Slashdot Mirror
Ask Slashdot: Security Monitoring Company That Accepts VPN Video Feeds?
mache writes: My cousin is finishing up a major remodel of his home in Houston and has installed video cameras for added security. At my suggestion, he wired up all the cameras to be on a separate VLAN that only uses wired Ethernet and has no WiFi access. Since the Houston police will only respond to security alarms if the monitoring company is viewing the crime in progress, he must arrange for the video feed to available to a security monitoring company. I told him that the feed should use VPN or some other encrypted tunneling technique as it travels the Internet to the monitoring company and we proceeded to try and find a company that supported those protocols. No one I have talked to understands the importance of securing a video feed and everyone so far blithely suggests that we just open a port on his home router. Its frustrating to see such willful ignorance about Internet security. Does anyone know of a security monitoring company that we can work with that has a clue?
There is a degree of understanding for why a security company might not want to use your VPN solution; if they have to monitor a lot of customers' cameras then they'd have to have a lot of different VPN clients running that might cause problems when the networks overlap private IP addresses.
Configure your firewall to allow their IP address range to port-translate to the NVR's IP and port(s). ACL-off your security VLAN from your user VLAN(s), and vice-versa, and allow only the correct ports through from your user network(s) to the NVR.
Do not look into laser with remaining eye.
If those companies want a port open on the router, can you lock the port to only the IP addresses that that company would be using?
That should be fairly standard on most of the firewall/routers available today.
VPN may be too heavy weight a solution. VPN is used when different sites [like branch offices of say a bank in a city] want to appear as though they are co-located in a single site. In this video surveillance use-case, it's just that you need to send the data one-way securely from point A to B. Just using an L7 secure TCP [like ssh tunneling] or using L3 IPsec like protocol should be sufficient. May be there are dedicated devices that do this.. or you may be able to run a script/software in the PC in the home which acts as a middle-man doing this tunneling and sending out of the data to the remote server. Of course the other end should be able to receive and do the necessary decryption.
No, he wants an encrypted tunnel to the security company. Not to a third-parrty proxy.
Why does "over a VPN" mean "indeterminate location"?
I used to connect to work via a VPN and it never happened that I was going "like, what's all this shit?". Well, the one time...
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
You and your cousin need to get a life and stop worrying about highly optimizing the design of security systems that have almost no practical value. The reality is for most users, 99.9% of the security value of their system mostly comes from the visual appearance of the camera as a deterrent factor.
I worked with a company called wink streaming that does exactly this, but there are countless... How is this a slashdot post?
Use 3g\4g cellular data.
Wires can be cut.
Why do you need for the alarm company to do something a certain way? Is it not good enough that they do it securely?
Uh, what? Do you have any clue about what you're asking? Do you think that not using a VPN provides any sort of guarantee about the source of a stream? It would be trivial to take video coming from Bumfuck, Egypt and forward it to the security company using my local IP if I wanted to do that. I'm not sure why I'd want to, even if I'm a nefarious blackhat, but it would certainly be simple to do.
What's wrong with a port forward?
Get them to tell you THEIR static IP, and only apply port forwarding from their address to your internal VLAN.
Problem solved.
Have to do it all the time for telephony, CCTV, remote software support, etc. I let them have a port-forward but only if:
a) they give me their source IP (I get the asked the same when I set up VPN's etc. anyway, so everyone does this!)
b) they only get one set of port-fowards to the internal system
c) I reserve the right to cut that connection off for 99.9% of the time until they actually NEED to do something. They ring me up, I open up JUST THAT PORT to JUST THAT IP, then they have to tell me when they are finished.
It makes it much easier to manage, to log, and to control your devices.
Nobody sensible opens up any port to the world unless they have a public-facing service on that port and have secured it properly (e.g. email, web, vpn). But "port-forward" does not mean you let the world into it.
And if the attackers know and can spoof the IP of your remote support, then you're in bigger trouble anyway! That's not the kind of attacker that you're going to be able to easily defend against. But with a plain port-forward, all they'll get (if you've done it properly) is into the VLAN and the cameras, not your systems.
