Announcement

Collapse
No announcement yet.

Home surveillance system

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by WC_Sage View Post
    The readers of this topic would do well to give due consideration to what "automation" has presented in this thread prior to this little suggestion.
    This kind suggestion is offered by a degreed engineer, computer programmer (including microcode, assembly, and high level languages), and technologist who neither knows nor has met "automation."
    "Convenience" and "Security" are at odds with each other.

    The problem is that consumers don't shop for "security" (or even reliability, for that matter! ). Instead, they look at cost and features. In fact, they are typically incapable of evaluating products based on their "robustness". (and, the vendor is surely not going to list all the flaws in their product -- assuming they are even AWARE of them!)

    Developers know this. In brainstorming sessions for new products, the conversation always centers on these two issues -- with a token mention of "security" (as if merely mentioning it is sufficient to ensure it is "present").

    Their notion of the types of threats they may face is naive. And, their solutions are equally so ("Why can't you just use my thumbprint?" "Um, what happens when someone discovers how to HACK your thumbprint? Will you swap it out for a NEW THUMB?? Or, your voice? Face? etc.")

    Folks want "easy to remember passwords" -- despite the fact that this makes them EASIER TO CRACK. They don't want to have to remember multiple passwords for multiple accounts/devices (because that's inconvenient!) so once a password for a device/account is "compromised", its likely that all other accounts/devices will be compromised. (The look on my friends' faces when I "crack" their password in a few minutes -- while they WATCH -- is always entertaining: "You mean, that's all it takes? Even though my password was 10 characters and kind of random/unpronounceable???")

    They don't want to run wires cuz that's costly, time consuming and "not convenient" ("Why can't I just PLUG IT IN??"). They don't want to have to keep changing batteries (because that's inconvenient -- just look at how many smoke detectors have been idled while their owners are remembering to replace the battery). And, they don't want to have those silly wall-warts all over the place in lieu of batteries because that's unsightly (inconvenient to look at).

    They don't want to continuously monitor (hacks are discovered every day!) all of their devices for security flaws thinking the manufacturer will do that (and the low retail price for the item will INCLUDE that service, FOREVER!). And, when a flaw is discovered and they eventually learn about it, they're annoyed that they have to replace their device(s) because a "patch" is not available. And, aren't technically savvy enough to understand why a patch may not even be possible for that problem on that product. (if the vendor makes this claim, the user thinks the vendor is just trying to "sell him something else" instead of standing behind his original product)

    When a product is pitched to you as "convenient" or "inexpensive", you should first ask what you're silently forfeiting FOR that convenience/pricing.

    Comment


      #17
      Have had a security system and my house since 2003 and it has been constantly updated as times change.

      The simplest way is to go to Amazon.com and search for security systems or surveillance systems. Then you can go on eBay and find components you may like to add.

      Then find a local installer to put it in for you correctly. Remember, you get what you pay for.

      Comment


        #18
        Originally posted by automation View Post

        If you're more technically inclined https://jumpespjump.blogspot.com/201...and-found.html:
        Most people can do their own research for the specific situations. I do not know you, but have learned just to skip your cut-and-paste posts.

        If your network is secure your cameras are secure. No other point to make. If your cameras are on your network and your network is secure, then your cameras are secure.

        Without cut-and-paste logic. :-)

        Comment


          #19
          Originally posted by Cris View Post
          Most people can do their own research for the specific situations.
          No, sadly they CAN'T! Even if they're proactive enough to attempt such an endeavor, they don't have the tools or technical knowledge to evaluate any information they might find. Unless you stumble on a headline like "Camera Model #123 Discovered to be Source of Widespread Botnet", you can't come to any conclusions about your camera, the other items on your network, OR your network itself.

          That's like saying people can do their own research for their specific SCI situations -- and, thus, come to the optimal conclusion as to their treatment plan and prognosis! You rely on experts to provide that assessment for you -- and, hope that their information/experience is "accurate" and "current" (last year's treatment plan may not be appropriate in light of more recent findings).

          Dunning Kruger Effect (I won't bother you with a "cut-and-paste" explanation -- with you being the poster child for it! )

          Zombieload was announced 14 May (but, then again, you already KNEW that, right?) Can you tell me which, if any, devices on your network might be vulnerable to it? Do you even know what's INSIDE each of the devices you use? Who do you expect to look through YOUR device inventory to assess its vulnerability to Zombieload? Or Meltdown? Or Spectre? Or...

