Slashdot Mirror
A DVR Security System That Isn't Based on Windows?
Brady J. Frey asks: "For months, I've had a client that has been looking for a Linux or Mac alternative for their DVR Security systems. They are a large Real Estate company with 200+ cameras world wide, and their Pelco PC DVR's are hubs for viruses. These systems cannot run anti-virus software at the same time they record -- but require internet inbound/outbound traffic through specific ports that leave some nice holes in the firewall for viruses to find their way in as needed. Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations. Therefore we are looking for alternatives. Any suggestions?"
"We've tried looking at Ben's Security Spy for Mac, and running a Quicktime server, but it was not industrial enough for us and the developer has been elusive. We're looking at Endura by Pelco, but there's some questions unanswered for it.
What I want is a high end, professional DVR system for a large business that does not run Windows. Budget isn't really an issue at this point, since we are just looking for options.
To note, I'm hearing I could possibly do IP cameras, and host any ol' web server I want to download those files, but I have no clue as to how to control the cameras, or if this is really a possibility. Any advice or information is appreciated. If you are an expert in this industry, we may have a need for your services and would welcome that too!"
What I want is a high end, professional DVR system for a large business that does not run Windows. Budget isn't really an issue at this point, since we are just looking for options.
To note, I'm hearing I could possibly do IP cameras, and host any ol' web server I want to download those files, but I have no clue as to how to control the cameras, or if this is really a possibility. Any advice or information is appreciated. If you are an expert in this industry, we may have a need for your services and would welcome that too!"
Isn't the camera traffic limited to known IP addresses/MAC addresses? Just lock it down to only accept traffic from those...
This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
Sad to say, SecuritySpy isn't even close to "industrial". They won't even support one of the newer D-Link cameras, the 6620G.
I have two D-Link 6620G cameras and have been looking for *any* solution, industrial or not, that would let me access my cameras via my Mac.
I am by no means an industry expert, I can tell you that the IP Camera solution is indeed viable. Several of them out there -- check out:
http://www.ipcamerademos.com/
and
http://www.ipcameraforums.com/
Also -- most of the IP cameras have their own software, access (and control) via a webserver built into the camera, or a client utility that allows multiple views (at least the D-link does, and I was led to believe that both Toshiba and Panasonic do as well).
There are some serious industrial IP cameras out there. Check out AXIS and I think Panasonic has some heavy-duty cameras as well.
Don't the applications hosting those ports have no protection?
Last time I heard about a protocol problem it was the application and not the OS that was at fault.
liqbase
I'm sort of the one man IT department for a small nonprofit that is dependent on technology for tons of different things. Recently, we've begun looking into security for our office (I'll spare you the grisly details.) A traditional CCTV system is completely out of the question. A network camera like the Axis 207 ($300 range) is doable in the hardware sense, but they want an additional $600 for DVR software. I have a spare box I could toss Linux on if there were a good F/OSS solution out there.
:)
In short: it's not just the big boys that are looking for these things!
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
Um, viruses don't just sneak in through open ports. Worms and trojans sneak in through exploits in programs running on those ports. Which exact ports are open? Look, I'm as big a linux zealot as the next guy, but this sounds like a scam. "See the, uhm, viruses are sneaking in through the, uhm, open ports in your windows. You need me to install all new Linux based stuff. See, linux doesn't have ports or windows, so the viruses can't sneak in!"
Really, wouldn't it be better to stick with a known system and, you know, do your job as a sysadmin by fixing any security holes?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I don't know if they have a turn-key solution for you, but Axis Communications has some of the best cameras I've seen. They are linux based and very easy to write glue code for between systems (very open API's and development models). In general they are high quality cameras I would stake my job against.
If an officer ever threatens to taze you, say you have a pacemaker.
Can't you toss the PVRs on DMZs off your existing firewalls?
and the equipment outlay for new Linux boxes with supported PVR security software, if they do exist, is probably more per unit than the cost of little PIXs, if you couldn't set up DMZs for some reason.
Have a look at this article. It describes how to use the motion program (home page).
For the Mac there's SecuritySpy, and for Linux there's Zone Minder. I haven't used ZoneMinder - I can say that I've used SecuritySpy and it's a very nice solution. Not sure how well it would work out with 200 cameras though - but it can accept multiple inputs per machine so it might be worth looking into.
are the DVR's capable of being configured to connect to a VPN?
if not is there any way to filter based on IP address or reverse DNS?
Snowden and Manning are heroes.
Apple is having a big media event to launch new products tomorrow. It's pretty much a given they'll be releasing the Intel Mini, and there's some strong speculation it will include a DVR and TiVo-killer software.
hey, this is slashdot; what answer were you expecting?
Opening a port for the video network traffic shouldn't open you up to viruses, even on Windows. If these machines are 'virus hubs' then they are certainly being used for other purposes. First, restrict access to the servers so that they are only used for their intended purpose of capturing video, and not, say, surfing the web. If you are really concerned, you should run the capture process under a non-administrator account, so that even if the application consuming and generating network traffic is insecure, it cannot own the system.
"Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations. "
You need to tie value to a firewall / router / vpn ( or all of the above even) so that you have a solution not just a band-aid. You can find a DVR that isn't windows-based, but it doesn't get you out of the mess you have in design.
I assume the cameras are used for security ? so it is not just worms that you need to protect against, you need to protect against some one deliberately attacking and or altering hte contents of these sytems, thieves are great inovators. ( excuse the spelling )
"Tolerance is a virtue of a man without convictions." G.K.Chesterton
I suggested mythtv earlier but a friend pointed to http://www.zoneminder.com/
We are a wealthy real estate company getting hit with a lot of viruses. Could you please post a phony news story about our plight, that way your zombie hoard of misanthropic programmers will code a free solution for us; for free! Ooops, gotta go, just sold another $8,000,000.00 house in La Jolla and we have to pick up our 8% commission.
Thanks,
Your Friends in the real estate business.
I agree, this sounds like big pile of horseshit to me. Really, it sounds like you're desperate to get Unix in there any way you can, so you're doing a crappy job and blaming Windows for it. Just because you're a shitty Windows administrator, doesn't mean Windows can't be well administered. How the hell are all those IIS web servers managing to stay up?
Many people have posted that our experience in windows is probably questionable, and I don't doubt that - Since our servers here are mac/pc related, what do you suggest we do differently to protect our windows computers in a different manner?
As others have said and according to my own research into this area, AXIS seems to have the best cameras out there, hands down. They support low lux captures better than most and their features are superb, as is their selection. For the software, I would take a look at the F/OSS ZoneMinder (http://www.zoneminder.com/) project. This project seems to have a lot of momentum behind it and supports a wide variety of cameras.
I noticed that everyone got hung up on the DVR part of the post, not the complete post which is a DVR specifically made for a security system. My department is looking into this solution which looks pretty complete.
http://www.zoneminder.com/
I've worked with the Divar System from Bosch Security. I don't believe they are windows based and seem to work quite well. They have some nice features and are pretty well scalable from what I've seen.
Wow. How did me asking a question denote this type of response? Good to know Slashdot is the place for attacking more than helping... never did I say we were pc gurus, but it's good to know this is the place to go for support without ridicule.
good luck with it.
philo
and in case you need help, i run an it consulting company, you can reach me at this name @yahoo.com
Simple, use smoothwall. It blocks alot of worm propogation attempts, and if they have some old Pentium 1's or better kicking around your set.
Pay a bit for the enterprise license if needed. Then you can setup automatic updates so it recognizes new worms.
DarkMantle I been bored, so I started a blog.
There are several options:
Software:
ZoneMinder Welcome to ZoneMinder.com, home of ZoneMinder the top Linux video camera security and surveillance solution.
IPConfigure
Hardware:
Nuvico DVR's - advantage of being built on embedded Linux, with a good feature set.
Axis Video Servers I am presently in the process of installing and configuring a 300 camera system built utilizing IPConfigure and Axis 241Q video servers. I am finding my bigest hurdle is dealing with the corporate IT department for support. How I wish I had paid more attention to network design in school!
Supercircuits has a lot of camera and recording gear. The DMR3-CD-PW-16 has 16 channels, up to 2500GB disc capacity, compression, built-in CD-R, etc. If you're using regular composite video sources, it would be possible to build one of these yourself with a bunch of 4 input video capture cards.
If you're using IP cameras that stream MP4 or whatever over ethernet, why not employ a VPN? You can get a nice hardware VPN endpoint such as one of those SOHO Sonicwalls (google for it) on each end, or a linux box on both end as a VPN endpoint.. Most of those cameras don't support VPN but you can easily put a router in between that will do the job.
Good luck
Cool! Amazing Toys.
I've got one of those network enabled Q-See DVR's...the 4 camera version... and I've been trying to use it with a wireless bridge. However, I swear I can't find DHCP on the thing...anyone have experience with Q-See DVR's or getting their other brands wireless?
Here's one I am considering right now for my own security project with 4 cameras.
h tml
h tml
Honeywell HRHD410C320
http://honeywellvideo.com/products/dvs/dvr/40256.
I'm also considering this series which can have 4, 8 or 16 inputs.
Honeywell HRHD4C160
http://honeywellvideo.com/products/dvs/dvr/40248.
Their Sprite 2 is one of the best security recorders available. www.dedicatedmicros.com
-a.e.mossberg
That word.... I do not think it means what you think it means.
http://outcampaign.org/
I'm getting good quality responses -- more so than from Security firms I've talked with in the Bay Area. If you are a consultant experienced in this, I'm happy to connect you with this company, feel free to email me at brady at my website url.
