Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: Home surveillance system

  1. #21
    Senior Member
    Join Date
    Apr 2018
    Location
    AZ
    Posts
    219
    Quote Originally Posted by PN View Post
    I have heard about these little indoor Wyze Cams for quite some time. They are helluva buy starting at around $20. You get 14 days of free upstream bandwidth/storage. You can also add an SD card. They work with Alexa. I have also learned that they use TLS, AES 128-bit encryption to protect the security of the live stream and playback data. Every device has its own secret key and cert so they can validate the identity during a handshake.
    I use a similar approach with each of my "nodes", here -- each is "introduced" to the System via a secure portal in a locked equipment closet (so the System can install the private keys without any chance of an eavesdropper interfering with the process).

    An adversary won't attack the encrypted stream. Rather, they'll attack the endpoints or protocol. Most "video" is boring and of little "value" to an adversary.

    E.g., I have 8 cameras monitoring the grounds around this house. A passerby can easily "see" what 6 of the cameras are "watching" -- "for free" (the front yard and each of the side yards)! The remaining two cameras cover the back yard -- and would require the passerby to come onto the property to peer over the wall (or, do so from a neighbor's yard... OR an overhead drone flyby!).

    [It's possible that access to my camera feeds could allow a remote hacker to identify my actual street address; use my IP to locate my ISP and then use google street view to find imagery that matches the camera feeds from the front of my house. All of that could be done mechanically without requiring a human being to scan the neighborhood imagery!]

    Two additional cameras monitor the front door. Again, visible "for free" by any passerby. A third (camera #11) acts as the doorbell and "front door key" (if The House is expecting you and recognizes you, visually, it will unlock the door for you). Again, nothing that a passerby couldn't see with his own two eyes.

    There are 7 cameras in the garage (to assist with parking and verifying no obstructions in the path of the garage door or exiting vehicle) that MIGHT hold some "secrets" for a voyeur -- while the door is closed and the contents not observable by a passerby.

    The remaining cameras (in addition to the garage cameras) don't provide video feeds that can be viewed by "humans". These have the most potential "value" to an adversary as they exist INSIDE our "private space".

    Instead, The House uses those feeds, directly (as with the doorbell camera). There's one in each bathroom -- along with a microphone and speaker -- to monitor for "trouble" ("Help! I've fallen and I can't get up!!") and take action (the whole point of all this technology is to enable people to live independently for longer than they would otherwise be able). I'm in the process of adding 30 more such "nodes" throughout the house -- to track the locations of occupants and respond to their commands/requests. (this is currently done with BT beacons but that is subject to hacking, jamming, eavesdropping, etc. -- all the flaws that are inherent in a wireless technology)

    The real value, to an adversary, lies in getting a beachhead into your network... INSIDE your firewall. You do this by exploiting sloppy ASSUMPTIONS made in the implementation... do things that "can't happen" (in the opinion of the product's designer/developer). So, you have to anticipate those assumptions and work to eliminate them.

    In my implementation, you can surgically remove a camera and "harvest its secrets" (if you had appropriate tools and can do so without the System seeing an interruption in "service" from that node). But, the System won't let you do anything more than the original CAMERA could do! I.e., you can spoof the video feed to whatever is viewing/analyzing it, but, you can't talk to anything else or eavesdrop on any other transactions. You could try to mount a DoS attack -- in which case the network switch/router will simply shut down your port (because the original camera wasn't supposed to behave like that. So, it's clearly defective -- or HACKED!)

    You can't do these things with COTS designs. Or, wireless technology. The individual devices -- ALL of them -- have to implement their own defenses against potential rogue PEERS! And, Company A is hardly interested in working to address problems that Company B's products might introduce.

  2. #22
    Senior Member
    Join Date
    Aug 2001
    Location
    Melbourne, FL USA
    Posts
    1,620
    Quote Originally Posted by automation View Post


    How do you KNOW that your network is secure? How do you know that every item ON the network is secure? Do you do periodic pen testing? Or, have a firm on retainer that does that for you, regularly? Are you advocating "most people" do likewise??

    With, instead, a naive, simpleton, D&K rationale... (sigh)


    Having a degree in Computer science and Business administration, being a systems analyst, system administrator, a Microsoft certified system engineer, a network engineer and a Novell administrator may be give me a little bit of insight considering the computer systems I managed for the Department of Defense.

    By the way, could you give me an example of me pasting my posts?

    Your insulting post was just that insulting, juvenile and unprofessional the work of an immature pompous pontificating person who has no idea of real-life.

    With enough money, time and resources every and any network can be breached so I'm not going to go crazy about the Chinese trying to find some 59-year-old quadriplegic network. I have better things to do with my time.

    Wish you would spend all this energy on doing something productive for the cure spinal cord injuries rather than berate the members whom you have no idea the lives they live and has become personally insulting. You may have a loved one or know someone, but you can never grasp what it is like to have a spinal cord injury until you have one.

    Somehow it seems that you know more than anybody who's ever been on the board before and I'm wondering why you're not on the talk circuit or writing books or On Jeopardy.


    Demeaning others does not make you better. It makes you worse.

  3. #23
    Senior Member
    Join Date
    Apr 2018
    Location
    AZ
    Posts
    219
    Quote Originally Posted by Cris View Post
    Having a degree in Computer science and Business administration, being a systems analyst, system administrator, a Microsoft certified system engineer, a network engineer and a Novell administrator may be give me a little bit of insight considering the computer systems I managed for the Department of Defense.
    So, you've never actually DESIGNED a camera (or other IoT device), done any Red Team/Blue Team exercises with "appliances", etc.

    The "world" is a lot different place when you don't have a big disk drive and gigabytes of memory at your disposal. How you protect your asset is considerably different when the resources have been sized (and costed) to fit the assets need -- instead of "perpetual update cycles" and "just reinstall Windows" as the panacea "fix" for all ills.

    I designed (and patented) my first "embedded system" more than 40 years ago. At the time, there was a debate over whether "software" (and, products that were largely software --PC's didn't exist so the notion of a PURE software product wasn't yet an issue) was a patentable/protectable bit of Intellectual Property.

    By the way, could you give me an example of me pasting my posts?
    Can you provide an example of me accusing you of doing so?

    Your insulting post was just that insulting, juvenile and unprofessional the work of an immature pompous pontificating person who has no idea of real-life.
    "I do not know you, but have learned just to skip your cut-and-paste posts."

    Sure sounds dismissive -- pompous -- to me!

    With enough money, time and resources every and any network can be breached so I'm not going to go crazy about the Chinese trying to find some 59-year-old quadriplegic network. I have better things to do with my time.
    Again, you're showing your ignorance. NO ONE CARES ABOUT "YOU"! They don't care that you're a quad, male/female, black/white, etc. You're just an "opportunity" -- if you LET yourself be. A machine will hunt down those opportunities and try to exploit them -- mechanically. You'll be one of "N" who are targeted just because you've engaged in a behavior that can be exploited.

    Ever seen someone walking through a parking lot "randomly" pulling on door handles of cars? He's not singling out YOUR car... he's just hoping to find A car that the owner has failed to lock. He's not noticing if there's anything worth taking out of the car(s) before checking their door locks -- he's just looking for an OPPORTUNITY. He'll figure out how to exploit it, later.

    Wish you would spend all this energy on doing something productive for the cure spinal cord injuries rather than berate the members whom you have no idea the lives they live and has become personally insulting. You may have a loved one or know someone, but you can never grasp what it is like to have a spinal cord injury until you have one.
    I don't have the skillset to "cure" spinal cord injuries. Nor do I expect you -- or any others, here.

    I do have the ability to design "devices" that can ease a lot of the "tasks" that people are faced with in living, day-to-day. Not for the sole benefit of SCI victims but, rather, for "people in general". My presence here is to eavesdrop on the issues that SCI patients face and see how I can include/modify those needs in my design -- but, only as a subpopulation of the folks I am targeting (people who would need to have a home caregiver or enter an assisted living facility due to their inability to address the daily needs of living and caring for themselves, SAFELY).

    I don't have to venture out to the sidewalk to check to see if the mail's arrived -- or, if I've noticed the mailman's passage, if he's left anything for me, specifically.

    I don't have to drag my ass out of bed just to verify that the stove is OFF or the back door secured or the garage door closed -- as I usually have NOT made these mistakes (though, if I did, the consequences could be indicative of me "needing assistance"). Did I remember to turn down the heat in the guest bedroom??

    I don't have to fumble with light switches as I try to make my way to the bathroom in the middle of the night. Or, remember to turn them off behind me as I return to bed.

    I don't have to "encourage" the irrigation system to do some extra watering because it's been unusually hot/dry for a long period of time (and it's naive COTS programming doesn't account for that).

    I don't have to go to the front door to see if there's a package waiting for me -- or if there's some "solicitor" just hoping to bother me.

    I don't have to hunt for "The Remote" for whichever TV, stereo, ceiling fan, window curtain, etc. with which I want to interact. And, I don't have to remember to turn the TV off when I've left the room -- or, turn on the TV in the OTHER room that I'm headed into (e.g., living room into kitchen at dinner time) so that I won't have to fuss with finding THAT remote!

    I can tell the powerchair to go park itself when I'm done with it -- then "recall" it when it's needed again in the morning. And, start the coffee percolating so its ready before I get into the kitchen.

    I don't have to carry a phone on my person so I can answer before the caller gives up on me. Or, retrieve it before I can place a call.

    I don't even have to REMEMBER to do these things as The House can remember to do them for me! (because I, like most people, am a creature of habit and The House can observe those habits every minute of every day, forever, and learn from them -- without deliberately "leaking" details of everything you do in that house to "google" or some other Big Data entity)

    But, hey, if you don't think these sorts of things would benefit a person stuck in a chair, <shrug>.