          But, that's just when the exploit was published -- it had existed (and been KNOWN to exist!) for some time before it was publicly disclosed (give folks time to think about how to mitigate the problem before alerting any adversaries of its existence).

          And, if your camera isn't directly exploitable by any of these (or the hundreds/thousands of other PUBLISHED exploits), how do you know that some other device that is vulnerable can't be used as a beachhead to address some other exploit -- possibly of your camera?

          How many "white hat" folks do you think are proactively checking the devices that you own ON YOUR BEHALF to anticipate future vulnerabilities? Do you know each device's manufacturer's policies regarding that sort of effort? Are they proactive, reactive, or simply "unconcerned"?? Are THEY sure they know what the vulnerabilities in their products are? Or, are they hoping someone will TELL them about these?

          [I played a lot of pinball in my youth. I befriended the guy who ran the "route" at college. One day he asked why he was finding all these PENNIES in the coinbox as the games ONLY accepted quarters. So, I showed him how a player could get the machine to treat a penny as a quarter. Then, showed him how to "fix" the machine so the trick wouldn't work. He serviced these machines for a living -- yet I had to show him how they could be hacked. Wanna know how to make free phone calls? Get food from vending machines? Crack your partner's password in under 5 minutes?]

          I've been doing this sort of thing for more than 40 years. I find exploits in existing products and advise clients as to how to mitigate them. Sometimes, their answer is "let's just leave it (costs less than fixing it) and hope no one discovers it". I've had a hand in the design of the machines that test your blood samples, fabricate the medicines you take, pump the gas into your cars, run your cars, do your fishing, decide when to show "triple 7's" at the casino, harvest the lobsters you eat, lock/unlock your hotel room door, etc.

          [NDAs prohibit me from discussing things that aren't "already publicly known" -- cut-and-paste is prima facie evidence that the information IS publicly known, so I'm off the hook! :> It also lends credibility to an argument as I'm not expecting readers to "take my word for it"]

          You wouldn't believe the number of flaws and exploits that have existed -- and still exist -- that have never made it to a CNN headline. Even as an "insider", I am still at a loss to keep up with the flood of exploits coming out every day! So, returning to your initial assertion, how are "most people" going to know about them? I sure wish I had your clairvoyance!

          I do not know you, but have learned just to skip your cut-and-paste posts.
          Confirming my preceding D&K statement ("I already KNOW it so don't need to LEARN it!")

          It's sad when anyone refuses to come to grips with their shortcomings and refuse to move forward/learn. Understand your shortcomings -- it makes for more interesting discoveries when you realize you don't know what's around the next corner!

          If your network is secure your cameras are secure. No other point to make. If your cameras are on your network and your network is secure, then your cameras are secure.
          How do you KNOW that your network is secure? How do you know that every item ON the network is secure? Do you do periodic pen testing? Or, have a firm on retainer that does that for you, regularly? Are you advocating "most people" do likewise??

          Without cut-and-paste logic. :-)
          With, instead, a naive, simpleton, D&K rationale... (sigh)

          Comment


            #20
            I have heard about these little indoor Wyze Cams for quite some time. They are helluva buy starting at around $20. You get 14 days of free upstream bandwidth/storage. You can also add an SD card. They work with Alexa. I have also learned that they use TLS, AES 128-bit encryption to protect the security of the live stream and playback data. Every device has its own secret key and cert so they can validate the identity during a handshake.

            Right now I have two of these cameras in my Amazon cart. If you do your due diligence and you are looking for something simple, I cannot think of a reason why you should not buy these cameras for your home.

            https://www.wyze.com/product/wyze-cam-v2/

            https://www.grc.com/sn/sn-713.htm
            The test of success is not what you do when you are on top. Success is how high you bounce when you hit the bottom
            --General George Patton

            Complex problems need to be solved collectively.
            ––Paul Nussbaum
            usc87.blogspot.com

            Comment


              #21
              Originally posted by PN View Post
              I have heard about these little indoor Wyze Cams for quite some time. They are helluva buy starting at around $20. You get 14 days of free upstream bandwidth/storage. You can also add an SD card. They work with Alexa. I have also learned that they use TLS, AES 128-bit encryption to protect the security of the live stream and playback data. Every device has its own secret key and cert so they can validate the identity during a handshake.
              I use a similar approach with each of my "nodes", here -- each is "introduced" to the System via a secure portal in a locked equipment closet (so the System can install the private keys without any chance of an eavesdropper interfering with the process).

              An adversary won't attack the encrypted stream. Rather, they'll attack the endpoints or protocol. Most "video" is boring and of little "value" to an adversary.

              E.g., I have 8 cameras monitoring the grounds around this house. A passerby can easily "see" what 6 of the cameras are "watching" -- "for free" (the front yard and each of the side yards)! The remaining two cameras cover the back yard -- and would require the passerby to come onto the property to peer over the wall (or, do so from a neighbor's yard... OR an overhead drone flyby!).

              [It's possible that access to my camera feeds could allow a remote hacker to identify my actual street address; use my IP to locate my ISP and then use google street view to find imagery that matches the camera feeds from the front of my house. All of that could be done mechanically without requiring a human being to scan the neighborhood imagery!]

              Two additional cameras monitor the front door. Again, visible "for free" by any passerby. A third (camera #11) acts as the doorbell and "front door key" (if The House is expecting you and recognizes you, visually, it will unlock the door for you). Again, nothing that a passerby couldn't see with his own two eyes.

              There are 7 cameras in the garage (to assist with parking and verifying no obstructions in the path of the garage door or exiting vehicle) that MIGHT hold some "secrets" for a voyeur -- while the door is closed and the contents not observable by a passerby.

              The remaining cameras (in addition to the garage cameras) don't provide video feeds that can be viewed by "humans". These have the most potential "value" to an adversary as they exist INSIDE our "private space".

              Instead, The House uses those feeds, directly (as with the doorbell camera). There's one in each bathroom -- along with a microphone and speaker -- to monitor for "trouble" ("Help! I've fallen and I can't get up!!") and take action (the whole point of all this technology is to enable people to live independently for longer than they would otherwise be able). I'm in the process of adding 30 more such "nodes" throughout the house -- to track the locations of occupants and respond to their commands/requests. (this is currently done with BT beacons but that is subject to hacking, jamming, eavesdropping, etc. -- all the flaws that are inherent in a wireless technology)

              The real value, to an adversary, lies in getting a beachhead into your network... INSIDE your firewall. You do this by exploiting sloppy ASSUMPTIONS made in the implementation... do things that "can't happen" (in the opinion of the product's designer/developer). So, you have to anticipate those assumptions and work to eliminate them.

              In my implementation, you can surgically remove a camera and "harvest its secrets" (if you had appropriate tools and can do so without the System seeing an interruption in "service" from that node). But, the System won't let you do anything more than the original CAMERA could do! I.e., you can spoof the video feed to whatever is viewing/analyzing it, but, you can't talk to anything else or eavesdrop on any other transactions. You could try to mount a DoS attack -- in which case the network switch/router will simply shut down your port (because the original camera wasn't supposed to behave like that. So, it's clearly defective -- or HACKED!)

              You can't do these things with COTS designs. Or, wireless technology. The individual devices -- ALL of them -- have to implement their own defenses against potential rogue PEERS! And, Company A is hardly interested in working to address problems that Company B's products might introduce.

              Comment


                #22
                Originally posted by automation View Post


                How do you KNOW that your network is secure? How do you know that every item ON the network is secure? Do you do periodic pen testing? Or, have a firm on retainer that does that for you, regularly? Are you advocating "most people" do likewise??

                With, instead, a naive, simpleton, D&K rationale... (sigh)


                Having a degree in Computer science and Business administration, being a systems analyst, system administrator, a Microsoft certified system engineer, a network engineer and a Novell administrator may be give me a little bit of insight considering the computer systems I managed for the Department of Defense.

                By the way, could you give me an example of me pasting my posts?

                Your insulting post was just that insulting, juvenile and unprofessional the work of an immature pompous pontificating person who has no idea of real-life.

                With enough money, time and resources every and any network can be breached so I'm not going to go crazy about the Chinese trying to find some 59-year-old quadriplegic network. I have better things to do with my time.

                Wish you would spend all this energy on doing something productive for the cure spinal cord injuries rather than berate the members whom you have no idea the lives they live and has become personally insulting. You may have a loved one or know someone, but you can never grasp what it is like to have a spinal cord injury until you have one.

                Somehow it seems that you know more than anybody who's ever been on the board before and I'm wondering why you're not on the talk circuit or writing books or On Jeopardy.


                Demeaning others does not make you better. It makes you worse.