And, guess what. The only device that traverses several VLANs should really be your gateway anyway. There's no point VLANning off and then having everything sit on all the VLANs. So you might as well just have the gateway port-forward and then all the config is on one device.
(Not only that, VPN setup like you suggest is a pain in the arse for most people anyway. If you have a hundred customers, with a hundred VPN's, it quickly becomes stupendous to put them all on 24/7, because of IP subnets stomping over each other and all sorts of confusions. That's before you get into the million-and-one variations of VPN and VPN settings and managing certs and credentials).
The utter and contemptible lack of security for IP security cameras is criminal. No camera or DVR should be accessible form teh internet and no video feed should traverse the internet without encryption. Yet, they all seem to do just that.
My Vera Edge Home Automation System - definitely not a security system - transfers video and all other data between it and the company's central servers within an SSH tunnel. This should be the industry standard.
I'm really hoping that we'll see some options in this thread.
Monitor your own system and call 911 if an alarm is triggered and you see a crime in progress on your camera. If you have the technical ability to set the system up, you surely have the ability to look at your smartphone and respond to an alert.
You should have the Axis security suite or find one of their partners to install it for you, then some company might take you seriously. Once you get that contract, you can specify anything you want and pay accordingly. I've done IPSec lines for some of their customers, but you could be paying $10k/year easily to maintain a few camera recordings which are totally useless in actual protection or prosecution (unless the cops get extremely lucky with an extremely dumb criminal, they won't be looking for that one person or even recognize them when they get arrested on another charge).
But for home or small business, this is laughable, your camera's won't do anything, they will barely be able to see any silhouettes especially at night (unless you buy a $1000 camera, the 100' IR LED cameras all wash out the image due to reflection within the housing, and yes, I have tried a number of them). Your city doesn't require any camera for monitoring by police. You do need a permit and so does your alarm company. Perhaps your alarm company told you that but they are just trying to up sell you their camera system. https://www.houstonburglaralar...
You can do a DIY alarm system with a cheap alarm monitoring service for ~$500 (Honeywell Vista with a few sensors and remotes) and $5-15/month for the monitoring service (wired or wireless). You could hook up ZoneMinder into your Honeywell as well with an RPi or whatever, but make sure you understand the false alarm fees your city levies. Some city codes also require you to hook up at least one wired CO and smoke detector if you do get a system so you should calculate all that in, other codes require wired CO and smoke detectors on every level during renovations.
Custom electronics and digital signage for your business: www.evcircuits.com
HTTPS with PFS should be good enough...
No need to go to the complication and hassle of a VPN.
Pick the provider you want. Then tell them if they want your business, they will comply with your terms.
VPN in modern slang times is generally used by people in one country trying to access restricted content in another (say copyright restrictions not allowing AU to view US shows on Hulu or something) or to obfuscate the original of the data being transmitted (dissident materiel or perhaps illegal to some extent material). The practical application of a VPN (secure tunneling access to a remote network like work access) seems to be forgotten by those using it for other reasons or the other reasons are more prevalent in certain circles that the reasoning doesn't flow as quickly.
I used to play a game online and people were constantly complaining about having to find a VPN. Turned out their ability to access the game came at a time there would be almost no one online in their country so they used a VPN to fake their location in an area where a lot of people would be online and had a better overall game experience. The game attempted to route you to servers in your time zone to prevent culture clashes and whatever which lead to a lot of boring sessions in odd hours evidently.
I certainly understand the need to secure the video, fully encrypted, of my home. But I'd be willing to have it unencrypted, and fully open in fact, during a break-in. It's a big call for help for anyone looking, and it really ought not be that often. And anyone whe'd stage a robbery to see the footage as recon for next time, well, that sounds foolish.
So, while not perfect, why not switch to unencrypted during alarm scenarios?
Others have pointed some of these things out but let me spell it out in big letters.