I don't understand, aren't these dedicated boxes? Just turn off unnecessary services, run the service packs, and use a firewall to restrict access by IP address (even the XP SP2 / W2K3 built in firewall can do this). Windows isn't that vulnerable with basic precautions. Especially dedicated and presumably mostly locked down machines.
Guess what? If you want remote access to the camera, every OS or hardware IP camera will require open ports! It's just a matter of working within that requirement - e.g. IP filters or VPN. For most folks, a $50 router with decent NAT + port forwarding + inbound IP address rules will be sufficient. For $100 you can probably get a VPN server (well, maybe 200?).
Has anyone started a project like MythTV for security cameras? Something that will record video to my hard-drive. In a perfect world, it would only record when it detects motion. I'm assuming I would need to get as many video capture cards as there are cameras... It seems like this would be a great open source project. Anyone think someone should be working on this?
http://www.k5n.us
Any decent PC + mythTV or LANVLC or any other OSS software would make a great DVR
S hareShow.asp?ID=1921721
Something like this perhaps:
http://secure.newegg.com/NewVersion/Wishlist/Wish
But unless I'm at a Windows computer, I can't log into my DVR security remotely to see what's going on. About once or twice a year, I get a call from my security company because an alarm has gone off. I can't check on my building from the comfort of my bedroom and my Mac laptop. I have to head downstairs to the office, and boot my desktop PC.
Iam a DVR security consultant. I used to work for a major mfg that was Pelcos OEM. So I know alot about the industry and the right solutions. There are a couple of units I can think of that are Linux based and harware compression that will fit your need. email me if you want some help Regards Erik research_gate@yahoo.com
Pelcos that run off of Windows are not what I call secure. I constantly work with DVRs (I'm in the IT dept, but I know all the Integrated Systems people) and Dedicated Micros provide top notch REAL DVRs. Don't piddle around with Pelco.
i use mini-itx based systems with bt848 boards using debian.
contact me for further details. zurktech AT gmail DOT com
www.flextps.org is a GPL package that works really well with Axis video servers. Its main purpose is to stream video streams over the web, but it also has a DVR functionality where you specify which streams you want to record, the frame rate and the duration of recording. It's all perl-based and you could probably use a cronjob to start a 24h recording every midnight.
Basic firewall routers cost $29, and you can set them up to only allow connections from your headquarters location, or even to do IPSEC tunnels if your video application doesn't get into PMTU-discovery problems. Installing them at existing locations costs significantly more than $29, but for new locations it's just an extra couple of minutes to plug in the box when you're plugging in the camera.
Basic PCs cost $250, so if you need a headquarters firewall or IPSEC tunnel server, that's basically free - certainly less than you'd charge your client for the amount of time you're reading Slashdot responses \\\\\\\ \\\\ \\\\\\\ researching solutions. And you can run ClamAV on it to protect outgoing traffic.
If your remote sites are using the video box as a general-purpose PC to surf the net and read email, then you need to run an anti-virus application on it and either run a basic firewall box (wimpy, but a good start), or use the firewall to tunnel all your browsing traffic back to a server at headquarters, where you're running Squid and ClamAV and some decent Linux firewalling, and give them an email server that does some anti-virus and spam blocking and an email client that doesn't come from Microsoft. (If this weren't a real estate company, I'd recommend a text-only email system like Pine, but realistically your real estate people need to send pictures to their clients.) Another choice would be to run VNC, in one of its tighter forms, and run any applications on the headquarters server, wiht appropriate anti-virusing there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Why are these systems exposed to viruses or worms or whatever? Why are they networked at all? If you need remote monitoring, you can get a one-way connection that will completely isolate your system.
People who think they know everything really piss off those of us that actually do.
Smart Network Device's Embedded Network Operating System - HyNetOS.
There are tons of different security DVR's out there and everybody has their favorite. I personally like Dedicated Micros. If you really have worldwide cameras you might consider going to the ISC west show in Vegas. International Security Conference and Expo http://www.iscwest.com/ There will be at least 50 different DVR sellers there and you can find one that will work well for your application. Besides that its a trip to Vegas.
Check out our product: http://www.clarityvi.com/ a distributed network video system running under linux that performs distribution, recording, analysis and visualisation of surveillance video. Runs on standard PCs and supports IP, analog, firewire and PTZ cameras including joystick control. This is a very feature rich high-end product with a high tech UI for viewing real-time alerts and video streams, as well as reviewing past data. For review the Clarity product has a multi-resolution time line that allows activity and other analysis results to be viewed at a glance for ranges from years down to seconds. Some of the analysis functions we offer are: adaptive activity detection, people counting, behaivour analysis (e.g. running, left objects), face detection, face recognition, car number plate detection. We can definitely advise you on this space, and give you a presentation on our product. Regards, Jamie Sherrah
Check out DVRs based on an embedded OS.
:)
A friend of mine works for http://www.dedicatedmicros.com/. They sure make some neat products
their sales dept. can send a case of beer to PO Box 55, Fort Washington.
The best that I can suggest is to ignore the ignorant posts -- or at least ignore the ignorant part of those posts and mine the useful parts out of them.
Free Software: Like love, it grows best when given away.
Speco DVRs (www.specotech.com) are very reliable.... i've been installing cctv systems including DVR's for 6 years. From my experience you should try non-PC based DVRs..they're more secure, reliable and dont crash at all.. you dont need a firewall to protect the dvr from viruses and they work with dynamic IPs too... .... Speco has a great line of DVRs that are based on an embedded linux kernel....they're cheaper than Kalatel (GE) dvrs....
Whoa there. A bit overboard, don't you think?
Avermedia has a linux based system, as well as windows based. http://www.aver.com/
First of all, I think you should just look at keeping the existing system, just improve it. Changeover cost in hardware/software is going to be high, even if it's free software. Here's what I'd do to try to stay with Windows 2k or XP (throw this all out if you're on 98/ME and get a real OS!):
1. Antivirus
First of all, why no antivirus? Any reasonable Win2k/XP system should be able to run one. If you want something with very low cpu impact, try Eset's Nod32. Also exclude the directory that the DVR uses to write the videos from virus checks. The videos are unlikely to get infected, and virus checking on those directories will just muck things up. (I'm assuming that this is why you aren't using antivirus.) But everything else then can be protected.
If you have licenses for *any* antivirus product, try it again with excluding the videos directories. Any antivirus product worth more than a warm bucket of spit should be able to do that.
2. Disable services.
Disable every unneeded service on these machines. A *lot* of them shouldn't be on. These systems should be doing practically nothing but writing video files (ok maybe some backups, or transferring files to another server for backups). A decent guide to this is here: http://www.theeldergeek.com/services_guide.htm.
3. Consider turning off Windows networking.
Disabling SMB/Netbios calls should stop most viruses/worms/etc. If you need to transfer data for backups and such, use SSH and SFTP instead. SFTP is what you'd use on a Linux/Unix system, and is *much* more secure.
Free Win32 SFTP client:
http://winscp.net/eng/index.php
Free Win32 SFTP server:
http://itefix.no/copssh
Nice, and not too expensive pay SFTP client (Tunnelier) and server (WinSSHD):
http://www.bitvise.com/
(And you shouldn't be getting email-borne viruses -- these systems shouldn't be used for email.)
You can also use SSH on this to restrict all kinds of other access as well, while providing VPN-style access. Very, very nice. (e.g. you can only Remote Desktop or VNC through SSH)
4. Block ports and such, and firewall it.
Setup a firewall between these systems and the outside world. Restrict ports to *only* those needed (e.g. SSH on port 22). If possible, restrict outgoing data to *only* those IP addresses that need access. Yeah, IPs can be falsified, but it's an extra layer of defense.
You could do this through a software firewall, or even just some cheap $20 hardware firewall boxes.
The XP firewall is better than nothing, but it's only incoming. Much better incoming/outgoing freebie firewalls are available from these companies:
http://www.wyvernworks.com/firewall.html
http://www.jetico.com/
(I'd probably do the hardware firewall, but if you're cash is tight, or the time/cost of installing all these extra hardware boxes is high, at least deploy a software firewall.)
5. Other Windows hardening options
You can also try these two freebie Windows hardening programs. They probably aren't perfect, but they help:
Harden-it: http://www.sniff-em.com/hardenit.shtml
Secure-it: http://www.sniff-em.com/secureit.shtml
And decent googling should turn up lots of different hardening guides to Windows as well.
After these you should have antivirus, you're blocking ports, you've disabled almost all virus vectors, and should have systems that are reasonably secure and stable.
Yeah, you have Windows and not sexy or politically correct OSS. But it's what you have. If you can make it work, use it. Fixing up your Windows boxes is probably a lot less time and money than swapping over
Something to keep in mind: One reason why Windows-based systems have the problems they do with viruses, worms, and trojans, is that Windows-based systems still make up the bulk of the systems in use.
Linux, MacOSX, and other UNIX relatives are not necessarily more or less invulnerable to these pests; the people who create the pests are simply:
1) as or more likely to have Windows systems themselves (based simply on the odds);
2) more likely to find victims running Windows than other OSes because there are a vastly larger number of systems out there running Windows than any other single OS (than all other OSes combined, by a long shot!).
Of course, this is all my opinion; I can't point to scientific studies that prove it to be true. It's a simple logic exercise.
I'd give careful consideration to any advice given here that would allow you to retain the system you've got, if you are both used to it, and otherwise happy with it. Switching operating systems, toolsets, and possibly hardware could leave you having spent a lot of money for a system that you are ultimately less satisfied with in terms of features, functionality, and performance.
R David Francis
Dude, relax. If he's wrong, tell him how. People are immediately turned off by rants like that, and while it may make you feel better very few people outside of those already sympathetic to you will pay attention to what you say.
Check out the firm, Cryptocybernetics, LLC. as this is our bread and butter area of development. We work with such companies as General Dynamics (and Microsoft) for unique DRM solutions and have a DRM/PVR offering we can port to either Mac or Linux for PVR applications. I know DRM is not your primary concern, but one of our systems was approved by the major motion picture studios for early content release on portable players (for airplanes). We are security / virus protection aware and would welcome an oppurtunity to create a custom solution for you based on our existing code base and intellectual property. We also are the primary contractors for one of the top virus scanner companies in the US for cross platform solutions.
...
End soulless self promotion
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
I'm about to get my hands on a few of these NVRs from March Networks. Apparently there are a couple thousand of cameras controlled by these puppies elsewhere in the company. Spoke to a few technical people at March and they seem to know what they are doing. Unrelated to how well the perform, but kind of nice to hear for me as a geek, is that the actual NVR/DVRs are based on an embedded linux distro and can be managed via SSH. Also, they have an Enterprise Security Manager which allows you to authenticate users against external sources like AD, which is nice for an enterprise. I'll be banging on these devices in a couple weeks.
It is with great pleasure I submit to your most humble presences a quandry of great proportions of which we are looking to resolve. My business is the sale of real estates, of which my client, who wishes to secure said estates, needs to have your asistance in transferring 200 (US) video data bit streams, securely, from the camreas to a secure data center of your design. Please, I am so rude as to not introduce myself, My name is Donale Trumpe (esq), of the famous lineage of Trumpes, from the Isle of Manhatt.
It is with every intention that we conduct this business in the strictest of confidences, and will do so in turn. Upon remittance of complete said designs to be deposited in to the mailbox of my choosing, you will be handsomely reawarded by a gift from Ivahnah. I await your reply, and in most sincerity, thank you.
At the ICS West security conference last year, there were dozens of vendors showing Linux based DVR security systems. Some were even just their capture card and an IDE dongle containing the entire Linux OS and their DVR application. Just put it in a system with an existing HD on the secondary IDE bus and you'll soon be running a Linux based DVR. Most were advertising "embedded OS" and higher reliability than PC( Windows ) based DVRs.
m m #pricingr ity.htm
;-)
I had put together a list a couple of years ago and will post them here. you'll be better served by also google'ing for yourself and filtering out the Virus prone models.
http://www.spysource.net/digitalvideorecorders.ht
http://www.cctvsentry.com/Sentry_leseries_dvrs.ht
http://www.linuxmedialabs.com/
http://www.ituner.com/spectra.htm
http://www.sonerik.com/linux.asp
http://www.provideo.com.tw/DVR800.htm
http://www.at-fairfax.com/DVR/Info/Sentinel4.htm
http://www.avdeals.com/csispecosecure/digitalsecu
http://www.tech-island.com.tw/ep1.htm
ICS West is April 5-7th so I'd be putting in a request for a trip to Las Vegas if I were you.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
I'm gonna guess that, if he goes to a different Windows solution, there are two fears:
(1) the new 'solution' will be as messed up as the current one, and
(2) The PHB's are going to ask "Why are we going to this new system", and if you answer 'security', they're going to point to fear #1. (3) if both (1) and (2) happen then you are soooo DEAD.
So the best thing to do is go to Linux or Mac so that 98% of the bosses' viruses won't infect the DVR boxes.
Free Software: Like love, it grows best when given away.
If only things were that easy. Give the questioner the benefit of the doubt and expect that obvious solutions have been tried.
The program inspecting the mac addresses itself could be exploited, if the questioner could run one ... but he said he can't!
Because he can't, he's stuck sitting behind a hardware firewall that only allows traffic on ports required for servicing the camera. We can imagine he's been bright enough to try that and it did not work because the camera software itself has problems or some other service he can't identify or turn off does.
Friends don't help friends install M$ junk.
...on your website freaked me out.
Anyway, I just have to point out a few things:
1) You say, "Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations," but then go on to say, "Budget isn't really an issue at this point, since we are just looking for options." Which is it?
2) Why is it you can't run anti-virus while recording? I'll bet it's a performance issue and if so, you've either looked at some crappy antivirus options, or whom ever decided on the hardware cheaped out.
3) Virus problems are caused by at least two things: lack of AV software (which we've already discussed), and unpatched software. Either you're not keeping these Windows installations up to date, or you're not keeping the PVR software up to date (or both). You know what to do.
You're making it sound like this is all Window's fault. It's not -- it's your's. Given, a haphazard use of *nix in this situation would probably be better than your haphazard use of Windows, but I think you'd be better off fixing up what you've got than just jumping ship.
This sig rocks the casbah.
We geeks have a tendency to learn the definitions of things, and assume that other people have, too. Guess what? When a business owner says "I have a virus problem with these devices", chances are good that the business user has not, in fact, read geek references that clarify the virus vs. worm distinction. If you work with non-technical people, when one of them describes a problem, you have to assume that they are being imprecise (perhaps because they don't know correct terminology, perhaps because they don't even understand the technology or the problem.) The first step in troubleshooting is figuring out what the real problem is.
I have users who say "the email server is having problems" when the reality is that their dialup is down; they don't understand networking or email, so if they can't reach the mail server, they tell me what it means to them (ie. they can't reach their email.) "My VPN won't work" could mean that their DHCP is out. "My firewall rule doesn't work" could mean that they haven't actually asked for the firewall rule yet. After you've troubleshot enough user problems, you learn that you cannot take users' up-front complaints too literally.
So I would not be surprised to hear that the real problem here is network intrusions/worms rather than viruses.
The good news is that if the problem really is worms, the easiest solution is a host-based firewall that blocks access to all ports except the ones that are actually needed. The more recent Windows products come with one built in, and various free alternatives also exist. I'm coming to like wipfw; it's free, stateful, and unlike the Windows built-ins, you can allow some sources and deny others. wipfw might be a bit too new for production use, though; kerio (hit google) has reasonably nice server- and desktop- class firewalls that can also restrict access to known IPs.
As some others have alluded, the real question you should be asking yourself is WTF are security assets doing on your public network where anybody can have a shot at them? For crying out loud, set up a DMZ. It shouldn't matter if the OS is a craptastic sploitfest, because only trusted hosts should be able to access specific ports on them. That being said, when you do replace that system it would be a good idea to use an OS that's not a craptastic sploitfest.
Instead of buying a new CCTV system, you could probably spend the same money (or less) and put in DMZs / VLANs, and solve all sorts of other security concerns at the same time.
Help save the critically endangered Blue Iguana
Budget isn't really an issue at this point, since we are just looking for options.
Obviously, budget is an issue. You just said so. You state that you "are just looking for options" and you've already ruled out some based on cost. Are you looking for a turn-key solution? Something off the shelf? A custom job? Each of these have pros and cons, and will cost you something. Will you need new hardware to run your new set-up? What will that cost? Still less than putting a firewall in front of your Windows systems? If you want to look at options, that's great, but don't starting ruling anything out on cost, until you know what you're willing to spend.
Because you have not provided a budget, yet feel that an additional server to act as a firewall/virus blocker is too expensive, it's hard to offer a good recomendation.
In any case there are a few options using Linux. If you are looking to capture/collect snapshots over time, you could do anything from ip based webcams with a backend on Linux using wget to collect snapshots from each camera. Those get hosted on the Linux box as a web page for each location. On each of those pages, display the last 6 or so snapshots gathered. (one everry five minutes? whatever sort of schedule you want.) then include a link to the webcam itself for live video. Possibly proxied through the linux box to reduce the number of addresses that the webcams themselves are directly feeding.
Another option would be a Linux box at each location with a video capture card like a Hauppauge WinTVGo, or other bt484 card with a camcorder attached to video in. The big downside of this is likely to be the bandwidth for upstream transfers of video. Many Broadband providers restrict upload speeds from the site to 128kbps, which isn't much for video. At the same time you could use memcorder to capture to one video format in blocks of an hour or something, then downconvert that to divx, or mpeg-4. Then use something like wput to copy the compressed video to some other location with better bandwidth for downloads. Obviously there will be some delay built into this in that you will have to wait for the converstion to compressed video to happen before it can be made available. Optionally if you have a camera or capture directly to mpeg4 or divx you may get faster response. One downside of that is that you may have artifacts in the resulting video that may make the captured video useless as a security system. In that case something like 'motion' as mentioned earlier may be useful.
You may have other concerns as well. None of what I have described above have anything built into them that support tilt-pan-zoom features that may be of interest to you. Considering that most broadband connections in residential areas are using something like dhcp, meaning you are never entirely sure what IP address the site will have the next time you want to access it, you very possibly already use something like dyndns or perhaps some other system to keep track of the current IP address for each location.
One concern may be the expense of the equipment you put on site, and the prospect of that equipment being stolen. A reasonably good video camera still has value, even if you have to spend time hacking it to make it useful for your own purposes. Likewise a computer that can do the video transcoding mentioned above has some value as well. Obviously if you can hide the camera in something that looks like it has no value, or is part of the structure, it will be less likely to be pilfered. If the Linux computer making things available is a Linksys 54g wap, with a hard drive attached to a USB port, and the camera is a wireless cam, you would have additional flexibility in instalation, however processing power would be reduced. It may be enough, though you might be better with a box that looks like a utilities box next to the utilites entry point of the house. It would be a custom build of course, but that may be the best long term solution. You could even build it with it's own internal backup batteries. Include a cable modem, or dsl adapter as necessary and you can possibly have limited access to what is happening if local power is interupted. The wireless wifi camera could be located anywhere that power would be available to it. Whether you would want to provide it with backup power or not would be up to you.
