneous viewing of live video from many locations without the linear increase in network load for each station. One stream for many viewers. Also, if the storage server goes offline, the video is still available for viewing as long as the network is up.
This approach has allowed the school I work for to purchase a large pool of storage (on the SAN) for the video we capture. This makes it easy to add storage, as well as add cameras, without worrying about the hard-limit of a DVR. Our only limits are our storage space and network capacity.
The eWatch system also supports a higher capture resolution (720x480 jpeg) than most other DVR solutions out there, making it easier to identify persons and objects easier during investigations.
Keeping these devices on their own VLAN, along with ACLs for the server, and regular security updates, our system has yet to be "0wn3d". It is worth the extra time to keep these security requirements updated - after all, any security system that is put on the network needs to be well-protected.
One word of caution - eWatch is still in the early stages of development (IMHO). Their product is quite useful, but clunky at times. Compared to the other solutions out there, only Pelco offers a competing procuct, which I cannot speak to as I haven't used it.
Not that hard to find.. a quick search will do it.
A ction=VIEWPROD&ProdID=334&MMP=1
http://www.aaasecurityproducts.com/index.asp?Page
far...out
Hi
I work for a company called Bewator, on their technical support
(www.bewator.co.uk)
we 'manufacture' 3 DVR's that are based on embedded Linux (we also do windows DVR's too!)
the Eventys Lite 4,8 and 16 way units
of the three, the 4 and 8 way are superior in terms of frame rate,
all however allow remote network access through internet explorer / activex
have a look, or call us on
0044 1633 821000
I'm dean on video technical, nothing to do with sales or anything, just trying to be helpful (and get some brownie points too!)
http://rock2000.com/Company/EverFocus/PowerPlex_ED R1600.htm
It also comes in a 400 model w/ only 4 camera inputs... but that's the version I use.
Works like a champ and I just monitor it on occasion to make sure it's running properly.
http://www.zoneminder.com/ we use this extensively for our security system where I work and it runs like a champ!
Try us: http://www.steelbox.com
We created an NVR (Networked Video Recorder) from the ground up that supports up to 1.5 Gigabytes of throughput on both ATM and IP networks. We support Motion JPEG, MPEG-2, MPEG-4, and unlimited storage (both space and archive time).
http://www.fortinet.com/
The FortiGate(TM) Enterprise Series, which includes the FortiGate-300A, 400, 400A, 500, 500A, and 800 Antivirus Firewall models, meets enterprise-class requirement for performance, availability and reliability. They include all of the key capabilities provided by other FortiGate models, with integrated, real-time antivirus, firewall, VPN, network intrusion detection and prevention, and traffic-shaping services. With throughputs up to 1Gbps, high-availability features including automatic failover with no session loss, and multi-zone capabilities, units in the FortiGate Enterprise Series are the choice for mission critical applications.
A Real Estate company has to have money to spend on security, right?
http://www.gesecurity.com/portal/site/GESecurity/m enuitem.f76d98ccce4cabed5efa421766030730?selectedI D=669&seriesyn=false&t=prod#675
Please take a look at www.wavestore.com. This is one of the most powerful and flexible DVR systems around, in addition to having Linux O/S. It was designed for massive storage and networking, and is very friendly to drive. We have just upgraded the software to take IP cameras as well as analog. It is a system that when installed and regularly upgraded with ever-devloping software features should last a decade or more. It can be viewed and operated from either Windows or Linux client PC's, even Mac's. There is a suite of high-level software for adding special screens, maps, and so forth. Screen languages such as Turkish, Italian, Japanese, French, Spanish can be easily selected, and multiple viewers can all work in their chosen languages. Lip-synch audio is standard, even when recording video at low rates (e.g. 7 ips, instead of 30ips). We currently build product in UK, Italy, Brazil, Turkey, and the US. Our sales number is +44 20 8756 5480. Myself or Jay can be contacted by cell on +44 7710 620830, or +44 7968 003912. Regards, Roger Isaacson.
And the humer continues....
I don't have any great amount of experience with their products, but you might want to check out a piece of software called SecuritySpy. It's for Mac OS X, supports multiple cameras (both locally connected and over IP) and it will do motion detection and automatic webserving/uploading. So you can use as the actual "security system" itself, or incorporate it into a greater system.
http://www.securityspy.com/
I do not think though that it will control the pan/tilt fuctions of the more sophisticated webcams, however. I could be wrong on that, it's worth checking, but I think in order to do that you need to connect to the camera's IP address with a web browser, there's not really any standard 'camera control interface' that you could write software for (or if there is, it doesn't seem like the manufacturers are using it).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Verint makes a NetDVR and NetDVRII.
As an engineer that worked for them, the NetDVR works extremely well, but in proprietary formats. The NetDVRII works almost as well, but it is more for supporting Verint's IP cameras and higher framerates. They were not done that IP camera integration when I worked there, but the framerates are there. NetDVRII is the future, it looks long and bright.
It's a 1U rack mount unit and supports 4 drives of any size. Each unit supports 16 CCTV cameras.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Hello, I have a multi-site, multi-user system, based on OSX that can handle as many cameras as your connection bandwidth allows. Current testing has 30+ cameras spread over 4 sites. Includes web-based real-time viewing, rotation between video channels & sites, using all Apple Hardware. Modular design means that hundreds of cameras are possible - all with real time viewing (though not full motion video). Programming is a combination of monolithic (aka c++) programming, and web-based application in Java/Tomcat. I can send you screen shots of the sample sites, but won't give out their addresses, because I cannot afford them to get "slashdotted" (since they're using the same connection for a FM based labeling system). Our website is not up yet, so queries need to be sent to my address: jollyprez at mac dot com
I use a Fortigate firewall and they are amazing. I can't recommend them enough. The antivirus running on the servers and clients is almost redundant and it only catches spyware and adware. Viruses never make it through the Fortigate.
http://www.fortinet.com/
Have a look at zoneminder. It may or may not meet your needs. I've only used it with two rather crappy IP cameras at once. I'm currently using it with an IP camera at the wrong end of an ADSL link and the monitoring server remote. It works for me, and I've barely touched it. Lots of development, lots of features, lots of (professional) users.
"It supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a Linux system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols."
Not affiliated in any way, but I *am* about to cut a cheque as a donation because this very morning the alarm monitoring centre called me saying that the (professionally installed, approved) alarm had triggered. I can see from zoneminder that nothing's happened, so I'm not going to panic. Otherwise I'd be racing a 100 miles to check up.
Border Collie Systems produces a Linux-based IP camera DVR system. It uses Apache Tomcat to power a web-based interface. Client-side Javascript is used to display up to 4 cameras on a single web page. My father is in the security business and has installed a few of these for some colleges. So far they have performed quite well. Check them out.
We have a DVR based on a Linux DOM (Disk on module) that on top of being linux, does a fresh install on every bootup. We call it the LE Series, and it is quite affordable, and should have no problem controlling any Pelco PTZs you have connected to the system. Contact me at mike(AT)cctvsentry.com if I can help in any way.
Mean what you say...say what you mean.
And get a decent f/w system and rules in place in front of the central server and at each location (internet connection) to which you have IP cameras installed.
Deny all traffic to the server except for the IP addresses and ports of the remote cameras.
We have been using a Pelco system in this manner with remote cameras on 2 continents for 3 years without incident of virus or trojan or crash.
The thing you should be worried about with Pelco cameras is the bandwidth usage at night with minimal lighting combined with lower bandwidth video settings. The compression method used can leave artifacts and this compression appears to be done before the "movement comparison" stage where the camera decides to send a new frame. At night with low light levels this causes black level banding and other dotting artifacts to appear. The movement comparison routines see this as... you guessed it MOVEMENT. This result in higher bandwidth usage at night. Our solution? Turn on the lights.
Stick with Pelco.
I am pro-lifechoice.
It's usually more cost-effective to install an IDS and kill the worms and viruses at their source than to let them rage unchecked through your infrastructure. That being said, you should also have a secure firewalled subnet in your tech room where new systems can be configured and updated (from Microsoft update, apt-get, Red Hat network, or whatever) before being allowed onto any other net.
If you are under HIPAA, SOX, or FDA regulation you are legally obligated to perform "due diligence" and "accepted industry practices". That means most companies in the USA are legally required to track down and eliminate any sources of malware on their internal networks!!!
If you can't make your employer understand this, start floating that resume. If anything ever happens that gets your company in trouble with the feds, the top brass will throw the IS staff to the wolves without a second thought. That means there is a (tiny, but real) risk you could do time in a federal prison because your bosses are incompetent to run a modern computerized business... do you remember when E.F.Hutton was found to be a front for organized crime? Did the top brass go to jail? NO - some hapless little people went to jail. "I vas chust following orders" doesn't fly, but "I am a rich and connected corporate leader" sure does! Don't risk it, get a new job.