OP started out by telling the security company "I want a VPN." He then came to /. to say to us "where can I find someone that will do a VPN." /. world help you; don't state what you think the solution is and why nobody will do it. There's a good reason they won't -- it's the wrong answer.
The problem is that a VPN is the wrong tool. When you have a problem state the problem and let the
VPNs are used to link separate private networks across a different (public, non-private, or other private) network. That's not what OP needs here.
What OP needs is end to end encryption to ensure the camera video is visible only to the security company -- not the Internet at large.
Some suggestions have been floated by other posters above me, and to summarize they are as follows. Note that the first by itself won't encrypt but any two of these together gurantee both AUTHENTICATION and ENCRYPTION, which is what OP wants.
- IP source address filter. If the connection doesn't come from the security monitoring company it doesn't allow the connection.
- HTTPS encryption with authentication
- IPsec tunneling
E
Custom worthless crap?
Bwhahaha ... No security company wants to deal with some jackass that thinks they know all about it but was too fucking stupid to think about how it might interoperate before he started and now he's shocked that people have no interest in dealing with him when he walks in the door telling they run their business wrong?
You guys are a joke. You got all wrapped in vlans and no wifi that you forgot that protecting your home was the point ... I'm not sure if that was actually the point or if you guys just wanted to waste a fuckton of money. Your security system was a waste, deal with it
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Let's make a list of some of the things that people steal: Cash Phones Televisions Art Appliances Furniture You suggest the solution is to not own any of those things. No thanks, I actually like owning those things. But thanks for playing the blame the victim game. Can't wait for your solutions to the problems of rape and murder.
VPN != indeterminate location
You are misconstruing VPN with web anonymizing. Yes, you can anonymize your web viewing by using a VPN service that encrypts traffic between you and them and then goes out an unencrypted uplink the the Internet from there, but VPN services set themselves up to be that on purpose, not by the design of the VPN protocol. You can set up a VPN connection from any two points in the world and know exactly where they are. A VPN is an encrypted, private network tunnel between two IP addresses, that's all. It allows for secure communication between the two ends of the VPN connection. Where the packets go after that is up to the ends on either side.
That is what authentication is for. If you hack a VPN server, you can come from Elbonia... just like you can grab the gold out of Fort Knox, all that stands in your way is the post security.
I see two ways of solving this:
1: HTTPS with persistant certificates AND client certs. This way, both sides authenticate with each other.
2: A VPN/VPLS, or other way to set up and join two physically separate network segments. This is by far a solved problem.
As for the OP, this might be too expensive for a security monitoring service to bother with, especially just for one user. To boot, even if the monitoring service did see action and call the popo, most crooks will be long gone.
Lets do this right:
1: Keep the CCTV cameras, but buy yourself a DVR... hell, Amazon has QNAP and Synology NAS boxes which can easily take footage from multiple cameras and stash it on a RAID protected drive for a few C-notes. Just buy some cheap external drives, shuck them, put the internal drives in the DVR, and go from there.
2: Defense in depth. It wasn't cheap, but I replaced all internal doors with steel core doors with mortise locks that had "secure classroom", or "classroom security intruder function" functionality. This means, they will always unlock from inside the room, but a key is needed from either side to lock it. When I'm not home, all rooms are deadbolted, and hall/kitchen doors are the same. My front door has multi-point locking, and I have roll-down shutters for the windows. This is because I am out of state often.
A burglar wanting in my place will have to smash through the front door, then smash through a hall door, bedroom door, bathroom, door, etc. All the while, the alarm is going off.
2: Now for the alarm system. The door locks slow down a thief, the alarm system makes it know there is a burglary in progress. I purchased a commercial system that uses a fog machine and strobes. If the thief can't see anything in the room, they are not going to steal anything, and they either leave empty handed, get lost and run into the popo, or think they are at a rave, and also run into to the local police. Fog also gets a lot more attention than just a noisy alarm.
3: Safes. Again, an easy place to put stuff. I personally use SafeLogic Xtreme dial locks on my safes, just because it gives me quick push-button access... but if the battery dies, I can slide the top bezel up, and work the safe as a dial, so no matter what, I can access my stuff. Even a crappy safe that has no protection other than a metal looking front is a lot better than nothing.
4: The dog. A burglary is one thing, but an intruder shooting a dog has just earned felony firearms charges, and DAs will go out of their way to prosecute those.
I don't expect everyone to do this, as I err on the side of security as I'm gone from my place often... but at least consider some defense in depth... even if it means using a Kensington lock slot or putting the desktop machine in a secure enclosure, to slow down a meth-head. It also is good to use high security locks, because if stuff does get stolen, insurance will reimburse locks that are broken or forced... but picked/bumped locks, your claim will be denied.
None of this will give you 100% security, but the trick is to use a combination of things. For example, high security locks, and deadbolts on the bedroom doors will force a burglar to spend a lot of time kicking and far less time looting.
The Internet people are breaking into things because they have an idea of perfect.
The other guys (the people who want to know that someone is "seeing" it but really will just rely on that word) are just not understanding the protocols and going on what they see.
Nobody can learn what the Internet people (ya real hard I know, routing) know without going through learning it all or talking, and the Internet people don't want to talk to the other guys because the other guys never talked to them. Now it's stupid, just talk.
A bit self-serving as the CTO of the company, but we provide this kind of service to commercial national account customers all of the time. Typically an IPSec VPN tunnel is established between the client site and I-View Now, and the DVR/NVR at the end of the tunnel is monitored for online status every 5 minutes (Which also helps keeps the tunnel alive). When an alarm is triggered, in under 5 seconds, the operator at the central station is viewing both a live feed from the camera associated with the zone that went into alarm, but also a 5-second pre-alarm clip of what actually tripped the alarm. This same video clip is delivered to the end users via a link sent in an SMS message so by the time they receive the call from the alarm company, they are seeing exactly what the operator is looking at as well. i-viewnow.com
Just use a Honeywell Ademco Total Connect 2.0 security panel and be done with it. Alot of central station monitoring companies support total connect 2.0, for verification the system sends 30 seconds of video, 15 sec prior and 15 sec after each alarm device activation. Plus you grt the same notification on your cell phone and have the option to send police.
Just use a Honeywell Ademco Total Connect 2.0 security panel and be done with it. Alot of central station monitoring companies support total connect 2.0, for verification the system sends 30 seconds of video, 15 sec prior and 15 sec after each alarm device activation. Plus you grt the same notification on your cell phone and have the option to send police.
Damn, it would be a lot cheaper and more secure to move out of that 'hood!
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
1) HTTPS DVR (authentication, encrypted transit)
2) Lockdown access to IP of security company in firewall
It might seem like I'm being a pedant but that's not my goal. My goal is to learn something so, if I'm wrong, please do correct me (preferably with a whip, chains, and sexual gratification at the end).
Isn't there no such thing as a "VPN protocol?" Isn't VPN just what is created using any one of a few different protocols like PPTP, L2TP, and a couple others that I can't think of at the moment? Can't, with some work and however badly, VPN be done over quite a few protocols?
I am, by no means, an expert. I do have VPN enabled in a few different ways. I use a VPN to connect to my servers at home. I then use those servers, I offload, store, compute as needed, etc, and I connect to them through the VPN but using VNC at that end. Then, to add complexity to the mix, I also use VPN out of that box. I am currently using a VPN to connect to my servers using VNC which host a desktop instance. That desktop is connected to a VPN. I'm browsing Slashdot using that computer, through that VPN, using VNC, through a VPN which is being used on this connection.
Err... Why? Umm... I want to have a full-blown desktop and VNC was the easiest way for me to get this configured in a hurry and would be stable so that I could connect to it while using a hotel's wireless. It gets worse. I often have a VM running on that home server, which may or may not have VNC enabled, which may or may not be also connected to a VPN, and it's turtles all the way down. Seriously, I just wanted to be able to use the wifi securely while also having access to my home servers. So, they're configured to only allow certain IP addresses to access certain machines and they all use authentication schemes. I then tack on the new outbound VPN just 'cause it's already set up and I might as well.
It's actually worked out pretty well so far. I've been on the road since September.
Anyhow, to finally come back around to the rest of my question... Is there some sort of VPN protocol that I'm unaware of that I might have wanted to look into? I could have just used SSH, I guess, and tunneled through it but I wanted to access my desktop in a nice GUI fashion. I actually do almost everything through the home computers and the two laptops that I brought with me are basically not much more than dumb terminals. I'm now up to four laptops with me but two of them, ostensibly, belong to the missus though one is due to be retired but does hold some sentimental value for reasons too long to discuss here, well, at this point in time.
"So long and thanks for all the fish."
Bored in your hotel, eh?
One, Houston police do not require video verification for alarm response. They do, however, require that your alarm permit is up to date, so make sure of that.
And two, you really do NOT want to pay for alarm-company-monitored camers. There's a reason that's a commercial system feature and not a residential one: It really slows down the alarm operator's handling of alarms, and raises costs for the company, which they pass along to the customer.
Even most small businesses don't pay for that feature. Only if they have exceptionally valuable inventory. It's mostly major corporations and government installations that use it. And a few high-cost small businesses like jewelry stores.
If you cousin's really concerned about security, tell him to make sure he has an old fashioned copper plain old landline phone to wire the alarm to, as well as a cellular communicator backup. Either one could go down but the odds of them both going down are very slim.
Even in "good" areas, there are still burglaries. For example the area where I live is considered one of the better neighborhoods...
However, this doesn't mean that crime is low. A block away from the half-mil houses is a bank that wound up shutting down due to being robbed at gunpoint 2-3 times a month. Burglaries are fairly common, and skulkers who try car doors usually ply their trade fairly often, with neighbors dealing with the consequences of unlocked vehicles.
Plus, being away for long periods of times makes a place attractive to people casing a neighborhood.
As for the OP... assuming a monitoring place actually will care about what appears on the CCTV display is brain-dead. Keep the cameras for evidence, and use more immediate systems, such as decent locks and good alarms.
If you work out of the home, you might have a substantial part of your business stored there. Construction contractors might store tools at home, IT support people might have a decent collection of customer hardware, and financial consultants might have a huge collection of documents that would make identity theft very easy. Being able to secure your possessions in a manner as normal as security cameras shouldn't really be criticized that much. Insurance can only cover so much and premiums can get very expensive. Theft is very common and you'd be stupid to not try to secure your home and business. It's not materialism, its protecting the things you've invested your time and money into. Sure, a camera isn't really "protecting" anything but if you can get a clear image of the perp, you are one step closer to getting your stuff back.
You do not need a VPN.
Exposing a port is quite a reasonable option. Simply require HTTPs with username/password authentication.
If your server and the monitoring provider both support it, configure the server to require an X.509 client certificate and supply one to the provider. It's unfortunately unlikely that they will support this, though.
If your video server is a horrible insecure piece of garbage that doesn't do HTTPs, or that has a hardcoded secret key that's in 100,000 other servers around the world, proxy the SSL support between it and the router with ngnix or Apache or similar, presenting a sensible SSL interface.
VPNs for each customer are an incredible pain. I'd refuse to consider it too. Most VPN endpoints are buggy horrible pieces of garbage. Clients are awful. Multiplexing them all is horrible, and means someone who successfully attacks the host handling all the VPNs probably gets much more access to your clients' networks than if you just used direct SSL connections.
People also proved many ISPs will throttle your connection leaving your games unplayable unless you use a VPN. But what this has to do with an alarm company knowing it's customer's location is beyond me. They literally have been to the house and have the address on file.
Heh... However did you guess? I'm bored enough that I've used all 50 of my allotted posts. It seems an arbitrary and silly limit. My karma can go no higher. Why then do they limit the number of posts that I make? It's obvious that someone (probably a deranged someone) enjoys my posts or I'd not have "Excellent Karma." Why the silly limit?