    And, by the way, what are YOU doing to "cure SCI"? Or, with your IT knowledge, improve the living experiences of SCI patients (even if you choose to ignore non-SCI individuals who might be having trouble remaining independent)? Or, have you already DONE these things and just stingy and unwilling to share the results of your labors??

    Note that there is no one forcing me to address "your" (as a subpopulation) needs, here. Compared to the population of healthy individuals (who would enjoy the "gimickry" of what I'm doing), blind/deaf, old/decreasing competence and mobility impaired (but not crippled!), SCI patients are a drop in the bucket. And, already have "insurance" as an advocate (what can GrandMa call on to finance her needs for assistance?). It's just as easy to leave your needs to whomever opts to finish up this project. If that ends up being a business entity, I'm pretty sure you can anticipate their calculus: "Hmmm... tiny sub-market; what's our likely return, there?"

    (i.e., anything that I've not already put in place to address a set of needs is likely NOT going to get added; you sure you want me to "go away"? Really enjoying that chair, eh??)

    Somehow it seems that you know more than anybody who's ever been on the board before and I'm wondering why you're not on the talk circuit or writing books or On Jeopardy.
    I only talk about things of which I have first-hand knowledge. This discussion started by me raising the red flag over allowing remote access to cameras -- or anything else INSIDE your firewall -- just for the sake of "convenience"... because there is a cost (risk) to that "convenience". Instead of relating first-hand EXPERIENCES, I opt to cite information available from third-parties -- so the reader can verify my claims. But, you belittle this as "cut-and-paste". Yet, your attitude, here, suggests that NOT providing the backup would have you belittling my comments as "mere opinion". Amusing paradox, there, eh?

    I wonder how many NON-PC systems you've ever had to support? Do you even know how to go about it? Do you have the tools to do so? (i.e., there's no "Console" that you can type away at to see what's going on inside the device; you can't "load" a debugger to trace the code or monitor the data)

    [But, hey, maybe it will be your NEIGHBOR who gets hacked... it's NEVER "you", right?]

    Demeaning others does not make you better. It makes you worse.
    Pot, kettle, black.

    (apparently, you didn't learn well enough as you opted not to skip that one, either!)

    My last post. I'll try to remember to put in a good word for "crips" when I hand the project over! Maybe someone ELSE will care...

  4. #24
    OooohKaaay! OooohKaaay! This is only a thread about a home security system, already...........talk about going for the jugular! Down boys...down...sit...stay!
    Last edited by gjnl; 05-25-2019 at 10:36 PM.

  5. #25
    I kinda regret making this post. All I wanted was brand suggestions and pro's and con's of wired vs wireless.

  6. #26
    Quote Originally Posted by Scott C4/5 View Post
    I kinda regret making this post. All I wanted was brand suggestions and pro's and con's of wired vs wireless.
    And Scott you should have no regrets. I too would have liked straight forward answers from members who have installed these systems. That would have been interesting and helpful. This thread should have been all about your question, not about a couple of clashing egos. Sorry you didn't get what you wanted from our membership.
    Last edited by gjnl; 05-26-2019 at 12:07 AM.

  7. #27
    Senior Member
    Join Date
    Aug 2001
    Location
    Melbourne, FL USA
    Posts
    1,620

    This is my system

    Scott:

    Sincerely apologize for letting automation get under my skin and diverging your Topics from what you wanted. This is what I did:

    When first installing cameras and connecting them to my computer had a four port PCI card for cameras. Then I purchased a ZOSI eight channel DVR and have tried systems like baby monitors or such for indoor use. They didn't work well for me because I could not reset after a power outage, you get what you pay for an upgraded the cameras in my house also

    DVR's or NVR's are not very expensive $70 and upwards you pay much more for cameras. You do get what you pay for and be very careful about buying Chinese cameras. Do not believe you need anything more resolution than 1080 P or high definition or 1200 TVL.

    The corner cameras can zoom in on the license plate on the gold car across the street. This is my Screenprint from my CCTV DVR, also have a wireless NVR and probably add POE NVR after I finish this configuration.
    Attached Images Attached Images  

Similar Threads

  1. Home call system recommendation
    By rmarks70 in forum Equipment
    Replies: 3
    Last Post: 02-03-2019, 01:54 PM
  2. Has anyone tried using the NeuroMove home biofeedback system?
    By divin'darren in forum Exercise & Recovery
    Replies: 5
    Last Post: 08-09-2008, 02:17 PM
  3. Has anyone tried using the NeuroMove home biofeedback system?
    By divin'darren in forum Exercise & Recovery
    Replies: 1
    Last Post: 08-05-2008, 02:25 PM
  4. Replies: 10
    Last Post: 01-23-2008, 05:23 PM
  5. Replies: 5
    Last Post: 12-13-2003, 09:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •