Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsGadgets, robotics, home automation, electronics (including wearables)How to handle outdoor IP cameras security wise...
richms

29098 posts

Uber Geek
+1 received by user: 10209

Trusted
Lifetime subscriber

#151605 30-Aug-2014 12:14
Send private message

A couple of my cheap "waterproof" analog cameras outside are showing that they are as waterproof as a $2 shop watch.

Anyway, I am thinking of replacing them with IP ones since that will get me a better picture, but I dont want to have my lan exposed on a cable outside that someone could just plug into and see everything.

All the cheap NVR's I have looked at have only had a single ethernet port, and have operated the camera over the same IP range and interface that is used to connect to the network for viewing/managing them which IMO is a bit stupid.

Is there any cheap off the shelf solution that will act as a firewall of sorts between the camera and the lan, only allowing connections to the camera to happen from the lan, and only from the DVR etc?

Other option is to get a routerboard and deal with configuring it, but that is more effort than just buying something made for the job. In addition I would like to get the cameras on the flatmates lan as well, since they will no long be able to watch them from an RF modulator on the composite camera to know when the pizza is arriving.




Richard rich.ms

Create new topic
Niel
3267 posts

Uber Geek
+1 received by user: 80

Trusted

  #1118559 30-Aug-2014 14:18
Send private message

The proper outdoor cameras do not have a socket, they have a cable inside their mounting foot piece which is not exposed so an offender would have to unscrew the camera before getting access to a cable.  And then probably have to cut it off and terminate it with a plug.  Security systems do not expose their wiring.




You can never have enough Volvos!



nitrotech
1285 posts

Uber Geek
+1 received by user: 168


  #1118560 30-Aug-2014 14:19
Send private message

The dahua nbr I have has 4 Poe ports that can't be accessed from the LAN model is NVR2104-P

richms

29098 posts

Uber Geek
+1 received by user: 10209

Trusted
Lifetime subscriber

  #1118561 30-Aug-2014 14:21
Send private message

It still has to get to it. Perhaps not as simple as plug in, but whereas with the analog camera the best they could do would be short out the power or feed something back blowing up the DVR, just having the whole lan on an exposed cat6 outside is something I dont want to do.




Richard rich.ms



chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #1118597 30-Aug-2014 14:57
Send private message

Put the camera's in their own VLAN with no route to the internet and firewalled from accessing the LAN subnet. Make the subnet just big enough for the amount of cameras you have, don't have a DHCP server etc.

All the decent cameras will have locking screws and when they are mounted the cable won't be exposed at all. Rather hard to get in to.

richms

29098 posts

Uber Geek
+1 received by user: 10209

Trusted
Lifetime subscriber

  #1118600 30-Aug-2014 15:06
Send private message

Except when there is a surface cable run along a pergola or carport to get to the camera. I still need a DVR with multiple interfaces to handle connecting to the second vlan. That dahua one looks cheap and easy enough.

Its not a huge issue for me now as everything is quite inconvenient to get to, but when I finally get the gate put in and will have a camera on that, it will be at a height where it is quite easy to get at. I dont see how anyone could consider running a cable with connectivity to the entire lan, which will also be carrying other things on it as being acceptable, but apparantly it is the norm for most IP camera installs. Perhaps I have only been talking to cowboy installers with no concept of network security tho.




Richard rich.ms

Andib
1395 posts

Uber Geek
+1 received by user: 974

ID Verified
Trusted

  #1118601 30-Aug-2014 15:12
Send private message

richms: Except when there is a surface cable run along a pergola or carport to get to the camera. I still need a DVR with multiple interfaces to handle connecting to the second vlan. That dahua one looks cheap and easy enough.

Its not a huge issue for me now as everything is quite inconvenient to get to, but when I finally get the gate put in and will have a camera on that, it will be at a height where it is quite easy to get at. I dont see how anyone could consider running a cable with connectivity to the entire lan, which will also be carrying other things on it as being acceptable, but apparantly it is the norm for most IP camera installs. Perhaps I have only been talking to cowboy installers with no concept of network security tho.


The way I did it at my previous place was connect all the IP Cameras to a managed switch, Assign them a VLAN and block access from that VLAN to my home network.




<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>

 
 
 
 

Support Geekzone with one-off or recurring donations Donate via PressPatron.
chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #1118603 30-Aug-2014 15:23
Send private message

I still need a DVR with multiple interfaces to handle connecting to the second vlan.


Why does the DVR need to have multiple interfaces?

Your firewall rule only needs to be one way so that you can access the camera LAN from the main LAN and with the appropriate routes. With a managed switch the DVR wouldn't even need to support VLANs.

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1118615 30-Aug-2014 15:53
Send private message

The Ubiquiti UniFi products are VERY good and well priced too, would strongly recommend. You can purchase a Toughswitch for your PoE to the cameras.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

syousif
41 posts

Geek
+1 received by user: 2


  #1120892 2-Sep-2014 23:24
Send private message

richms: Except when there is a surface cable run along a pergola or carport to get to the camera. I still need a DVR with multiple interfaces to handle connecting to the second vlan. That dahua one looks cheap and easy enough.

Its not a huge issue for me now as everything is quite inconvenient to get to, but when I finally get the gate put in and will have a camera on that, it will be at a height where it is quite easy to get at. I dont see how anyone could consider running a cable with connectivity to the entire lan, which will also be carrying other things on it as being acceptable, but apparantly it is the norm for most IP camera installs. Perhaps I have only been talking to cowboy installers with no concept of network security tho.


sounds like you have only been talking to cowboys with no experience in IP surveillance.
remember most security companies were analog based and doing alarms, with IP and networking becoming more part of the industry of recent and most have not skilled themselves in the IP installations.

if your a hands on type customer, i would suggest you build a PC/server with dual nics, and have the cameras on one side, or VLAN the cameras and the PC/server. install VMS software on it similar to www.milestonesys.com very robust software. you can download the free version, that limits you on the storage days, but has most features that you would pay thousands for.

the good thing with a machine that you build, it will give you the option of adding more cameras later, if you buy a box that does only a limited number of cameras and only a from that particular manufacturer.

alternatives to PC/server built is a QNAP or Buffalo NAS that has a VMS software installed, they would not normally have dual nics so recommend setting up a VLAN.
however Buffalo have one with two network ports - http://www.buffalo-technology.com/en/products/storage-devices/surveillance-storage/terastationtm-nvr/?nocache=1

recommended cameras would be Axis - http://www.axis.com/products/cam_m3024lve/index.htm
or any other Axis camera.
the above you would pay a lot for from any security, but with some IT skiils you can set up yourself and get your cowboys to run the cables for you only.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright