Sunday, November 18, 2012

Understanding Power over Ethernet for video surveillance

PoE was, and is, supposed to make the powering of devices easy. You take your camera or other device that accepts power via the Ethernet port, you plug in the RJ45 jack to the port, and you walk away. Inside the head end, you plug the other end of the same Ethernet cable into a PoE switch or PoE injector and voila, power is magically delivered to the device along with the data connection. In theory, all of the normal worries are gone. AC power or DC power is irrelevant, and you don't even have to worry about over-powering a camera that, were you to fry it, could potentially set you back a few thousand dollars in equipment costs and man hours!
PoE was supposed to be this way, but practical reality has diverged from the perfect world concept in such a way that the actual installation is almost never that easy. So set aside the “perfect world” notions you have, and let’s start with the basics, so you can understand how PoE works.
There are four classes of PoE: Class 1, 2, 3 and 0. Each PoE classification denotes a range of power that is available to the end device as well as the power that must be available on the port of the power sourcing equipment (PSE):
PoE Classifications
  • Class 1 --  4.5 watts at PoE port; 3.84 watts at device
  • Class 2 --  7.5 watts at PoE port; 6.49 watts at device
  • Class 3 --  15.4 watts at PoE port; 12.95 watts at device
  • Class 0 --  15.4 watts at PoE port; .44 to 12.95 watts at device
In the world of PoE there are two kinds of switches that can provide PoE; the kind that operates with a “guarantee per port” and the kind that operates with a “total power budget”. Both kinds of switching are useful but there is a significant difference between them. If you happen to have a switch nearby, look at it and see if you can tell into which one of the above two categories your switch falls.
A switch that guarantees a certain wattage per port -- 15.4 watts per port, for example -- means that you can be sure that no matter how many Class 3 or Class 0 devices are plugged in, the switch will be able to power them. Of course, these switches tend to be bigger, more expensive and ill-suited for use outside of a nice climate controlled room, but they do prevent errors in power planning.
The second type of switch mentioned above -- the kind with a total power budget -- can only power as many PoE devices as it has power to spare. Imagine that you are working with a 4-port switch that carries a total power budget of 30 watts. This kind of switch could power four Class 2 cameras (4 devices x 7.5 watts = 30 watts needed). It could also easily power four Class 1 devices (4 devices x 4.5 watts = 18 watts needed). Continuing with that math, it would be able to power Class 3 or Class 0 devices, but it could only power two of those types of devices.
Power planning is where the rubber meets the road, and it brings up a challenge in our industry.
What happens if a chosen device (i.e., a PoE powered camera) does not clearly specify the PoE class and instead simply gives an operating wattage? You might think that this is OK since a camera which says “6.01 watts” is within the Class 2 specifications and therefore must be Class 2. But that’s where reality often diverges from common sense. In theory, what is supposed to happen is that a device is clearly labeled with a PoE classification so that when said device is plugged into a PSE device, the power budget has been worked out such that each device will receive its required PoE.
What I believe the security industry needs – right now, since PoE is happening today -- is clear labeling of the correct classification of PoE on each and every device that uses PoE. It is all well and good to place the operating or maximum wattage on the device, but industry manufacturers need to take the next step!
Manufacturers should label the device, print it on in large type and with bold colors, CLASS 1, CLASS 2, CLASS 3, CLASS 0, or whatever PoE Plus will hold as a classification. It's OK if your device actually only draws 3 watts during normal operation but for some reason is Class 0. Just tell your integrator channel partners and end users by labeling the device in the manner in which it was intended to be used. This lets system designers know the classification so that they might properly create a power plan and buy the correct devices. No one wants to be in the field trying to get a project done on time and only then realize that their switches don’t have enough power for the devices they’ve purchased.
While I am solidly standing on my PoE soapbox, let me also make a plea for PoE classification to be a priority on data sheets and marketing slicks. Some camera manufacturers make wonderful versions of these spec sheets. You’ll find photos, technical illustrations, cross reference charts, and more -- and often not a hint of PoE classification to be found anywhere. As someone who works with PoE, it sometimes seems as though PoE has become the crazy uncle that everyone has and who no one wants to invite to the party. Unfortunately for all of us, the crazy uncle could actually be the life of the party -- he makes it easy to entertain the guests and always has enough cash to pay for pizza -- but we haven't managed to take advantage of him yet!
PoE is supposed to make things easy, and between the standards bodies, the independent PoE offerings, the lack of classification usage, the errors in PoE chip usage within devices, and the propensity of some manufacturers to create Class 0 signatures in devices that draw minimal wattage, PoE's original purpose has been obfuscated in a way only rivaled by the current explanation of the financial bailout.

Why has it become so complex? Who knows! Unfortunately it has, and confusion has also shared a taxi with a lack of education on the road to PoE's widespread acceptance. People see a label on a device that says “” or “IEEE Compliant” and then automatically assume that they can plug it into a PoE switch or midpsan and have it work with no problem. What makes the education problem worse is that often it does work with no problem, and this leads people to the assumption that PoE is really nothing more than Windows “plug and play” for power. Unlike Windows, however, there is no “blue screen of death” when using PoE. Instead there is a device that does not power on, or (in rare cases) a device that does power on followed by smoke, the smell of singed chip boards and fried capacitors, and then what was a very expensive security device becomes an equally expensive paperweight.

Thursday, November 15, 2012

Tips on Buying Surveillance Cameras on eBay

Until now in the world, eBay still remains one of the biggest auction websites. Millions of items are sold through eBay all over the world, including surveillance cameras.  
Although its network is huge and it is well managed, you are still not satisfied with the products you purchase form the website, especially if it is a video security camera system. According to the report of Metropolitan Police in UK, there are over 100 eBay related crimes every month.
Here are some tips for you when you are purchasing a surveillance camera on eBay, you can take a note if you think it is useful.

1. Know the seller. It is very important that you can vouch for the credibility or trustworthiness of the seller. Read the reviews. Ask for feedback straight from the buyers themselves.
2. Search extensively. There are thousands of surveillance cameras and sellers you can find in eBay. It is going to be purpose defeating if you are going to simply opt for one seller and one kind of camera. There are different ways on how to search comprehensively in eBay. You can read the tutorials or guides available in the website.
3. Determine how much you are willing to pay. You can search for surveillance cameras based on their price. Thus, it will be easier for you to purchase one that fits your budget. If the one you like does not, you can always practice the art of negotiating or haggling with the sellers. As long as they can confirm your authenticity and your faithfulness to the transaction, they may offer you with a good discount.
4. Read the descriptions. It is not enough that there are surveillance camera images. They should also have their corresponding descriptions, and they must be very detailed. This means that if there are minor defects, these should be listed to ensure that you know what to expect from the product.
5. Read the policies. Though eBay has its own general policies, every seller may implement their own. It is wise to read about their rules in shipping and purchasing before you proceed with the transaction. It is unfair to cry out fraud if the neglect is actually committed at your end.
Normally, sellers would accept cash or credit card payments. They would also send surveillance cameras for free if you are very close to the seller’s residence or business address.
6. Obtain a guarantee. Never purchase a surveillance camera if the seller cannot provide you with a warranty or guarantee. You have to remember that you cannot test the equipment before purchase. A guarantee will make sure that you can return the item if ever it does not work as expected.
7. Decide what you need. There are different kinds of surveillance cameras you can choose from. You can spend less time in eBay as well as prevent yourself from the sweet talks of sellers if you already have an idea of what you need. For instance, if you want to observe people inside buildings, you can opt for spy cameras.
Knowing well above these tips, you can have a great shopping experience on eBay, save time and money most of the times.

Saturday, November 10, 2012

Managing risks to CCTV data and systems

CCTV systems collect all types of information for a wide range of reasons. While the equipment is valuable, it is almost always the records, and the information they hold, that matter the most.
Many CCTV systems record images of people, especially if they are set up in a public space. This type of record is 'personal information', which is protected under privacy legislation. As a result, every effort should be made to keep the records secure and avoid misuse.
Managing the risk to records protects the CCTV owner as well as the individual being recorded. CCTV records may be used as evidence in criminal proceedings. They can also be used to demonstrate that an innocent activity was genuinely innocent. Either way, the records should be stored securely until they are handed over to the police. For private operators, there may also be good commercial reasons for ensuring confidentiality of the records.
At a basic level, the question is: what can go wrong, and how much does it matter?
CCTV systems are exposed to a range of intentional physical security risks such as tampering with camera placement, power supplies, communications cabling and controlling equipment.  These risks may be prevented with physical control measures, such as housing these items in locked enclosures appropriate to the risk and environment (such as equipment that is accessible to the public).  Procedural security can be used to deter and detect attacks on CCTV infrastructure by visual inspection and review of indicative alarms.
Natural disasters also present risks. You can't prevent fires, floods, or earthquakes, but you can minimise the risk of damage or loss of data from your CCTV system.  While insurance can cover the loss of equipment, data is not replaceable. A good offsite backup system for electronic data, such as CCTV video, configuration data, usage logs etc, can reduce this risk.  Systems that instantaneously backup data provide less likelihood of data loss when compared to scheduled periodic backups.
Modern digital CCTV systems are typically dependent on computing equipment performing continuously.  Protection from inevitable hard disk failure is usually provided with redundant disk storage systems (using RAID arrays).  Once a disk failure has been detected (automated detections should be tested regularly) it can be substituted with a replacement disk onto which the missing data is automatically copied. This rebuilding process can take many hours due to the large storage capacity which presents additional risks; the storage system may not cope with rebuilding load resulting in missing data, and data from any further coincidental disk failure(s) may not be protected (depending on the redundancy design).   Whilst it may be impractical to have full CCTV system redundancy it may be prudent to maintain service spares of essential components.  For example, power supplies are required for interrogation of system data or access live CCTV resources.  As such battery backup and/or alternate utility supplies may be warranted.
Attacks on CCTV information from human threats can be grouped as:
  • Availability; the information is not required when needed.  Information may have been deleted accidentally or maliciously, or normal access prevented through disruption to normal processes, such as physically damaging equipment and communications or inundating communication channels.
  •  Accuracy; the information has been compromised. This may include substitution of real data with artificial data, or breaching evidential requirements for handling information that casts doubt on its authenticity.
  • Confidentiality; the information has been disclosed to unauthorized persons.  This may have occurred with or without knowledge of the CCTV system owner.  An obvious example of this is the unauthorized duplication and dissemination of video to media outlets - made easier if operators have ready access to high speed internet connections.  A less obvious example may be an unauthorized access by computer 'hackers' where CCTV systems are interconnected with other data networks.
  • Integrity; the information has been compromised. This may include substitution of real data with artificial data, or breaching evidential requirements for handling information that casts doubt on its authenticity.
Even with the best of intentions, mistakes can and do happen. They include accidentally deleting records or even entire hard drives, overwriting backups, forgetting to maintain a system, placing cameras in the wrong place, or forgetting to make a regular, scheduled backup. Some of these can be prevented by information management policies that include user training and restricting access to system resources, usually with logical access control (such as user sign log-on accounts). This can also help reduce the chances of deliberate actions aimed at destroying or stealing data or equipment.  Personnel security vetting is often included in licensing requirements and can reduce risks of inappropriate usage by CCTV operatives.
It is worth considering how you will manage these and other risks to the security of your CCTV equipment and records. Most strategies fall into one of four categories:
  • Avoid the risk - for example, by moving a camera out of reach of vandals, or locking a door after hours.
  • Transfer the risk - for example, by outsourcing the CCTV system and ensuring that contracting organizations, within the contract, are responsible for the security of records.
  • Accept the risk - for example, by relying on default settings in CCTV equipment because you believe the risk is low.
  • Reduce the risk - for example, ensuring only authorized people have access to CCTV computer systems and information.
In most cases, the final approach uses several strategies and depends on individual circumstances. It ultimately depends on the value of the records, the risk of loss or damage, and the consequences. These decisions are best made before the records are collected and, if possible, before a CCTV system is even installed.  It is advisable to have an Information Security Management Plan that includes CCTV systems to ensure that risks are treated appropriately.  The policies and procedures used to apply information security should be competently reviewed and executed.
Government organizations have an additional obligation to consider the security classification of CCTV records and may consider implementing an information classification policy in accordance with the relevant government regulations. The agency's security officer should be contacted for advice in these cases. 
Information classification should be considered by private CCTV system owners, particularly with the advent of computer based CCTV system designs and high capacity portable media.
This process helps provide assurance that CCTV records information will be handled appropriately to reduce negative risks.