Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Security Monitoring Company That Accepts VPN Video Feeds?

Posted by timothy on from the end-to-end-please dept.

mache writes: My cousin is finishing up a major remodel of his home in Houston and has installed video cameras for added security. At my suggestion, he wired up all the cameras to be on a separate VLAN that only uses wired Ethernet and has no WiFi access. Since the Houston police will only respond to security alarms if the monitoring company is viewing the crime in progress, he must arrange for the video feed to available to a security monitoring company. I told him that the feed should use VPN or some other encrypted tunneling technique as it travels the Internet to the monitoring company and we proceeded to try and find a company that supported those protocols. No one I have talked to understands the importance of securing a video feed and everyone so far blithely suggests that we just open a port on his home router. Its frustrating to see such willful ignorance about Internet security. Does anyone know of a security monitoring company that we can work with that has a clue?

8 of 136 comments (clear)

  1. Can you lock the IP address? by khasim · · Score: 2, Informative

    If those companies want a port open on the router, can you lock the port to only the IP addresses that that company would be using?

    That should be fairly standard on most of the firewall/routers available today.

  2. IPsec or simple ssh like tunneling by yes-but-no · · Score: 4, Informative

    VPN may be too heavy weight a solution. VPN is used when different sites [like branch offices of say a bank in a city] want to appear as though they are co-located in a single site. In this video surveillance use-case, it's just that you need to send the data one-way securely from point A to B. Just using an L7 secure TCP [like ssh tunneling] or using L3 IPsec like protocol should be sufficient. May be there are dedicated devices that do this.. or you may be able to run a script/software in the PC in the home which acts as a middle-man doing this tunneling and sending out of the data to the remote server. Of course the other end should be able to receive and do the necessary decryption.

    1. Re:IPsec or simple ssh like tunneling by marcansoft · · Score: 5, Informative

      If the camera is HTTP, just reverse-proxy it with something like nginx into HTTPS, and let it handle basic HTTP authentication. HTTPS should be as secure as most VPNs in practice, and the authentication at the proxy level stops pre-authentication exploits against the camera. Now that Let's Encrypt is a thing you can even get a real cert easily. The security company doesn't have to know that you're doing this; you give them HTTPS URL and off they go.

  3. No, you completely misunderstand. by Anonymous Coward · · Score: 2, Informative

    No, he wants an encrypted tunnel to the security company. Not to a third-parrty proxy.

  4. silly topic by Anonymous Coward · · Score: 2, Informative

    You and your cousin need to get a life and stop worrying about highly optimizing the design of security systems that have almost no practical value. The reality is for most users, 99.9% of the security value of their system mostly comes from the visual appearance of the camera as a deterrent factor.

  5. Get a provider in the commercial space by guruevi · · Score: 5, Informative

    You should have the Axis security suite or find one of their partners to install it for you, then some company might take you seriously. Once you get that contract, you can specify anything you want and pay accordingly. I've done IPSec lines for some of their customers, but you could be paying $10k/year easily to maintain a few camera recordings which are totally useless in actual protection or prosecution (unless the cops get extremely lucky with an extremely dumb criminal, they won't be looking for that one person or even recognize them when they get arrested on another charge).

    But for home or small business, this is laughable, your camera's won't do anything, they will barely be able to see any silhouettes especially at night (unless you buy a $1000 camera, the 100' IR LED cameras all wash out the image due to reflection within the housing, and yes, I have tried a number of them). Your city doesn't require any camera for monitoring by police. You do need a permit and so does your alarm company. Perhaps your alarm company told you that but they are just trying to up sell you their camera system. https://www.houstonburglaralar...

    You can do a DIY alarm system with a cheap alarm monitoring service for ~$500 (Honeywell Vista with a few sensors and remotes) and $5-15/month for the monitoring service (wired or wireless). You could hook up ZoneMinder into your Honeywell as well with an RPi or whatever, but make sure you understand the false alarm fees your city levies. Some city codes also require you to hook up at least one wired CO and smoke detector if you do get a system so you should calculate all that in, other codes require wired CO and smoke detectors on every level during renovations.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. I-View Now and Protection One offers exactly this by Anonymous Coward · · Score: 3, Informative

    A bit self-serving as the CTO of the company, but we provide this kind of service to commercial national account customers all of the time. Typically an IPSec VPN tunnel is established between the client site and I-View Now, and the DVR/NVR at the end of the tunnel is monitored for online status every 5 minutes (Which also helps keeps the tunnel alive). When an alarm is triggered, in under 5 seconds, the operator at the central station is viewing both a live feed from the camera associated with the zone that went into alarm, but also a 5-second pre-alarm clip of what actually tripped the alarm. This same video clip is delivered to the end users via a link sent in an SMS message so by the time they receive the call from the alarm company, they are seeing exactly what the operator is looking at as well. i-viewnow.com

  7. Re:IP matching by mysidia · · Score: 4, Informative

    If the goal of the OP is to make sure that nobody is watching his home's video other than the security company, I'd suggest using https streaming

    The OP's cousin should probably just accept the risk that some unauthorized third party could in theory be watching the video data, Concentrate on making sure a third party can't Control or Disable the camera (What is really important!), understand that risk, and mitigate it by placing the cameras where they will meet security objectives without a huge risk to privacy objectives.

    Legally speaking.... the OP's cousin will have already lost any legal expectation of privacy, the second they hired an outside company and shipped camera video out of their exclusive physical control, local law enforcement/FBI/etc can compel the disclosure of such video data in the hands of a 3rd party without needing a warrant or subpoena, and even bar the monitoring company from informing that footage has been provided; it's no different than requesting transaction records from a retailer.

    The reality of the situation is; security monitoring companies are totally focused on physical security, the ones likely to offer affordable services are going to be local SMBs for the most part, and they are likely to have little knowledge of IT Security topics.

    Unless you've found a highly exceptional security provider in the local area that promises privacy of your video footage, most companies will just not care , and might not fully understand these issues, the issue is so universally neglected, that you will need a contract requiring end-to-end encryption, AND the OP will have to pay the monitoring company enough money for them to care.

    And then, unless you are paying a couple thousand a month, then it is probably a tall order to require a custom VPN solution "just to protect a home's ccTV feeds".