As far as securing the box, I would recommend using some sort of vpn to provide a connection between the box on site, and some server located elsewhere that provides a web server, or other solution for your users to keep track of each property. Along the way you may want to determine how restrictive you want to be about access to the imagry collect
You never know...
Hi,
My IT Consultancy (picoSpace PTY LTD) has some involvement in the video surveillance industry in Australia, and nearly all the DVRs we encounter are Linux-based DVRs manufactured by Dallmeier. Have a look here for an overview of their specifications on one page or straight from the manufacturer.
Given the situation you've described, and the situations where we've seen them deployed, I'd say these would be ideal. I suspect IP cameras may not be practical, due to the need to refit the existing setup (going from video cable everywhere to ethernet everywhere); to say nothing of bandwidth requirements.
...company with 200+ cameras.
The problem with the Pelco devices is they are sold as is without any easy way to keep the OS up to date. Our company remembers to update DVR OS software as new things come out.
I myself have asked the exact question to our security cam vendors (and so have all the other larger real estate companies in my city) in part because of the updated software issue. For me, even more helpful would be a more open platform. Pelco (and all DVR vendors) lock you into their hardware platform, and if you so much as add or replace one of their $2000 120GB hard drives, they will discontinue your support. I would love a more open platform so I could network all my video systems together and store archival info on an UNLIMITED (or size of MY choosing) storage system.
The company I work for also sells internet services to other multiple tenant properties. This is something that comes up in almost every large company with lots of cameras. If you actually find a good solution, let me know.
Before I sold out for law school, I worked with some DVR software from Sony that was actually pretty good. Unfortunately, I can't for the life of me remember the name. (Just found it - Sony RealShot) At the time, it was pre-release, but I think it was supposed to come out in late 2004. I'm sure it's Windows-only, but it didn't require a dedicated box, like a lot of the commercial DVR providers. So, at least you'd be able to handle OS security without having to battle the DVR app, too.
.Net but I'm sure there are libraries to support this in whatever language you prefer.
Of course, it being Sony, there's a good chance that it only works with Sony cameras. I only worked with their cameras at the time.
As for rolling your own... I wouldn't think it would be that hard, if you're willing to put some developer hours to it. Most of these IP cameras use the same HTTP-based mechanisms for sending data. I managed to get video off of a couple different cameras without too much trouble. I developed in
I'm not an expert, but I worked in a place that used to sell these Windozy systems. It made me cringe at the time and I'm not surprised to learn they are a virus magnet and easy to 0wn. I never learned to do the same things with free software, but I did learn a few things.
Camera control is usually silly. For the price of one tilt device, you can buy two or three normal cameras which provide better coverage.
If you have the time to roll your own system, look into xawtv and myth tv. The capture technology is well developed, so you should be able to capture streams and represent them with thumbnail images you serve on a page if you can't figure out how to transmit the moving pictures themselves.
If you don't need full motion, but can get away with 1/second frame grabs, you will spare yourself a lot of storage space and greatly simplify your task. Gcam is something that I've played with that works and is easy to customize. There are other projects around that look promising, such as webcam one, axis network one, or cam portal manager.
I realize you need full motion video for cameras monitoring stores during working hours and wish that I knew more. Motion picture media is one of those areas where fierce patent/greed issues abound. Good luck.
Friends don't help friends install M$ junk.
> an jerk with an axe to grind
What, is that some backcountry dialect, where the j is silent?
"Argsh, mehb an 'erk wit a haxe t'grind, beshorra."
-- Rabid
Vistaplex is a professional Linux system, used by many casinos and businesses. I've had personal dealings with this company, and can highly recommend it. It's designed to be bulletproof.
Have you had to use these in court? Any issues upholding timestamp/authenticity? Just curious.
Comment removed based on user account deletion
Check out the Netbotz product line. They are best designed for IT infrastructure, but with the additional management platform, they could be used for a security deployment. The devices are fully managed IP devices with a non-Windows OS and a lot more functionality than just a camera. Additional monitoring of temp, humidity, water detection, power dry, motion and noise detection... the use of these devices is endless.
Take a look at http://www.adome.net/ for their real-time embedded DVR's and they have software which allows you to pick whichever cameras you want to view from whichever DVR on the same screen. Also the DVR's are non PC, NON Linux based all proprietary operating systems.
What hardware is installed in the DVRs? If it's a PC-based system, it probably uses PCI-based quad-camera cards, and you might be able to locate Linux drivers for 'em.
axis.com I have been dealing with them for a long time. I also have security systems that my company installed in many downtown offices. One installation has 500+ cameras. Some IP, some Analog with the axis video servers. We have Buffalo 1 terrabyte NAS units where the video is uploaded to via FTP.
Intelligent Design
First, you say you can't change the ports that are used. But you can make it look like you changed the ports? Here is the idea: camera server must run on port 80 (or whatever). So you run a little program on the Windows box that takes any connections on port 8347 (just some random number) and forwards that connection (through the loopback) to port 80. Port 80 is never exposed outside of the the box (must be loopback to connect). I know this can be done on Unix, there must be a way on Windows.
As others have pointed out, how about a VPN? All networking gets done through the VPN, and the remote boxes (as part of startup) "dial home" to start the VPN connection. They simply never accept ANY incoming traffic. Even the Windows firewall must be able to do that.
The "unprofessional" solution. You can get little Linksys WAP11s (or something like that) and put Linux on them and set them up however you want cheap. There must be a wireless version you can do that with, or failing that just turn off the wireless functionality. You can use these little boxes as firewalls, configure them EXACTLY how you want, and they will sit there forever doing their jobs (no moving parts, after all). The only problem with this is it isn't exactly "professional". But it would work and would be cheap. Heck, you could get these to do the VPN part for you.
From your main question and a few of the posts in this thread you made, I don't blame you for wanting to ditch Windows (not that any of my solutions would help). It would be easier to guess if I knew what were going on better (security camera to video capture card? USB webcam based? what?).
Good luck though.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
(jerk)
Language students: Don't try to learn English here. This ain't it.
Alright, so to note: The current setup is Analog Pelco Cameras, on Pelco 16 Channel 8000 DVR's running their dumbed down version of windows with a netscreen firewall -- the goal for this company was to move to IP cameras in the long run by recommendations anyhow. While it would not be financially reasonable to replace all cameras (over 250), it would be reasonable to replace the full DVR system if it were an improvement (hardware and software). I noted budget is not an issue -- but my comment regarding cost effectiveness still stands. The client is willing to pay for a high end system, from a personal opinion buying something more aggressive than a Juniper netscreen (though I personally like sonic wall since the netscreen doesn't have fallback IP) for a system that seems broken feels like a bandaid on a bullet wound. Those DVR's run 7000+ decked out, not including the expenses for cameras. We willing to have casino quality if it is just that, casino quality. In regards to the software, Pelco verified it cannot run anti-virus while recording. If anti-virus is needed to run, the recording shuts down as the framerate is unrealistic. This is a limitation of the software then, if needed. Of what I know, ports 80 and 9999 (not through 9999 -- my apologies if that was mis typed) are required open. The scenario worked like so: Speakeasy verified worm activity on the static IP, and we shut down the unit and verified the virus -- Pelco came out, wiped the system clean (disconnected), reinstalled fresh, reinstalled the router (verified) -- system received a worm, again, within a few days. The process continued twice by Pelco representatives. It is not a full version of windows that can be maintained in the same way, a limiation we're not happy with either. I'll take the blame that there are more experienced windows users than me -- but as a reminder, I didn't set this guy up, I'm coming in near the end -- so blaming me for the weakness in this system is unfounded. Regardless, Pelco verified the limiation in their software, and I'll agree this is a reason why we've shyed away, and continue to shy away, from a windows setup. Lack of updates, lack of patched software -- all a limitation of their application -- and I'll argue, a continual frustration with Windows in general. ...So I feel like half the feedback here is targeted towards helping me find alternative solutions or teaching me improved methods, and the other half protecting the Windows OS from being bashed as a insecure box compared to Mac and Linux. Regardless of what side you're on, if you want to boast windows, pitch me a software package (or hardware solution), the current stuff isn't staying in this fashion.
As previously noted, no filtered IP's, VPN not preferred.
I appreciate the emails and positive support from both sides of the camp -- it is being read, thank you. This is the best information we've received so far, and we've contacted as many people as we could here in San Francisco. Please continue to send me informative posts and emails.
http://www.zoneminder.com/
Check out zoneminder. This may be the kind of solution you are looking for.
** Disclaimer ** I'm a reseller. We're in the DVR market. Purpose of a Security DVR is only one - to record / archive / stream video. Not to run windows in the backround. You will NOT find a more solid device then Dedicate micros sprite... We have numerous of clients who still run 1st generation recorder (4+) years with no headaches. I'm not going to post our Demo URL since we like having our web server / demo DM up and running but if interested contact me.
-- I Dont Deserve A Sig I Have Bad Karma
Benchmark Automation is selling a Linux Based DVR with IP cameras. Their system is decent. You can tag the video with information and search on it later. They currently are focused on the Steel Industry. Their system is written in Java. The only complaint that I have about the system is that the system requires 5 TB of disk space to record 22 cameras at 5fps. At roughly 40 grand for a system, its not cheap.
my UID is Prime. It makes me special.
Disclaimer: I'm an engineer who develops video cameras.
I kind of hate to turn this into a shameless plug, but my company has been developing exactly what you need. We've got a linux-based network camera which would be perfect for your application. Google Ingenient Technologies.
Okay, now here's the problem: We are an engineering firm - we sell the reference design to other companies which actually manufacture and market the hardware. However, we might be able to work something out with an intermediary company if the order was large enough.
The society for a thought-free internet welcomes you.