The good news is that I am "ahead" in my competition with my friend. I can't get into the details because that will skew the outcome. But, neither of us is allowed to spend any money - we can only spend time and effort. I can't even host on my own hardware - I have some colo'ed out and plenty of room as it's almost entirely unused except to host some backups and a few small sites for friends. I can't even buy a domain name or hosting. I can buy no software to run on the project sites but I *can* buy software to help create such. I've not yet seen a need to do so.
Also, we can accept donations but donations can only go to the projects and any extra donations must go to a charity. Our respective lady friends are spying on us on the other's behalf. The missus will make sure that I don't cheat and his wife is making sure he doesn't cheat. We have set goals and a set amount of time and we even have a prize at the end. I can not disclose any of those but it's sure to be amusing to see what happens. I've got a framework and some basic testing done.
*sighs* Yes, yes I'm this bored. ;-) You can see it here if you're curious. It's kind of a mess. I did most of it today, really. I'm that bored... Most of it is placeholders and testing but it's getting there. In a short while, I'll be "blogging." Well, I'm shooting for something a bit higher than plain ol' blogging. We'll see what happens. I can't even buy traffic. Everything has to be free BUT I can trade work for stuff if need be. I don't do graphics so I'll have to figure something out there. The logo, obviously, as to go. That's the stock logo.
So, yes, yes I am bored. I'm bored out of my mind. I've been to D.C. before but the missus hasn't. Sometime this week we'll be in Florida assuming she's done shopping and site-seeing. We've hit the museums and enjoyed ourselves but it is still, at its core, D.C. and has all the vibes one might expect from a city like this. I retired to the remote woods of Maine for a reason. I don't even live in a town. My house in Maine is in an unincorporated township and there are a total of six houses that are occupied full-time. There are a few hunting camps, four I think, and that's it. It's about 24 miles from the village. The village has fewer people than this whole block has. Hell, I think the hotel might have more people in it than the village does.
Yes, yes I do get bored. That does kind of explain my strange setup. For as frail as it sounds? It's been really solid. I'd expected it to have some failing but no problems have occurred so far. I have a couple of other computers that are also configured as backups should any of them fail and, so far, I've only needed to maintain them. The one I'm connected to at the moment is running Lubuntu 15.10 which, if you know the release cycle, indicates that I am doing well so far. I even managed to upgrade to the newest version - I went from 15.04 to 15.10 without a problem.
I seriously expected more issues than this. If I'd known it was going to be this stable, I might not have spent the time configuring a second server and a failover laptop. I'd also like a decent home-cooked meal. I've eaten so much restaurant food as of late. I'm kind of surprised that I'm not getting fat.
Ah well... It's obviously KGIII... I don't think anyone else is this bored or verbose. If they are, I hope they've better grammar than I.
Do you offer any simple bundles for a tech-savvy home-owner? I.e. 24x7x365 Monitoring of 6 (supported IP) cameras @ $50month - with some sort of clause to protect you from badly configured/false movement cameras?
Your not likely to find that from a residential service. Talk to business class security companies and you'll have traction. Probably won't want to pay for it though. I'd be surprised if you generally found anything in that range for less than $150-200 a month.
Your security companies are not interested in data security, only property security. If they were really concerned with data security, your security devices (eg cameras) would call out TO the security company, just like they used to do when they required phone lines.
More or less what is required to solve this problem is to "keep alive" a connection originated from the home-side (eg on a UPS) and periodically update the status every minute or so. When a monitoring alert is triggered, proactively send the data to the monitoring company (after all that is what they are supposed to be doing.) If the connection is disabled, go over the "expensive" link, eg a GPRS/LTE device with an alert that the main connection has been disabled and send video frames within the expense parameters (eg reduced frame rate or reduced delta-frame resolution.)
Your average monitoring company, again, doesn't care about data security or voyeurs/perverts watching you. Simply knowing the IP address range of your target and the ports used by the security devices is enough for idiot kiddies/perverts to hijack the security monitoring system.
No company will help you to set up a solution specifically for you.
