I went with the wired network route. I'm sure to most people it seems like the more secure route, but it's important to realize that for outside cameras, you now have ethernet connections accessible from outside. Jamming WiFi is a denies you the ability to record, but external ethernet gives them access to your network. I went with building an isolated network, but I think that's outside the relm of what most consumers can do. A WiFi camera, while not perfect, really does give you the best bang for the buck.
I'm sure we all know that most residential locks can be picked with relative ease, but criminals rarely go through the trouble. The one time a person did "break in" to my house, they just opened an unlocked door. Usually I keep that door locked, a large piece of plywood in front of it, and a table saw braced up against that. Just so happened I worked on a project that day and just forgot to lock the door. Lucky break for her, but trying enough doorknobs she was bound for find some. She had gotten into two other houses that night. She was also tripped out on meth and couldn't have operated a WiFi jammer if she wanted to.
So, yea, a WiFi camera isn't great, but it's still going to get 99% of criminals out there. Next we just need WiFi jammer alarms.
> So, yea, a WiFi camera isn't great, but it's still going to get 99% of criminals out there. Next we just need WiFi jammer alarms.
All we need is onboard storage to record a couple hours of video locally which can then be synced when the connection is back again. Right? That doesn't fix real-time information transmission, but video is most often important for finding suspects after the fact.
Sounds like you think law enforcement actually give a shit about/can do anything toward solving burglary crime.
Maybe it's better in other countries, but 5% solve rate sounds like they go and knock on the doors of the local known burglars to see if they still got the goods lying around.
I actually work in LE and video from domestic and commercial security cameras are always a major piece of information that we look for in every single investigation. So... Yes, LE gives a shit in many countries.
However, also in many countries, like my own, police is very under staffed and burglaries are often on the bottom of the priorities list. Armed robberies, murders, shootings, stabbings, explosions, fires, domestic abuse, rape, to name a few, are the ones that get the highest priority. And those things take a lot of work to find suspects, prove what they're suspected of, write it down and get them convicted.
A case, unfortunately, isn't finished when you catch a suspect. It's a crap load of work to get someone convicted and that gets massively underestimated by people who only read statistics and conclude that LE doesn't care... Most of us do, which is why we join the field.
Same, used to work for one of the largest depts in the us, the part 1 crimes that are violent really take up the mindshare in a violent city. Cameras only tell so much, the flyers go out with what is found. Lots of people don’t snitch either. We are relying a lot more on technology not just registries of voluntary ring locations but LPRs etc. I think the goal is to get around no snitching.
I had WiFi cameras until my friend showed me how his cameras were jammed when his neighbour had a broad daylight burglary. A van pulled up and a second later the video was completely jammed. Then five minutes later it comes back to normal, but neighbour doors were smashed in.
So I got a wired network now, on a separate LAN and have two cameras on each perimeter, so if someone tries to cut the cable (unfortunately I was unable to run the cables inside the wall, so they run in PVC pipes attached to the wall), I very least should have that recorded. Also all my cameras are 4k. The cameras also record to built in SD card. There are also two servers hidden each is pulling the videos from DVR to back up and then one copy is uploaded to external server.
Why not a physically separate network? If all you care about is catching outside problems like porch pirates, car thieves, and dogs owners who don't clean up after their pets just run cables from each camera to a switch that's connected to a single machine that isn't on your network or the internet.
Cameras inside the house get internet access, so intruders can't just walk off with your footage, but external camera feeds are fine to be stored locally.
That'd take very little skill to set up, prevents anyone from using those external connections to get at the rest of your network or abuse your internet connection,you don't have to worry about jammers, the police won't be accessing your feed whenever they feel like it, and Amazon won't be keeping detailed logs of everyone who comes to your door, how often you have company over, what your daily/weekly schedule is like, how often you get food delivered, what kinds of clothing you and your guests are wearing, how many children are in your home, how many pets, how often you go out on the weekends vs staying inside, how often you vacation and for how long, how many friends you have, how often you have non-amazon packages delivered, what kind of car you drive, etc
Pour gasoline over the cameras, then light it, and you can burn the whole house down destroying the footage and killing everyone inside!
You can't build a system that's immune to every possible type of attack, but fortunately you don't have to. Most people will never catch a single "bad guy" with their camera set up, and will never have anyone mess with the system at all. That doesn't mean it's not a good idea to take a few simple steps to better protect yourself, your family, your packages, your network and your privacy. If you see value in having your surroundings captured on camera you can gain a lot of benefits for a small amount of effort by throwing your ring cameras in the trash and setting up a dedicated network for their replacements.
I take the lazy VLAN route, then. Ideally, I can plan all this out during construction, and run conduit through all walls, have electrical outlets near each ideal switch location, and so on. But in most homes that are not previously owned by tech-geeks, re-wiring properly means busting down drywall. If you own the home, it's a major pain, and if you rent, it's impossible.
Typically the things on my home network that need to be isolated and/or revoked Internet access are not in physical proximity with one another, so using a separate switch for them means a lot more wiring. It is much simpler to just run devices to the nearest already existing switch and do the isolation in software. This also cuts down on the number of switches which means fewer points of failure.
Because we've already got the skills to secure a shared network I don't blame you. On the other hand though there's some benefit to redundancy too. if your switch dies it'd be nice to be able to take the cameras offline and swap in the working switch so your internet stays up while you wait for the new one to arrive.
For the crowd who can't isolate the cameras from the rest of their network and don't already have a bunch of networking equipment laying around though a dedicated network for the security cams is a easy solution that offers a lot of advantages over a ring cam.
Worth noting even the cheapest router chipsets normally support vlan tagging, so with a sub $100 router you can flash an opensource firmware on it like openwrt and then isolate network traffic on each port and filter it with iptables.
What use is getting access to the network these day anyway? Everything has moved to a model of not trusting the network or anything else on it. I guess they could cast something to your chrome cast?
Are you sure everything has? Smart appliances in particular are typically terrible with security, so having access to their network certainly gives you an edge.
Guys I mean it, i just bought a brand new fiber router (AVM fritz.box) and the first thing firefox would like me to do is to switch to the http version of said configuration page.
Chrome lets me add an exception for the box itself, but really how many end user do you know that will not click on "take me to the http version(unsafe)", when talking about their home router?
So given the fact that I am in your wifi, One could use dhcp (if active) for MITM attacks, grab the router password and install tracking daemons right on top.
Next step would be to forward the dns requests to one of mine so I can build a map of what sites you use and from there all I have to to is to make you accept an insecure ssl cert and done?
> I went with building an isolated network, but I think that's outside the relm of what most consumers can do.
An off-the-shelf consumer PVR that uses wired ethernet typically has its own integrated PoE switch on its own subnet. Maybe it will route to your LAN if you probe the private ranges, but it's also a fairly straightforward software issue to fix - nothing fundamental to the arrangement, and at no additional marginal cost.
I suggest a physically separate network for ip based security systems. The GPs concerns are also why most wired CCTV at the higher end is often not ethernet, but there are ways to secure ethernet even externally (camera housings that are basically safes, very high placement that would require a ladder to get to, etc)
The term you are looking for is "high-security", which covers the private industry side, DoD has others at play. Also dont forget the value of having custom welding done.
Thanks, my initial search found cameras for oil rigs, which minimized sparks :) I've used carriage bolts to reinforce steel enclosures, with single-use wire rope seals for tamper detection on covers, minimizing exposure of the clamping point.
Axis P1204 has a small camera sensor separated from the camera body by a 25' cable, which makes it easier to enclose and secure the camera body. Not seen that elsewhere, must be a proprietary protocol on that cable, e.g. RPi camera sensor cables can only be a few cm.
i just bought a reolink RLC-823A Smart 8MP PTZ PoE Camera with Spotlights
It is build like a tank and fully aluminium. If you mount it right you easily can hold a person from it. I bascially made a hole through the wall for the cables and mounted it directly to the outside wall.
For now im quite confident that nobody will be able to remove it without much fuzz
Wouldn't you, ya know, see a baddie disconnecting/destroying your camera and connecting their CP downloading device or whatever they're planning to do on your network?
I think you can encrypt ethernet comms too using 802.1x RADIUS. That's as secure as Wi-Fi and removes the need for an isolated network (which, when unencrypted isn't as secure as you think, e.g. MiTM). Ideally you connect via both but that's overkill for most use cases.
> I went with building an isolated network, but I think that's outside the relm of what most consumers can do.
A bit off topic, but can we please stop calling people "consumers"? It's such a weird and patronising term, not to mention completely unnecessary when "people" does a better job.
> can we please stop calling people "consumers"? It's such a weird and patronising term, not to mention completely unnecessary when "people" does a better job.
"Consumer" IS the technically more accurate term, as outside of the consumption of tech/services as designed for them, they do not venture beyond that realm & try to understand how the tech works.
Similar analogies include:
- Not caring about how a car works internally, & leaving its repair & maintenance to a mechanic.
- Not caring about how their dishes were made, & leaving that to cooks/chefs.
- Not caring about the minutiae of the law, & leaving that to the legal system & its lawyers & judges.
- Not caring about sewer maintenance, & leaving that for sewage workers.
- Not caring about recyclables processing, & leaving that for recycling plants.
- Not caring about Y, and leaving that for (workers/entities that work with Y).
All of us are consumers in some form or another: We require the services of others that require the services of others that require the services of others ad infinitum.
I'll go ahead and say I mostly agree. I don't like being called some kind of sink, evaporator, diminisher or resource-terminator. Though granted, in English, these connotations are not as prevalent as in my language.
In my language, employers are routinely called "work-givers", employees are "work-takers", even though we have a perfectly fine "employee" term. I hate how it introduces a power relationship into the terms themselves.
But I also know it's a lost fight. I once specifically used the neutral term for employee in a work contract I wrote - which was best practice just a few decades ago. It was immediately changed.
I think consumer/customer is the right term in this situation. Even though I could build an isolated network with ethernet cables and security camera's, we're usually left with the other people, myself included, that wouldn't always be able to do research and come up with the best solution. That's why I want to outsource that by purchasing something. Which is why we're left with this freemarket of vulnerable devices and practises. People setting up security camera's usually do a good job. Consumers do not.
I'm sure we all know that most residential locks can be picked with relative ease, but criminals rarely go through the trouble. The one time a person did "break in" to my house, they just opened an unlocked door. Usually I keep that door locked, a large piece of plywood in front of it, and a table saw braced up against that. Just so happened I worked on a project that day and just forgot to lock the door. Lucky break for her, but trying enough doorknobs she was bound for find some. She had gotten into two other houses that night. She was also tripped out on meth and couldn't have operated a WiFi jammer if she wanted to.
So, yea, a WiFi camera isn't great, but it's still going to get 99% of criminals out there. Next we just need WiFi jammer alarms.