If you want a robust Linux based DVR try www.marchnetworks.com
Check out ZoneMinder, http://www.zoneminder.com/ - I'm also a 1 man IT department for a small office - a medical office, in my case. We've established a 5 camera system, using plain ole CCTV cameras (if you time it well, you can pick up fairly good quality CCTV dome cameras on eBay for $25 each) that we ran coax to. The coax then all runs back to a Linux server running ZoneMinder, which supports most network cameras as well as any device video4linux will support - webcams, capture cards, etc.
Our biggest problem has been finding capture cards that support Linux at reasonable prices. Most of the fancy 4, 8 or 16 input cards out there don't seem to have Linux drivers available.
I'd say ZoneMinder is the best F/OSS solution I've seen for DVR systems so far. It has many different modes, including (IMO the most useful mode) record-on-motion-detect, where it analyzes each frame for motion and only records when motion occurs. You can define different zones within each camera's view and assign them to different types - never alarm, always alarm, only alarm if another zone is alarming, etc. It appears the author is even working towards some type of adaptive system where the software can 'learn' what is an interesting event and what's just a false positive.
RHES has iptables turned on by default. Are you saying you turn it off?
Hi,
I work for a company (shameless plug, sorry) that specialises in IP network video surveillance: IndigoVision
Most of our product line is based on embedded Linux. We provide video transmitter boxes (or racks) that encode video from standard analog cameras (including Pelco PTZ) into MPEG-4. This is then recorded on either an embedded Linux Networked Video Recorder or on a suitably configured Windows server. All of our Linux boxes have built in iptables firewalls so you can restrict access to the devices in any way you choose. We also have state of the art Windows based Control Center software to control and monitor the solution.
The technology is very secure and many of our customers use it for internet based security monitoring. It also scales to very large installations...one of our partners used our products to provide CCTV coverage for the Winter Olympics in Torino which required several thousand video transmitters.
I can fully appreciate why Pelco don't recommend using anti-virus software on machines that record video. We don't recommend that either for our Windows based solution. The amount of data flowing through the system can be immense and virus-scanners are really not suited to the load (even if you exclude the actual video store). However you can do a *LOT* to avoid security problems on Windows by locking down the system as per Microsofts guidelines and running the video recorder software as a low privilege network service. Also avoiding the use of potentially vulnerable protocols like DCOM is a good idea too (we have our own cross-platform security audited protocols).
That said I do like our Embedded Linux servers. Very hassle free and almost nothing to manage...
hope this helps,
Dave
You can always try using DVR appliances instead of standard computers running Windows or Linux. Most of these appliances now have network interfaces that allow you to access the video remotely from the Internet.
Browse the Information Directory
Dear Slashdot. I'm too dumb/lazy to secure a Windows machine, and naturally assume that simply not running Windows will cure me of said dumb/lazy/ness.
Please give me suggestions as I'm too dumb/lazy to find alternative systems on my own.
Thanks.
There are several free Linux software projects which might or might not what you are looking for. The first thing that comes to mind is something called ZoneMinder which, if I am not mistaken, is a Linux home security sytem which uses remote wireless Internet cameras.
Then there is also the well known Myth TV project which among other things is mainly used by people who bouild their own Personal Video Recorders(PVR). Myth TV supports both HDTV, NTFS and possbly also some other video broadcast standards.
A third possiblility that comes to mind is VLC which is a cross-platform media player and streaming server.
And then there are various other video related programs for Linux such as TvTime the televison application, or MPlayer the movie player. Concievably even something like the Ekiga (formerly known as GnomeNetMeeting) might be relevant. Ekiga supports Full-Screen Videoconferencing. Ekiga supports Video4Linux and Firewire Cameras Support through plugins.
I have not taken the time to try to read what you had to say carefully enough to know for sure what your needs are, these is just what quickly came to mind. It may or may not be what you are looking for. I have used Linux as the desktop operating system for my two home computers for the last 6 years. I have never actually tried out most of the software that I mentions. The fun part of using Linux is that there are hundreds of great free Linux programs to download and tryout. A person could spend years trying out all the free Linux software.Many Linux video projects seem to be built building block fashion, using other previously written free Linux software, as dependencies. In many cases there are also various other free video projects which are sometimes just user friendly front ends for other free video software. I could not even begin to list all of those free Linux software projects for video and other things.
By the way, Linux has never had virus problems but, even so, there are free anti-virus programs available for Linux. The one that I use is Clam Anti-virus. There are also several good free firewalls avilable for Linux which allow you to control which IP ports are open or closed. There is one other interesting video project which is interesting but, probably not what you are looking for is the free movie studio in a Linux box.
I hope that something that I mentioned might be usesful. You can then decide if Linux is really what you want or not. I personally like it anyway.
www.indigovision.com
You can buy a complete security system that records your MPEG4 video on networked video recorders (NVR). These machines are based on embedded linux.
They delivered the surveillance to the Winter Olympics.
The cleaning crew in my office had a knack for knocking over my plants, so I bought a cheap USB webcam on ebay for $15 and a USB extension cable, and used some double-sided tape to stick it to the wall. I installed MVC on the machine for motion detection. The problem was solved, no more broken plants.
Well, because the task I desire (avoiding broken plants) is accomplished, I rarely even look at the images - sometimes not for months. But there have been two thefts in the company, and both times, the thief happened to walk down the walkway where my camera is, so I got pictures of them.
Where am I going with this? Just yesterday, I was speaking with the building management, and they brought up the camera - they saw the pictures from one of the thefts, and said that the pictures looked better than most of the very-expensive security systems of other clients in their buildings.
Linux's V4L subsystem makes this sort of thing very easy - all you need is a camera with a V4L-compliant driver, and you're set - there are many packages out there which will take care of the rest. I mentioned that I'm using MVC, which is an old, low-feature application. At some point, when I'm bored, I'm going to switch over to Motion, which is much more full-featured.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
There are many things to consider in securing any network system and the posted comments reflect good network policies. IPSec must be on for the software client or web client to function on the DX8000 recorders. A Linux video recording device is not necessarily a better box, it depends on the robust nature of the software, hardware and network infrastructure and policies set along side it. Your issue is to provide video recording at numerous locations in a secure and reliable manner, hopefully something you can install and forget until you want to look at the live or recorded video. Home brewing a solution using open source is an option if you have the time to admin the system and the typical user can figure out how to use it, if not, get one that is already designed for that purpose. Understand how the system will be used and network security required to prevent unauthorized access and prevention of the millions of nasties that are waiting for vunerablities. Oh yes, Pelco has a Linux based recording system called Endura.
http://www.cieffe.com/products.php?prod=82
Panaosnic makes some real top-end camera/DVR solutions. The DVR unit itself (WJ-HD300A DVR Series) has a built-in 250GB hard drive but is expandable to 7.5TB externally. Each unit can handle 16 cameras. It will work with any camera capable of sending out a composite signal (through a BNC connector) but if you use the Panasonic cameras (WV-CS954) you get the added capability of being able to remotely pan, zoom and tilt through the web interface. They are pretty slick with great resolution. I set some up for a construction site so that the remote company managing the construction could monitor progress. They don't run Windows but rather a proprietary OS. Also, the only port you need open for viewing is port 80 as it all runs over a web interface.
DVR Security System That Isn't Based on Windows: The VistaPlex® system features a total network attached architecture which provides unattended recording, remote administration, remote viewing and remote operation. All VistaPlex® systems are designed with Ultra Resilient, Secure Embedded Technology. This makes VistaPlex® the most secure, stable and independent video surveillance system in the world. With literally thousands of cameras to monitor and maintain by CCTV Administrators our VistaPlex® systems can simplify camera - remote surveillance and maintenance with just a simple web browser. (No Software is required) The VistaPlex Digital Video Server is so secure you can put it out on a public IP and we guarantee it is 100% Hacker, Virus, Trojan proof. The VistaPlex System can record up to 30 Frames Per Second per camera up to 16 cameras. People who trust VistaPlex with their Video surveillance: Correctional facilities, Police departments, Banking Institutions, Casinos, College campuses and Fast food restaurants just to mention a few. Our operating system is based on Linux but it is our own OS that is proprietary. bhoweth@vistaplex.com
My high school would have benefitted from this. They bought a state of the art security camera system, but had no means of recording. Plus, since the cameras were not covered with the black lenses, anyone could tell where they were. It was a joke.
dedicated micros is a brand name that sells DVR systems. I don't know what they run, but they seem to work. You have to use windows and activex to view it though. But as servers, they seem OK.
The Vivid DVR http://www.baxall.com/vivid/OVERVIEW.HTML is a traditional embedded style (i.e. not a PC) DVR which runs on top of a Linux core. The system has a built in firewall and can also be remotely managed via SNMPv3 using your own managment software or the supplied viewer software.
I don't know if Baxall allow you to put your own software on the machine. But it should be possible.