Do it the other way round: Specify that it must be encrypted, ask for offers, and let them suggest HW and SW. If you dont like it, look for another company.
You don't need VPNs and hosting companies. Setup an RTSP proxy between private cam net and internet, give security company public proxy IP.
That's a huge gloss over with the details but it'll point you in the right direction.
SecureCom Wireless has a video solution that supports VPN and video verification. Basically, the cameras automatically tunnel back to the servers using an encrypted VPN protocol. This would make the video solution available to your cousin via his app anytime he likes, and in the event of an alarm it would allow the central station to view the video live for 30 minutes after an alarm, in real-time. So, this would allow your cousin to get video without opening any ports on his home network. Additionally, all communication from the cameras to the SecureCom servers are fully tunneled and encrypted. The the best of my knowledge they are the only one that offers this type of service.
Basically, any if you're looking for that service any DMP dealer can help with that. I would contact Digitial Monitoring Products to find out whose a dealer in the Houston area. http://dmp.com
It's always amusing when someone tries to supplant a definition with the slang of it. Sorry, but VPN is already well known in 'modern times' regardless of what the new generation of kids try to appropriate slang as while not understanding any of the underlying technology. The VPN slang is still the same exact thing, you must not understand that it just routes traffic out to the internet differently based on different use cases.
This is my sig. There are many like it, but this one is mine.
Actually, there is a Karma level higher than yours.... it's called Bennett Hasselton.
Which has more power: the hammer, or the anvil?
Cunt.
I work on the Ops side for Alarm.com, a home automation and security company. All of our video connections to customers utilize a VPN. We have over 2.5 Million customers globally and I'm sure we could find a dealer for you to work with. Please go to our site to learn more.
Have you thought about Rogers Smart Home Monitoring? I don't know if their outside oc Canada, but they have pretty good service if you're willing to cough up the dough.
I understand it quite well. The point was that people are more commonly using it to appear like their traffic has originated somewhere else which is why the parent poster didn't know what the GP was trying to say. The fault lays with the GP's lack of knowledge not mine.
It has nothing ot do with hardware overhead. It has everything to do with overall systemic overhead. Adding encryption is just another layer that can go wrong, needs updating, penetration testing, etc etc. Like i said i take exception to the idea that all this traffic needs to be encrypted by default, not the idea of encryption. Your argument is security through obscurity and nothing more.
So, rather than have an encrypted stream whose software may or may not need updating in the future, you think it's better to have no encryption at all? You are some kind of fucking idiot. Why do you use HTTPS/TLS for your web activities? Is that security through obscurity?
Secure Real-time Protocol(SRTP) already exists and could be used for IP based CCTV video right now. It is currently used for VoIP and video calling and could be used in IP cameras and DVRs just as easily. But, lazy people and fucking morons like you have delayed this inevitability.
Use your head! How is it logical to expose unencrypted DVRs and IP cameras and the IoT to the world without some type of encryption?
I've been using webcams and motion (software) to scp camera snapshots up to my VPS. I want something more standalone (i.e. not requiring an external computer and scripts to run the cameras), but couldn't find *any* IP cameras that upload via sftp. Just lots of ftp and samba.
I was thinking about home security in a Global View, neighbors, energy-backup (thieves may down your power connection), internet supplemented connections (thieves may cut you wired internet connection) , store images (secure place with backup). And then look to secure the internet access to:
- view cameras
- control cameras
- control other house system
-> ssh and OpenVPN could help, you could have encryption and login control, tunneling, profile, have scripts, etc.
Its also good thing create an wifi mesh network (or routed wired) with neighbors using VLan where all security traffic will go.
just some toughs
Imma get that. ;-)
"So long and thanks for all the fish."
There are several national providers that are doing just this, viewing CCTV footage before a police dispatch. Your best bet would be to ask your alarm monitoring company if they have affiliated with any of them yet (or why not?). I would expect that within 10-20 years all alarm monitoring will be verified this way and may actually eliminate the need for an alarm system if you configure the video system to report motion. Time will tell how well the public accepts someone who has the ability to view their cameras on demand.