                Comment


                  #23
                  Originally posted by Cris View Post
                  Having a degree in Computer science and Business administration, being a systems analyst, system administrator, a Microsoft certified system engineer, a network engineer and a Novell administrator may be give me a little bit of insight considering the computer systems I managed for the Department of Defense.
                  So, you've never actually DESIGNED a camera (or other IoT device), done any Red Team/Blue Team exercises with "appliances", etc.

                  The "world" is a lot different place when you don't have a big disk drive and gigabytes of memory at your disposal. How you protect your asset is considerably different when the resources have been sized (and costed) to fit the assets need -- instead of "perpetual update cycles" and "just reinstall Windows" as the panacea "fix" for all ills.

                  I designed (and patented) my first "embedded system" more than 40 years ago. At the time, there was a debate over whether "software" (and, products that were largely software --PC's didn't exist so the notion of a PURE software product wasn't yet an issue) was a patentable/protectable bit of Intellectual Property.

                  By the way, could you give me an example of me pasting my posts?
                  Can you provide an example of me accusing you of doing so?

                  Your insulting post was just that insulting, juvenile and unprofessional the work of an immature pompous pontificating person who has no idea of real-life.
                  "I do not know you, but have learned just to skip your cut-and-paste posts."

                  Sure sounds dismissive -- pompous -- to me!

                  With enough money, time and resources every and any network can be breached so I'm not going to go crazy about the Chinese trying to find some 59-year-old quadriplegic network. I have better things to do with my time.
                  Again, you're showing your ignorance. NO ONE CARES ABOUT "YOU"! They don't care that you're a quad, male/female, black/white, etc. You're just an "opportunity" -- if you LET yourself be. A machine will hunt down those opportunities and try to exploit them -- mechanically. You'll be one of "N" who are targeted just because you've engaged in a behavior that can be exploited.

                  Ever seen someone walking through a parking lot "randomly" pulling on door handles of cars? He's not singling out YOUR car... he's just hoping to find A car that the owner has failed to lock. He's not noticing if there's anything worth taking out of the car(s) before checking their door locks -- he's just looking for an OPPORTUNITY. He'll figure out how to exploit it, later.

                  Wish you would spend all this energy on doing something productive for the cure spinal cord injuries rather than berate the members whom you have no idea the lives they live and has become personally insulting. You may have a loved one or know someone, but you can never grasp what it is like to have a spinal cord injury until you have one.
                  I don't have the skillset to "cure" spinal cord injuries. Nor do I expect you -- or any others, here.

                  I do have the ability to design "devices" that can ease a lot of the "tasks" that people are faced with in living, day-to-day. Not for the sole benefit of SCI victims but, rather, for "people in general". My presence here is to eavesdrop on the issues that SCI patients face and see how I can include/modify those needs in my design -- but, only as a subpopulation of the folks I am targeting (people who would need to have a home caregiver or enter an assisted living facility due to their inability to address the daily needs of living and caring for themselves, SAFELY).

                  I don't have to venture out to the sidewalk to check to see if the mail's arrived -- or, if I've noticed the mailman's passage, if he's left anything for me, specifically.

                  I don't have to drag my ass out of bed just to verify that the stove is OFF or the back door secured or the garage door closed -- as I usually have NOT made these mistakes (though, if I did, the consequences could be indicative of me "needing assistance"). Did I remember to turn down the heat in the guest bedroom??

                  I don't have to fumble with light switches as I try to make my way to the bathroom in the middle of the night. Or, remember to turn them off behind me as I return to bed.

                  I don't have to "encourage" the irrigation system to do some extra watering because it's been unusually hot/dry for a long period of time (and it's naive COTS programming doesn't account for that).

                  I don't have to go to the front door to see if there's a package waiting for me -- or if there's some "solicitor" just hoping to bother me.

                  I don't have to hunt for "The Remote" for whichever TV, stereo, ceiling fan, window curtain, etc. with which I want to interact. And, I don't have to remember to turn the TV off when I've left the room -- or, turn on the TV in the OTHER room that I'm headed into (e.g., living room into kitchen at dinner time) so that I won't have to fuss with finding THAT remote!

                  I can tell the powerchair to go park itself when I'm done with it -- then "recall" it when it's needed again in the morning. And, start the coffee percolating so its ready before I get into the kitchen.

                  I don't have to carry a phone on my person so I can answer before the caller gives up on me. Or, retrieve it before I can place a call.

                  I don't even have to REMEMBER to do these things as The House can remember to do them for me! (because I, like most people, am a creature of habit and The House can observe those habits every minute of every day, forever, and learn from them -- without deliberately "leaking" details of everything you do in that house to "google" or some other Big Data entity)

                  But, hey, if you don't think these sorts of things would benefit a person stuck in a chair, <shrug>.

                  And, by the way, what are YOU doing to "cure SCI"? Or, with your IT knowledge, improve the living experiences of SCI patients (even if you choose to ignore non-SCI individuals who might be having trouble remaining independent)? Or, have you already DONE these things and just stingy and unwilling to share the results of your labors??

                  Note that there is no one forcing me to address "your" (as a subpopulation) needs, here. Compared to the population of healthy individuals (who would enjoy the "gimickry" of what I'm doing), blind/deaf, old/decreasing competence and mobility impaired (but not crippled!), SCI patients are a drop in the bucket. And, already have "insurance" as an advocate (what can GrandMa call on to finance her needs for assistance?). It's just as easy to leave your needs to whomever opts to finish up this project. If that ends up being a business entity, I'm pretty sure you can anticipate their calculus: "Hmmm... tiny sub-market; what's our likely return, there?"

                  (i.e., anything that I've not already put in place to address a set of needs is likely NOT going to get added; you sure you want me to "go away"? Really enjoying that chair, eh??)

                  Somehow it seems that you know more than anybody who's ever been on the board before and I'm wondering why you're not on the talk circuit or writing books or On Jeopardy.
                  I only talk about things of which I have first-hand knowledge. This discussion started by me raising the red flag over allowing remote access to cameras -- or anything else INSIDE your firewall -- just for the sake of "convenience"... because there is a cost (risk) to that "convenience". Instead of relating first-hand EXPERIENCES, I opt to cite information available from third-parties -- so the reader can verify my claims. But, you belittle this as "cut-and-paste". Yet, your attitude, here, suggests that NOT providing the backup would have you belittling my comments as "mere opinion". Amusing paradox, there, eh?

                  I wonder how many NON-PC systems you've ever had to support? Do you even know how to go about it? Do you have the tools to do so? (i.e., there's no "Console" that you can type away at to see what's going on inside the device; you can't "load" a debugger to trace the code or monitor the data)

                  [But, hey, maybe it will be your NEIGHBOR who gets hacked... it's NEVER "you", right?]

                  Demeaning others does not make you better. It makes you worse.
                  Pot, kettle, black.

                  (apparently, you didn't learn well enough as you opted not to skip that one, either!)

                  My last post. I'll try to remember to put in a good word for "crips" when I hand the project over! Maybe someone ELSE will care...

                  Comment


                    #24
                    OooohKaaay! OooohKaaay! This is only a thread about a home security system, already...........talk about going for the jugular! Down boys...down...sit...stay!
                    Last edited by gjnl; 25 May 2019, 10:36 PM.

                    Comment


                      #25
                      I kinda regret making this post. All I wanted was brand suggestions and pro's and con's of wired vs wireless.

                      Comment


                        #26
                        Originally posted by Scott C4/5 View Post
                        I kinda regret making this post. All I wanted was brand suggestions and pro's and con's of wired vs wireless.
                        And Scott you should have no regrets. I too would have liked straight forward answers from members who have installed these systems. That would have been interesting and helpful. This thread should have been all about your question, not about a couple of clashing egos. Sorry you didn't get what you wanted from our membership.
                        Last edited by gjnl; 26 May 2019, 12:07 AM.

                        Comment


                          #27
                          This is my system

                          Scott:

                          Sincerely apologize for letting automation get under my skin and diverging your Topics from what you wanted. This is what I did:

                          When first installing cameras and connecting them to my computer had a four port PCI card for cameras. Then I purchased a ZOSI eight channel DVR and have tried systems like baby monitors or such for indoor use. They didn't work well for me because I could not reset after a power outage, you get what you pay for an upgraded the cameras in my house also

                          DVR's or NVR's are not very expensive $70 and upwards you pay much more for cameras. You do get what you pay for and be very careful about buying Chinese cameras. Do not believe you need anything more resolution than 1080 P or high definition or 1200 TVL.

                          The corner cameras can zoom in on the license plate on the gold car across the street. This is my Screenprint from my CCTV DVR, also have a wireless NVR and probably add POE NVR after I finish this configuration.
                          Attached Files

                          Comment

                          Working...
                          X