Why on earth can't they run virus software? Switch off packet sniffing, shore up the firewall, but get antivirus software on those. If you're saying it's too much of a performance penalty, that's a bit hard to believe. If that's the case your hardware is just too slow anyway. The hard drives should probably SATA, but if a virus scan is bogging it down I venture to guess you're using slow IDE drives. Big mistake. Linux isn't going to be all that much more secure if you can't even make a baseline investment in the system.
www.blueapples.org
I personally run 50 IP cameras (Axis) to 5 Xserve DP G5s.
They all dump their data to dual XServe RAIDs (located in separate parts of the building for physcial separation) using XSan (with 1 XServe as a XSan controller), page me via an email when a camera should not be going off at night of the picture, run scripts that write out formatted logs for motion activity.
It took about 4 months to get everything running smoothly - camera settings, getting enough machines to do the work, compression levels that were sufficient for us... but it works fine.
We can even control the PTZ cameras from anywhere when we tunnel into our network.
You need a lot of horsepower to make this happen - you need lots of ram and you need disk drives running plenty fast.
If you're going to use 640x480x30fps, you are going to only be doing 3 cameras per Mac. maybe you could get away with more if you were using a quad G5 desktop instead of an XServe, but we don't need that much horsepower because only a few cameras are set to high resolution - and even those are set to low FPS (for capturing faces at the doors).
If money is not the object - then you need someone that knows Applescript, you need some freaking hard drives, and you need a lot of computer power... Security Spy (Ben lives in England, he's not elusive, i get email from him all the time, and he's even called me a few times) is plenty industrial for what i need.
guns kill people like spoons make Rosie O'Donnell fat.
We are upgrading from DX8000 to Honeywell fusion units at my workplace. They are linux based.
I am an electronic security professional, and our favorite DVR is the DigiEye, made in Italy by SYAC and non-Windows based. It runs about $12,000. It has a great motion detection interface, including directional motion detection, and good, secure remote viewing options. It is very stable and has very good resolution. Highly recomended!
If your client trusts in your expertise well enough to ask this question, and you've led them on by pretending to know what you're doing (we can deduce this based on your need to post a question to "Ask Slashdot"), maybe you ought to save yourself from the forthcoming embarassment and step down from this project?
It's OK to say "I don't know".
As a Mfr.'s Rep, naturally I'm going to push a specific product. It has been mentioned here before, and with good reason. The Bosch Divar is probably the closest thing to what you are looking for. They run as a completely embedded system, and are thus (as you note) less prone to viruses. They also allow for easy spanning of locations, while allowing for centralized management. The other recommended option might be something like the philips netcam, which would allow you to implement using (perhaps existing) IP networks. We rep in the Midwest (Based near Chicago), so drop a reply if you're interested.
"Perennially barely legal"
Check out VBrick Systems. They make some cool encoders, some with built-in hard drives for recording. They also have software that can record from these streams (but it runs on Windoze - the actual "bricks" run a Unix-based embedded OS).
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
My company deploys Linux-powered DVRs all the time. They are basically bulletproof: embedded RHL-based systems running on commodity PC hardware. These things have zero downtime, have virtually no risk of hacking since they are embedded, and are very inexpensive to deploy. There is a company called Neon which puts together pre-configured PROMs, you just plug them into an IDE chain on a system which meets specs and you're good to go. These things are more like an appliance when they're setup than a computer, so there's not much margin for error. In fact there's no good reason I can think of to run a Windows DVR at all.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Linux Media Labs designs, makes, and markets multi channel unencoded and single channel hardware MPEG4 encoding boards. They offer a "clustered" video recording system with thousands of channels and advertise consulting services.
I have never dealt with them, but I think they this company is a husband and wife who make their own boards (which are only supported with Linux).
Also, check out their customer list! I'd like to know out what kind of work they did for companies like boeing, sun, nasa, google, lanl and mit.
First, if you havn't already you should head on over to www.cctvforum.com . It's not Linux focused but there are lots of folks there who know their DVRs.
Second, there are several "Linux on a DOM" solutions and I think one of the more popular is called VPON.
Third, are you sure you really want a PC based DVR rather than a dedicated solution. Many of the dedicated dvrs run Linux and even the ones that run Windows have striped it down to the point where it should be pretty safe.
Good Luck.
The Pelco DVR is a decent machine, and your company has invested a LOT of money in them. I work with them, so I know they're not cheap. Far, far more cost-effective would be to buy a case lot of inexpensive firewall routers that do NAT. You can configure them before shipping them out. If you buy all the same type you can just configure the first one, save the config to a file, and then just import that config to the rest of them. If you're going to buy new Linux DVRs that's going to be a huge expense in hardware. If you plan on putting Linux and a DVR app on the Pelco machines you're talking about a huge expense in manpower. Either way, it would be far more expensive than buying even a top of the line Cisco firewall/router for the site.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
I can't help but frown with chagrin when the OP originally asks for a non-Windows based solution to his problem, and from scanning the top-moderated responses, all the best answers are still Windows-based solutions. The best solutions involve adding additional hardware (e.g.: firewall router) to protect the travesty of a worm/virus nest that is the Windows operating system.
I searched for a similar solution last year when I went on vacation to set up a webcam in my home to "keep an eye on things" remotely, but gave up when I couldn't find something I could easily host via my Mac or a Linux partition on one of my PCs. Looks like the state of video servers on Linux/Mac has not advanced much since that time.
Seems to me the Linux market is ripe for remotely managed-type low end PC applications for just this kind of thing, with a great advantage over Windows-based solutions.
I install these systems for a living, and I have yet to see a system be infected by a virus. That being said I think it is a posibility. The bigger problem that I see wih many of these systems is that they are runing Window XP Embeded and as a result have many of the problems a typical Windows machine faces, and many of these problems can not be fix in the traditional way with out voiding the Waranty. You would be surprised as to how many times I've been called in to fix some ones DVR because some drivers locked up. I've also come across many other DVRs that have been pluged into the local network and have no firewall protection from any of the other computers on the network should they become vulnerable to viruses or Malware. Clients often don't un derstand the need for extra like this, and your average router will leave the DVR totaly open to all other computers on the local network. Setting up a seperate network with a seperate internet connection is rarly something that a client wants to pay for eather. Many of the lower end systems with 4 to 9 inputs have thier own OS, but all the high end systems these days are just windows embeded machines, most still have solitare on them, running IIS servers to stream the video to IE, (needs Active X.) I have asked many of our distributors if there is a linux or unix based DVR out there, only to have them look at me like I was crazy. But then having a system that is Vulnerable to all the things a typical windows system is, with out being able to fix it the way an admin normaly would, helps to sell those expensive waranties I guess.
Can I assume these machine are running either Win2k or WinXP?
If they are, read up on IPSEC. If not, bless your heart.
You can set a IPSEC policy on all of these machines that will make them require require authentication in order to communicate with each other and/or the servers they talk to. You can use, Kerberos (domain required for Kerberos. It's probably not for you), Certificate, or a shared key as the authentication mechanism. This will keep any foreign machines from connecting to and infecting your obviously un-patched/unsecured boxes. Shared key would be the most flexible, as any Windows 2k/XP/2k3 box could be set up to connect to the machines with very little hassle. Shared key is not the most secure method, but it would be good enough to stop nasties and script kids in their tracks.
This is all built into Windows, it's fairly easy to configure, and as long as your doing authentication only the overhead should be minimal.
I'm sorry I can't recommend a Linux solution to you, but it sounds like you've got much bigger problems than Windows, and that if you did move to a Linux solution, those machines would probably be owned in time anyway.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
My company runs 2 Pelco DX7000s, 26 cameras in total. i'm not sure what you mean when you say "their Pelco PC DVR's are hubs for viruses". i dont think we've ever had any sort of virus on either of our systems...
I set up a system for a building contractor where they were being raided every once in a while. I used SBC's and webcams that save the video over the network to a server, all linux, ports configurable to whatever you desire.
The only "extra" software I used was motion, which is easily installable on a debian GNU/Linux box (and probably others as well).
http://www.adpro.com.au/
I drink to make other people interesting!
uhm, just set up VPN end points. The linksys ones are pretty easy to set up--even for complete newbs.
Since you know the "allowed" type of traffic, put a proxy in front of them. Have the proxy only pass "approved" in and outbound types of traffic. Anything else just gets dropped.
TIVO is a DVR and it's linux based. I know that there was some open source stuff out there for a while, but it was missing a sufficient amount of proprietary code that no one was ever able to get it working. You might be able to do something with the Myth TV stuff, but that's more of PVR than DVR.
Frankly, I think that the issue here is that you 1) need disk space and 2) need some kind of a codec to decipher the output from the cameras & write it to disk and 3) take the info that's written to disk and stream it back across the internet.
Now, MPEG or a series of still images is the obvious codec since it's pretty much a "lowest common denominator". If you decide to do still, keep in mind that the human eye sees at 6 frames per second. Have the cameras record to the HDD. If you run linux, it's trivial to set up a web server that requires authentication to view the video.
Most cameras will do it. Many offer some nice features like night vision, IR, or automated motion tracking. It all depends on your budget. You can get the built into smoke detectors, clocks, stuffed animals, wall art, or most anything else you can name. They come in every size from the big black obnoxious balls all the way down to things that no bigger than a tube of lipstick. Don't let the size fool you, some of the smaller ones have features like wide-angle or high resolution.
2 cents,
Queen B
HDGary secures my bank
Not too long ago, we were looking at a similar solution to our DVR problems.
http://www.sonerik.com/linux.asp
There hasn't been a purchase yet, but we have been looking at the solution mentioned above.
www.capturecctv.com. Look at the SDR / XDR series. They are good linux DVRs. If you think that a Windows based DVR's are all that's out there you should get out of the business.
These things want plain old P4 Gigabyte motherboards with a few hundred megs of DDR, very affordable rigs and no Linux experience necessary. There's a pretty GUI on the DVR end if you choose to put a head on it, and there's a remote web interface from which you can watch & control feed in-browser. Here's a few screenshots for you on the client end:
#1 #2 #3
These particular units are limited to 16 cameras per unit, but there are higher-end DVRs which are very similar that scale higher if 'modular' isn't your bag. But these things work well. In fact, the first time I deployed one of these we put somebody away for a long time (3 strikes law) with footage from one of these DVRs, and that was before the building was even inhabited.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
Clarity Vi runs some nice systems which do the background compression, face/activity detection, and other cool things which make it much nicer to go through the footage you get. I believe they run on linux machines. I'd check them out.
Skyway Security
Star Dot Technologies
Big thing to watch for is insist on seeing a simularly sized system to what you want in operation before you sign anything. When you are running the system, do a lot of browser backs. Interupt it in the middle of things. Bring up six live views at once.
Watch for systems that have to have componets reset/restarted. Computers, cameras, hubs, things like that. Insist on references, and check them. (Good idea for anything, really.)
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
As an strong Linux user (Gentoo servers RULE) and typing this on a PowerBook G4 I can tell you there really very few alternative to Windows based DVRs. There are several Linux on chip based systems that I have details on at the office and I will try and post details tommorow. Personally I love Milestone software with IP cameras, I sell it and find it needs almost zero support if installed correctly. No customer has ever had a server failure to my knowledge do to outside influences like viruses. I do agree that it is essential to have a minimum of third party software running on systems like these though. Look at the link in my Sig if you are interested.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
Wouldn't "port knocking" be an avenue to investigate here?
Once I was a four stone apology. Now I am two separate gorillas.
I suggest that you contact Axis. http://www.axis.com/ They are very Linux friendly. Call them up and explain your needs to them. They can most likely point you to a Linux based DVR.
This is a great field to be in.
http://www.rayn.net . Funny. Stuff.
My first questions is, are you planning on replacing the entire system used, not only client/server but also camaras? My guess is that the camaras connect to a hub of sorts that then simply transfer the softare to a server, the server runs a web server with specific software that lets you view the incomming video/audio from the different locations.
If this was your situation then the camaras wouldnt need any type of computers or firewalls. If this isnt the solution you are using then your entire install was flawed from the get go.
Heres an example of what I am talking about, no computer per location, simply connect cables to hub and camara and your done.
Again if this isn't the type of solution you are using, and each location has a PC thats use, it's all ready flawed, with a system thats "hundreds world wide" the person who setup it up if not all ready should be fired.
If what your talking about is on the "server side" meaning not a deployed location, then you can really use any type of PC you want, since most modern and sane setups will only be accessable from a browser or remote connection. No specific ports need to be open besides 80 then.
There is TONS of information about this online, look up IP camaras online, if the company is willing to let you switch over hundreds of locations world wide to use linux then your better off saving the money on install times and just do it right this time.
TruePunk | Games
"Spoofing"
Because the internet is full of people whose belief in their own leet skillz outweighs their mundane social skills.
Maybe this software can help you:
http://www.zoneminder.com/
Serge
We are producing a linux based NVR unit, it acts as a "proxy" server with recording. You can use any kind of IP camera on the inside, and have a axis compatible http interface on the outside. It,s secure to put on the internet, can do many types of recording, and we resell it as a hardware component. The smalest unit uses a 1ghz C3 cpu, and can do around 50Mbit live video, recoding and playback at the same time. If you need more speed, the large unit does ~500Mbit, over that you can do master/slave setups. You can add 512 cameras as sources (more with master/slave), and buy licenses for each recording you want. You can also use one unit as a source to another, so you can have on unit at the mainoffice where all cameras are present, organized in groups with different user access profiles. So for this setup, use a iRecord-100 at each location instead of the pelco, connect analog cameras to the network with axis 241s,240q,241q boxes and in the future, use ip cameras directly. You can use the axis boxes to trigger alarm recordings to, with motiondetect if you want. The main office only need a 100 unit to start (512 cameras), if you need more performance or more than 512 you need to upgrade to a 500 unit).
We have a demo system (currently offline due to isp swtiching connection) where I can give you an account, this has cameras from different locations and also from other iRecord systems. Out homepage is being rebuilt, not much good info about the product, but here we go. http://www.i-solutions.se/
I do like to see any solutions that keep Windows shut, but:
> require internet inbound/outbound traffic through specific ports
You don't write too much about why you need internet traffic, but I guess it's just needed to provide remote access to the cameras and to store the images somewhere.
To mee this sounds as if you'd need a VPN to connect all your equipment together and to keeping it completely separated from the internet.
k2r.
There are a lot of video surveillance systems out there that have a lot of solid field testing. Many of these systems are used in incredibly sensitive applications where security is literally a life and death issue. Honestly, if security is your biggest issue, then going with proven systems from companies who cater to mission critical video surveillance is you best way to go, no matter what OS they happen to use.
/. and fish around for people to tell you the whole thing can be done with some webcams and an Apache server. You will just end up making a very large headache for yourself and your customer.
This whole post smacks to me of trying to prove something can be done on a non-windows platform, just to prove it, and not because it in any way benefits the customer. There is an entire industry that does nothing but make cameras and servers for mission critical video, and to my knowledge they almost all use either Windows, or proprietary analog systems. If you really want to serve your customer, talk to those companies, and find out what they can do to service your contract. Don't get on
Also, if you close all the ports (except the ones the video streams need), move the video streams over to non-standard ports, and make sure no one runs any software other than the video software, then you will not get viruses on the machine, and are highly unlikely to get any worms. It is that simple. All the Windows vulnerabilities in the world won't be able to magically let traffic in through a closed port on your firewall. If the video server won't let you change the communication ports, you can always setup port forwarding at both ends of the connection, so that to the outside world you will be using different ports.
All of this said, have you tried talking to CoVi Technologies? Their system is Windows based, but I have worked with them in the past, and they are some pretty smart guys, with a good background in network distributed video, focused specifically on sensitive digital video applications.
This may work for you. http://www.zoneminder.com/
Changing OS to avoid security worries is an easy answer, but ultimately one that may prove fruitless. Yes, there are some residual issues with Windows, that other systems improve on, but they can ALL be affected by security issues.
Rather than just think about switching OS, you really need to think about the overall system design. For example, why can't you run AntiVirus software? I can see why it might cause a problem for recording, but then recording should be done on at least a separate partition, if not an entirely different disk, and you can exclude the area you record on to from virus scanning. You would also want to rely mostly on the 'on-access' scanning, and if scheduled scans would be needed or desired, there could (should) be redundant systems that rotate active use, so that the scan can complete without affecting 'live' system resources.
As I said, security (and reliability) problems can occur on ANY platform - you need to incorporate defensive planning and/or isolation to your systems, not just pretend that they won't exist by switching OS.
there's a huge number of safety-critical medical systems based on windows. this is not a problem at all, provided you take proper precautions - isolate machines where appropriate, ensure they're secure - etc.
speaking as someone who does this for a living, if you don't know what a 510 is, you shouldn't be messing with stuff you don't understand as when you get audited it'll be *you* they come looking for with burning torches...
1) it's perfectly possible to secure windows in such a way as to run a webserver. this is common sense
2) it would appear that the whole problem is he's got port 80 open (i.e. running a webserver) and is getting hosed by the usual exploits for IIS etc.
3) what he needs to do is clean the system, patch the system and *then* connect it back to the internet with appropriate hardening
4) profit
"These systems cannot run anti-virus software at the same time they record "
/any/ OS) is to patch (and you can probably help out by e.g. ensuring that you use processors with non-exec page protection). Switching to some other platform will not remove the need to patch.
Rubbish.
AV software should impose zero overhead on the recording process, because AV software should not be scanning the (presumably large) data files produced by the recording. All online scanners I'm aware of let you choose between scanning only executables, all files, or user-specified extensions. Use this feature ffs.
And viruses don't just get onto a computer. Viruses get onto computers through improper user behaviour (namely, users running viruses). An online scanner can be effective against this (user education even more so, as well as telling people to stop running arbitrary programs on the recording computers...). Worms can get in through open ports, but the answer to that (on
IOW, do your job and stop blaming the OS.
Cognito is quite a compregensive Video Surveilance system with access control and other biometric functions built in... check it out.
I'm trying to push for it to go GPL, but it's a hard fight.
I wrote most of the system, and it's quite a powerful package... nice to play with iff you like Linux.
The front-ends are windows-only unfortunately... no Mac presence in my coiuntry so no Mac version. (Although I own a Mac)
Changing hardware on a Windows system is a dicey proposition at best. It's very typical to see Windows barf after spending 20 minutes at a "New Hardware Found" prompt and three reboots before bombing into uselessness.
This is bollocks, pure and simple. If you know what you're doing you can slipstream whatever drivers and patches you want into a Windows install: one reboot at the end and you're done. Takes me about 15 mins to crank out corporate images here for any of our hardware, and during that time the only interaction needed from me is to type in the asset tag of the PC.
http://freshmeat.net/search/?q=surveillance§io n=projects&Go.x=0&Go.y=0
I have just set up a Debian GNU/Linux based DVR system on commodity hardware for a London based construction firm. This was just one machine with eight inputs nowhere near the scale you are working with, however my experiences may be of interest. I used one of the clients existing Pentium 3 fileservers and standard video cameras connected to two IEI IVC-200 capture cards. The base system is Debian testing running motion and apache2.
Some of the replies you have here suggest Zoneminder is suited to a production environment, this is not my experience. Zoneminder is difficult to install, unreliable and over complicated. I'm sure in time the project will mature, however I could not recommend it at this time. Motion offers less functionality but is much easier to install and is reliable. You will have to write you own start and stop scripts as well as web pages to display pictures and video. You will also need to write scripts to periodically archive any video saved on hard disk. None of this should present any problems for a good GNU/Linux administrator. As you seem to have a large number of similar systems you would only need to write one set of scripts and replicate them on each system.
If I were in your situation I would try and use as much of your existing hardware as possible. I assume that you are running a single machine at a variety of remote sites. From a cursory look at the Pelco site the systems you have are standard hardware, and should run GNU/Linux fine. You may find that the capture cards that Pelco provide are not supported so you may need to replace these. If most of your hardware is the same then you can configure just one machine and replicate this on the other machines. Motion supports differing camera resolutions, video/still capture and motion sensing. The motion homepage is at http://www.lavrsen.dk/twiki/bin/view/Motion/WebHom e. If you need strong security GNU/Linux provides you with many options. You can easily verify the suitability of this approach at low cost on a small scale.
If you need any further help contact the company I work for Sirius IT http://www.siriusit.co.uk/. Sirius has good contacts with the free software community and may be able to provide further help.
Steve
I am assuming from your comments that the cameras are analog NTSC, and need to be controlled with D, P, or coaxitron protocols, and the DVR is running a server app for remote monitoring and control. Get a hardware firewall and only allow inbound connections from your secured client machines.
I used to work for a security company selling DVR kit. I was responsible for building the DVR boxes and configuring them with DVR software (huperLabs running on WinXP). Your fear that by opening some select ports to enable remote clients to view live DVR footage (and presumably operate the archive etc.) will cause a security hole is unfounded.
h tml).
Simply opening ports does not in itself cause a security problem. You need to have a program listening on that port which is vulnerable to an exploit. Therefore, the only way you can realisticly be vulnerable to "viruses and worms" is if a cracker has specifically written a worm/virus that targets your DVR software, which is unlikely. Furthermore, running a linux DVR solution does not protect you from this scenario either (perhaps it does slightly in that you may be able to run the DVR software as an unprivilleged user thus limiting the scope of an exploit).
Some things you can do to enhance security on a Windows based DVR platform:
1). Firewall off all the ports except the ones required by the DVR software.
2). Change the ports the DVR software uses (i.e. don't use defaults).
3). Set the DVR software up so that it runs under a normal windows user account (i.e. no administrative privellegese). If the software requires Admin privs to run then consider using something like Emco RunAs Professional (http://www.emco.is/run_as_professional/features.
4). Disable USB on the DVR box.
5). Remove any CD/DVD drives.
6). Password protect the BIOS.
This should protect the DVR unit from most software and physical attacks.
The company I work for also uses the Pelco DX8000 DVRs. I did some research on Pelco's site, and here: http://www.pelco.com/products/default.aspx?id=315 under the Documentation you can find a couple of PDFs about installing and running antivirus software (McAffee and Symantec). I am also making the sugestion to my director to run one of these (one DVR was taken out about a month ago by a worm or virus).
We have one of these.
d ware/BMS.pdf
The server sits on a little 1U server and sucks video over IP from Axis cameras deployed wherever. The little Axis boxes run embedded Linux, and I think the server itself runs off a bootable LiveCD (I haven't really rebooted it much to check).
http://www.axis.com/
http://www.axis.com/adp_cd/adp_cd8/companies/broa
Too many postings to sift through, but the documentation states that the system uses Windows 2000 as its OS.
Show me packet captures and log entires, or it never happened.
Magal Dreambox.
Enjoy.
Not that hard to find.. a quick search will do it.
A ction=VIEWPROD&ProdID=334&MMP=1
http://www.aaasecurityproducts.com/index.asp?Page
far...out
Hi
I work for a company called Bewator, on their technical support
(www.bewator.co.uk)
we 'manufacture' 3 DVR's that are based on embedded Linux (we also do windows DVR's too!)
the Eventys Lite 4,8 and 16 way units
of the three, the 4 and 8 way are superior in terms of frame rate,
all however allow remote network access through internet explorer / activex
have a look, or call us on
0044 1633 821000
I'm dean on video technical, nothing to do with sales or anything, just trying to be helpful (and get some brownie points too!)
http://rock2000.com/Company/EverFocus/PowerPlex_ED R1600.htm
It also comes in a 400 model w/ only 4 camera inputs... but that's the version I use.
Works like a champ and I just monitor it on occasion to make sure it's running properly.
Try us: http://www.steelbox.com
We created an NVR (Networked Video Recorder) from the ground up that supports up to 1.5 Gigabytes of throughput on both ATM and IP networks. We support Motion JPEG, MPEG-2, MPEG-4, and unlimited storage (both space and archive time).
Please take a look at www.wavestore.com. This is one of the most powerful and flexible DVR systems around, in addition to having Linux O/S. It was designed for massive storage and networking, and is very friendly to drive. We have just upgraded the software to take IP cameras as well as analog. It is a system that when installed and regularly upgraded with ever-devloping software features should last a decade or more. It can be viewed and operated from either Windows or Linux client PC's, even Mac's. There is a suite of high-level software for adding special screens, maps, and so forth. Screen languages such as Turkish, Italian, Japanese, French, Spanish can be easily selected, and multiple viewers can all work in their chosen languages. Lip-synch audio is standard, even when recording video at low rates (e.g. 7 ips, instead of 30ips). We currently build product in UK, Italy, Brazil, Turkey, and the US. Our sales number is +44 20 8756 5480. Myself or Jay can be contacted by cell on +44 7710 620830, or +44 7968 003912. Regards, Roger Isaacson.
I don't have any great amount of experience with their products, but you might want to check out a piece of software called SecuritySpy. It's for Mac OS X, supports multiple cameras (both locally connected and over IP) and it will do motion detection and automatic webserving/uploading. So you can use as the actual "security system" itself, or incorporate it into a greater system.
http://www.securityspy.com/
I do not think though that it will control the pan/tilt fuctions of the more sophisticated webcams, however. I could be wrong on that, it's worth checking, but I think in order to do that you need to connect to the camera's IP address with a web browser, there's not really any standard 'camera control interface' that you could write software for (or if there is, it doesn't seem like the manufacturers are using it).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Verint makes a NetDVR and NetDVRII.
As an engineer that worked for them, the NetDVR works extremely well, but in proprietary formats. The NetDVRII works almost as well, but it is more for supporting Verint's IP cameras and higher framerates. They were not done that IP camera integration when I worked there, but the framerates are there. NetDVRII is the future, it looks long and bright.
It's a 1U rack mount unit and supports 4 drives of any size. Each unit supports 16 CCTV cameras.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Hello, I have a multi-site, multi-user system, based on OSX that can handle as many cameras as your connection bandwidth allows. Current testing has 30+ cameras spread over 4 sites. Includes web-based real-time viewing, rotation between video channels & sites, using all Apple Hardware. Modular design means that hundreds of cameras are possible - all with real time viewing (though not full motion video). Programming is a combination of monolithic (aka c++) programming, and web-based application in Java/Tomcat. I can send you screen shots of the sample sites, but won't give out their addresses, because I cannot afford them to get "slashdotted" (since they're using the same connection for a FM based labeling system). Our website is not up yet, so queries need to be sent to my address: jollyprez at mac dot com
I use a Fortigate firewall and they are amazing. I can't recommend them enough. The antivirus running on the servers and clients is almost redundant and it only catches spyware and adware. Viruses never make it through the Fortigate.
http://www.fortinet.com/
Have a look at zoneminder. It may or may not meet your needs. I've only used it with two rather crappy IP cameras at once. I'm currently using it with an IP camera at the wrong end of an ADSL link and the monitoring server remote. It works for me, and I've barely touched it. Lots of development, lots of features, lots of (professional) users.
"It supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a Linux system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols."
Not affiliated in any way, but I *am* about to cut a cheque as a donation because this very morning the alarm monitoring centre called me saying that the (professionally installed, approved) alarm had triggered. I can see from zoneminder that nothing's happened, so I'm not going to panic. Otherwise I'd be racing a 100 miles to check up.
Border Collie Systems produces a Linux-based IP camera DVR system. It uses Apache Tomcat to power a web-based interface. Client-side Javascript is used to display up to 4 cameras on a single web page. My father is in the security business and has installed a few of these for some colleges. So far they have performed quite well. Check them out.
We have a DVR based on a Linux DOM (Disk on module) that on top of being linux, does a fresh install on every bootup. We call it the LE Series, and it is quite affordable, and should have no problem controlling any Pelco PTZs you have connected to the system. Contact me at mike(AT)cctvsentry.com if I can help in any way.
Mean what you say...say what you mean.
And get a decent f/w system and rules in place in front of the central server and at each location (internet connection) to which you have IP cameras installed.
Deny all traffic to the server except for the IP addresses and ports of the remote cameras.
We have been using a Pelco system in this manner with remote cameras on 2 continents for 3 years without incident of virus or trojan or crash.
The thing you should be worried about with Pelco cameras is the bandwidth usage at night with minimal lighting combined with lower bandwidth video settings. The compression method used can leave artifacts and this compression appears to be done before the "movement comparison" stage where the camera decides to send a new frame. At night with low light levels this causes black level banding and other dotting artifacts to appear. The movement comparison routines see this as... you guessed it MOVEMENT. This result in higher bandwidth usage at night. Our solution? Turn on the lights.
Stick with Pelco.
I am pro-lifechoice.
If you want a robust Linux based DVR try www.marchnetworks.com
Check out ZoneMinder, http://www.zoneminder.com/ - I'm also a 1 man IT department for a small office - a medical office, in my case. We've established a 5 camera system, using plain ole CCTV cameras (if you time it well, you can pick up fairly good quality CCTV dome cameras on eBay for $25 each) that we ran coax to. The coax then all runs back to a Linux server running ZoneMinder, which supports most network cameras as well as any device video4linux will support - webcams, capture cards, etc.
Our biggest problem has been finding capture cards that support Linux at reasonable prices. Most of the fancy 4, 8 or 16 input cards out there don't seem to have Linux drivers available.
I'd say ZoneMinder is the best F/OSS solution I've seen for DVR systems so far. It has many different modes, including (IMO the most useful mode) record-on-motion-detect, where it analyzes each frame for motion and only records when motion occurs. You can define different zones within each camera's view and assign them to different types - never alarm, always alarm, only alarm if another zone is alarming, etc. It appears the author is even working towards some type of adaptive system where the software can 'learn' what is an interesting event and what's just a false positive.
RHES has iptables turned on by default. Are you saying you turn it off?
Hi,
I work for a company (shameless plug, sorry) that specialises in IP network video surveillance: IndigoVision
Most of our product line is based on embedded Linux. We provide video transmitter boxes (or racks) that encode video from standard analog cameras (including Pelco PTZ) into MPEG-4. This is then recorded on either an embedded Linux Networked Video Recorder or on a suitably configured Windows server. All of our Linux boxes have built in iptables firewalls so you can restrict access to the devices in any way you choose. We also have state of the art Windows based Control Center software to control and monitor the solution.
The technology is very secure and many of our customers use it for internet based security monitoring. It also scales to very large installations...one of our partners used our products to provide CCTV coverage for the Winter Olympics in Torino which required several thousand video transmitters.
I can fully appreciate why Pelco don't recommend using anti-virus software on machines that record video. We don't recommend that either for our Windows based solution. The amount of data flowing through the system can be immense and virus-scanners are really not suited to the load (even if you exclude the actual video store). However you can do a *LOT* to avoid security problems on Windows by locking down the system as per Microsofts guidelines and running the video recorder software as a low privilege network service. Also avoiding the use of potentially vulnerable protocols like DCOM is a good idea too (we have our own cross-platform security audited protocols).
That said I do like our Embedded Linux servers. Very hassle free and almost nothing to manage...
hope this helps,
Dave
You can always try using DVR appliances instead of standard computers running Windows or Linux. Most of these appliances now have network interfaces that allow you to access the video remotely from the Internet.
Browse the Information Directory
It's not that easy, there is a download required for Windows 2000 and pre-SP2 XP machines. See the MS help article on it.
This post is acronym laden, so I've spelled out the meanings in most cases.
First off, there is an alternative to IPSec that also ships with Windows - PPP/PPTP (Point-to-Point [Tunneling] Protocol), but since I'm nearly unfamiliar with it, I'll let others discuss it, if necessary.
Firewall ports need to be opened for UDP 50 (ESP - Encapsulating Security Payload) and 500 (ISAKMP - ISA's Key Management Protocol, sometimes also called IKE - Internet Key Exchange) and if there's NAT (Network Address Translation) transversal anywhere in the system (i.e. any routers that redirect traffic to the 192.168.x.x or 10.x.x.x "internal use" domains such as those used by DHCP clients [including wireless]), you will also need UDP port 4500 (ipsec NAT-T).
I'm not sure if MS uses AH (Authentication Header) or just re-encapsulates at the firewall, but judging by their web page, I doubt it's a problem. In a nutshell, AH was designed by IPv6 people that think NAT is an unnecessary evil and that all machines need to be uniquely identified. In some ways their ideals are good (security guarantees the originating host), but I think the world is getting too paranoid about "Big Brother" for this to be realistic (all items downloaded can be uniquely identified to a machine - nice for the feds, bad for privacy). Basically, AH breaks at the router in NAT. The router repackages the packet to the real host outside the firewall and AH identifies the packet as tampered with. There are workarounds to this, but I don't believe the discussion is necessary.
You're also making the big assumption that these people are computer literate, as well, and judging by the post and their choice of hardware, I'm assuming not (Pelco is supposed to be easy to use - heck, my ex-boss's computer illiterate husband used one for security at her home, though she was somewhat computer literate [if you count Excel/Powerpoint goddess as computer literate]). Detailed instructions on the step-by-step requirements or more likely, a setup program to install and configure this will be required.
There are several free Linux software projects which might or might not what you are looking for. The first thing that comes to mind is something called ZoneMinder which, if I am not mistaken, is a Linux home security sytem which uses remote wireless Internet cameras.
Then there is also the well known Myth TV project which among other things is mainly used by people who bouild their own Personal Video Recorders(PVR). Myth TV supports both HDTV, NTFS and possbly also some other video broadcast standards.
A third possiblility that comes to mind is VLC which is a cross-platform media player and streaming server.
And then there are various other video related programs for Linux such as TvTime the televison application, or MPlayer the movie player. Concievably even something like the Ekiga (formerly known as GnomeNetMeeting) might be relevant. Ekiga supports Full-Screen Videoconferencing. Ekiga supports Video4Linux and Firewire Cameras Support through plugins.
I have not taken the time to try to read what you had to say carefully enough to know for sure what your needs are, these is just what quickly came to mind. It may or may not be what you are looking for. I have used Linux as the desktop operating system for my two home computers for the last 6 years. I have never actually tried out most of the software that I mentions. The fun part of using Linux is that there are hundreds of great free Linux programs to download and tryout. A person could spend years trying out all the free Linux software.Many Linux video projects seem to be built building block fashion, using other previously written free Linux software, as dependencies. In many cases there are also various other free video projects which are sometimes just user friendly front ends for other free video software. I could not even begin to list all of those free Linux software projects for video and other things.
By the way, Linux has never had virus problems but, even so, there are free anti-virus programs available for Linux. The one that I use is Clam Anti-virus. There are also several good free firewalls avilable for Linux which allow you to control which IP ports are open or closed. There is one other interesting video project which is interesting but, probably not what you are looking for is the free movie studio in a Linux box.
I hope that something that I mentioned might be usesful. You can then decide if Linux is really what you want or not. I personally like it anyway.
www.indigovision.com
You can buy a complete security system that records your MPEG4 video on networked video recorders (NVR). These machines are based on embedded linux.
They delivered the surveillance to the Winter Olympics.
The cleaning crew in my office had a knack for knocking over my plants, so I bought a cheap USB webcam on ebay for $15 and a USB extension cable, and used some double-sided tape to stick it to the wall. I installed MVC on the machine for motion detection. The problem was solved, no more broken plants.
Well, because the task I desire (avoiding broken plants) is accomplished, I rarely even look at the images - sometimes not for months. But there have been two thefts in the company, and both times, the thief happened to walk down the walkway where my camera is, so I got pictures of them.
Where am I going with this? Just yesterday, I was speaking with the building management, and they brought up the camera - they saw the pictures from one of the thefts, and said that the pictures looked better than most of the very-expensive security systems of other clients in their buildings.
Linux's V4L subsystem makes this sort of thing very easy - all you need is a camera with a V4L-compliant driver, and you're set - there are many packages out there which will take care of the rest. I mentioned that I'm using MVC, which is an old, low-feature application. At some point, when I'm bored, I'm going to switch over to Motion, which is much more full-featured.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
There are many things to consider in securing any network system and the posted comments reflect good network policies. IPSec must be on for the software client or web client to function on the DX8000 recorders. A Linux video recording device is not necessarily a better box, it depends on the robust nature of the software, hardware and network infrastructure and policies set along side it. Your issue is to provide video recording at numerous locations in a secure and reliable manner, hopefully something you can install and forget until you want to look at the live or recorded video. Home brewing a solution using open source is an option if you have the time to admin the system and the typical user can figure out how to use it, if not, get one that is already designed for that purpose. Understand how the system will be used and network security required to prevent unauthorized access and prevention of the millions of nasties that are waiting for vunerablities. Oh yes, Pelco has a Linux based recording system called Endura.
Panaosnic makes some real top-end camera/DVR solutions. The DVR unit itself (WJ-HD300A DVR Series) has a built-in 250GB hard drive but is expandable to 7.5TB externally. Each unit can handle 16 cameras. It will work with any camera capable of sending out a composite signal (through a BNC connector) but if you use the Panasonic cameras (WV-CS954) you get the added capability of being able to remotely pan, zoom and tilt through the web interface. They are pretty slick with great resolution. I set some up for a construction site so that the remote company managing the construction could monitor progress. They don't run Windows but rather a proprietary OS. Also, the only port you need open for viewing is port 80 as it all runs over a web interface.
DVR Security System That Isn't Based on Windows: The VistaPlex® system features a total network attached architecture which provides unattended recording, remote administration, remote viewing and remote operation. All VistaPlex® systems are designed with Ultra Resilient, Secure Embedded Technology. This makes VistaPlex® the most secure, stable and independent video surveillance system in the world. With literally thousands of cameras to monitor and maintain by CCTV Administrators our VistaPlex® systems can simplify camera - remote surveillance and maintenance with just a simple web browser. (No Software is required) The VistaPlex Digital Video Server is so secure you can put it out on a public IP and we guarantee it is 100% Hacker, Virus, Trojan proof. The VistaPlex System can record up to 30 Frames Per Second per camera up to 16 cameras. People who trust VistaPlex with their Video surveillance: Correctional facilities, Police departments, Banking Institutions, Casinos, College campuses and Fast food restaurants just to mention a few. Our operating system is based on Linux but it is our own OS that is proprietary. bhoweth@vistaplex.com