A DVR Security System That Isn't Based on Windows?

Brady J. Frey asks: "For months, I've had a client that has been looking for a Linux or Mac alternative for their DVR Security systems. They are a large Real Estate company with 200+ cameras world wide, and their Pelco PC DVR's are hubs for viruses. These systems cannot run anti-virus software at the same time they record -- but require internet inbound/outbound traffic through specific ports that leave some nice holes in the firewall for viruses to find their way in as needed. Yes, we could put up a server in front of each, or a router that has anti-virus built in, however this is not a cost effective method for a number of their locations. Therefore we are looking for alternatives. Any suggestions?" "We've tried looking at Ben's Security Spy for Mac, and running a Quicktime server, but it was not industrial enough for us and the developer has been elusive. We're looking at Endura by Pelco, but there's some questions unanswered for it.

What I want is a high end, professional DVR system for a large business that does not run Windows. Budget isn't really an issue at this point, since we are just looking for options.

To note, I'm hearing I could possibly do IP cameras, and host any ol' web server I want to download those files, but I have no clue as to how to control the cameras, or if this is really a possibility. Any advice or information is appreciated. If you are an expert in this industry, we may have a need for your services and would welcome that too!"

Viruses?

[spun]

Um, viruses don't just sneak in through open ports. Worms and trojans sneak in through exploits in programs running on those ports. Which exact ports are open? Look, I'm as big a linux zealot as the next guy, but this sounds like a scam. "See the, uhm, viruses are sneaking in through the, uhm, open ports in your windows. You need me to install all new Linux based stuff. See, linux doesn't have ports or windows, so the viruses can't sneak in!"

Really, wouldn't it be better to stick with a known system and, you know, do your job as a sysadmin by fixing any security holes?

$29 Firewall Routers are your Friends

[billstewart]

I can't tell from the original posting whether the client is trying to replace the hub site or protect the remotes or both, and I can't tell if the remote-site equipment is being used for other applications or only for the camera, which makes a *huge* difference in your threat model.

Basic firewall routers cost $29, and you can set them up to only allow connections from your headquarters location, or even to do IPSEC tunnels if your video application doesn't get into PMTU-discovery problems. Installing them at existing locations costs significantly more than $29, but for new locations it's just an extra couple of minutes to plug in the box when you're plugging in the camera.

Basic PCs cost $250, so if you need a headquarters firewall or IPSEC tunnel server, that's basically free - certainly less than you'd charge your client for the amount of time you're reading Slashdot responses \\\\\\\ \\\\ \\\\\\\ researching solutions. And you can run ClamAV on it to protect outgoing traffic.

If your remote sites are using the video box as a general-purpose PC to surf the net and read email, then you need to run an anti-virus application on it and either run a basic firewall box (wimpy, but a good start), or use the firewall to tunnel all your browsing traffic back to a server at headquarters, where you're running Squid and ClamAV and some decent Linux firewalling, and give them an email server that does some anti-virus and spam blocking and an email client that doesn't come from Microsoft. (If this weren't a real estate company, I'd recommend a text-only email system like Pine, but realistically your real estate people need to send pictures to their clients.) Another choice would be to run VNC, in one of its tighter forms, and run any applications on the headquarters server, wiht appropriate anti-virusing there.