Unsolved Looking for Security camera options
-
@dashrender said in Looking for Security camera options:
@irj said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Kind of...
Any resource as important as camera system would certainly not be exposed directly. There is no reason for it. You're never gonna say "Customer please login and check the camera system." So why publicly expose at all.
Require VPN and make it internal only resource.
You're right about using SAML for authentication and using groups to maintain.
wow - I don't know what customers you're talking about - but the two I had that have cameras absolutely demanded an app on their phone to watch their cameras from anywhere.
Where they enterprises or hobby businesses?
@Pete-S stated specifically enterprises and that is what I am answering. Nobody in an enterprise needs to check a camera while out to dinner. In real businesses CEOs don't have access to cameras nor do they care.
@Dashrender you've misinterpreted nearly every reply on this thread and frankly everyone else is not understanding your replies like your sarcasm.
-
@irj said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@irj said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Kind of...
Any resource as important as camera system would certainly not be exposed directly. There is no reason for it. You're never gonna say "Customer please login and check the camera system." So why publicly expose at all.
Require VPN and make it internal only resource.
You're right about using SAML for authentication and using groups to maintain.
wow - I don't know what customers you're talking about - but the two I had that have cameras absolutely demanded an app on their phone to watch their cameras from anywhere.
Where they enterprises or hobby businesses?
@Pete-S stated specifically enterprises and that is what I am answering. Nobody in an enterprise needs to check a camera while out to dinner. In real businesses CEOs don't have access to cameras nor do they care.
@Dashrender you've misinterpreted nearly every reply on this thread and frankly everyone else is not understanding your replies like your sarcasm.
You know, not many on this forum have the luxury of working for enterprise customers, not even Scott. Most of our clients are going to those hobby businesses as we call them around here. So that is the context I generally live in. Since you're fortunate to be in that enterprise space, you generally come from that context, so I get it....
-
@dashrender said in Looking for Security camera options:
You know, not many on this forum have the luxury of working for enterprise customers, not even Scott. Most of our clients are going to those hobby businesses as we call them around here. So that is the context I generally live in. Since you're fortunate to be in that enterprise space, you generally come from that context, so I get it....
Saying I'm fortunate or it's a luxury would imply that it fell into my lap. I worked very hard to get where I'm at today.
Scott runs NTG and certainly makes bank working off SMB and has the ability to expand his income by adding clients and employees. When you're 1 man show there's not much room to grow.
That being said, one man IT guys make great security or enterprise IT people because they have an understanding of nearly everything it takes to run a network. We kept interviewing security employees with degrees and only security experience. They were not good. I recommended that we ask our recruiter to reach out to one man SMB guys. We found a very knowledgeable person that could be trained on how to do various security functions very easily.
-
@dashrender said in Looking for Security camera options:
@irj said in Looking for Security camera options:
@dashrender said in Looking for Security camera options:
@irj said in Looking for Security camera options:
@pete-s said in Looking for Security camera options:
I would guess though, that you could use a reverse proxy and still put most of these things directly online - especially if you put your own logon page in front of the proxy's redirect to the camera system.
Yes, the cameras or NVR would be accessible through the reverse proxy only.
When you authenticate with SAML, the users are authenticated against a third party "login" service (called Identity Provider). So you are basically outsourcing 2FA and the login process to someone who has the resources to secure it. It's how enterprises do it.
Kind of...
Any resource as important as camera system would certainly not be exposed directly. There is no reason for it. You're never gonna say "Customer please login and check the camera system." So why publicly expose at all.
Require VPN and make it internal only resource.
You're right about using SAML for authentication and using groups to maintain.
wow - I don't know what customers you're talking about - but the two I had that have cameras absolutely demanded an app on their phone to watch their cameras from anywhere.
Where they enterprises or hobby businesses?
@Pete-S stated specifically enterprises and that is what I am answering. Nobody in an enterprise needs to check a camera while out to dinner. In real businesses CEOs don't have access to cameras nor do they care.
@Dashrender you've misinterpreted nearly every reply on this thread and frankly everyone else is not understanding your replies like your sarcasm.
You know, not many on this forum have the luxury of working for enterprise customers, not even Scott. Most of our clients are going to those hobby businesses as we call them around here. So that is the context I generally live in. Since you're fortunate to be in that enterprise space, you generally come from that context, so I get it....
I don't work for an enterprise. We have around 45 employees.
Also enterprise or not has nothing to do with securing correctly. It takes a small amount of time to segment correctly. You can still give them app access to cams without exposing directly to the internet.
-
@dashrender said in Looking for Security camera options:
Since you're fortunate to be in that enterprise space, you generally come from that context, so I get it....
The grass is always greener on the other side.
Enterprises have lots of red tapes and things takes ages to get approved and involves lots of people, meetings and communication. Sane people have gone mad for less.
I think a medium size company, where management wants what's best for the company and are large enough to have the budget for it, is the sweet spot.
-
Still looking for recommendations beyond the two above.
-
@stacksofplates said in Looking for Security camera options:
Also enterprise or not has nothing to do with securing correctly. It takes a small amount of time to segment correctly.
I agree but there is always risk (cost) versus benefit.
So "securing correctly" would mean looking at that and then picking a solution that fits the criteria.
Sometimes that might be exposing directly to the internet, sometimes it might be cameras in an air-gapped network but often it would be something in between.
-
@jaredbusch said in Looking for Security camera options:
Still looking for recommendations beyond the two above.
I keep forgetting to look at what our new rollouts are using. I'll try to grab the manufacturer and a model or two for you.
-
When considering security cameras, it is best to opt for cable (with PoE, Ideal), you can look for:
Avigilon
NVR: PRO 16-PORT (Includes switch with 16 PoE ports)
Cameras: H5A or H4ES
If you are looking for something cheap
Hikvision / Epcom
NVR: XR416 (US) (Includes switch with 16 PoE ports)
Cameras: XB-26ZH-US or XT-26ZH-US -
@travisdh1 said in Looking for Security camera options:
@jaredbusch said in Looking for Security camera options:
Still looking for recommendations beyond the two above.
I keep forgetting to look at what our new rollouts are using. I'll try to grab the manufacturer and a model or two for you.
The systems we've been rolling out lately use Axis cameras.
- M3116-LVE
- M3066-V
The only downside I see is it requires Windows if you use the Axis Camera Station for the server, which they decided to go with in this case. Besides that, the overall system works great.
-
@travisdh1 said in Looking for Security camera options:
it requires Windows if you use the Axis Camera Station for the server
That is a nope. This site has almost completely left Windows.
-
@jaredbusch said in Looking for Security camera options:
@travisdh1 said in Looking for Security camera options:
it requires Windows if you use the Axis Camera Station for the server
That is a nope. This site has almost completely left Windows.
Good on them!
I've had very little involvement in the project besides being told about it after the first server arrived at my house(office) for deployment (5 servers for 5 sites).
-
@JaredBusch Did you ever find a product that you liked for this?
I am looking for 1 PoE outdoor camera for the front of my house. I ran the Cat6 line years ago and I just need to buy the camera now.