Showing posts with label NVR. Show all posts

Monday, May 15, 2023

Port Forwarding on a Netcomm 3G Broadband Router 3G15Wn

This guide will walk you through the steps of port forwarding on the Netcomm 3G Broadband router 3G15Wn (Firmware L411-402NVM-C01_R10)

NetComm's web user interface (UI) was easy to navigate, although for no reason we could determine loading any of the wireless configuration pages took an exceedingly long time, leading to frustration.

Almost every menu option also creates a drop down when you mouse over, which is fine enough, but some of those drop-down menus then expand sideways when you mouse over them, with no indication that there's further options hidden there in the first place. With 16 menu items under the "Advanced" menu, many of which have daughter menus, it's really quite easy to get lost, or have an idea of just how many features there are.

1) Open up your favorite browser and go to the router’s default gateway address.

http://192.168.1.1 (Default Address)

2) Log in to the router.

Default Username: admin

Default password: admin

3) Once you have logged into your router go to the “Advanced” tab hover over “NAT” then click “Port Forwarding”.

4) Click on “Add” ad the bottom of the page.

5) Be sure to select the radio button “Custom Service” and choose a name for the service (small description eg. web, camera, xbox, etc..). “Server IP Address” is the Internal IP address that you want the port to be open on. Be sure you have “Protocol” set to “TCP/UDP” and “External Port” is the port you wish to open, “Internal Port” is the port leading to the machine on your home network. Apply/Save.

Once you save the settings you should now be able to test your port at www.portchecktool.com. Please keep in mind your ISP (Internet Service Provider) can be blocking certain ports such as port 80, 25 and 21. You can call and ask if they are. If you are still not able to see the ports check your firewall and anti-virus software on your computer.

An example configuration, you have a web cam that has the IP address 192.168.1.100 and it runs on port 80. You want to be able to access this camera from outside your network on port 8080. You would enter the below values into port forwarding page.

Custom Service = Small Description

Server IP Address = 192.168.1.100

Protocol = TCP/UDP

External Port = 8080

Internal Port = 80

Then to view the camera you would use your No-IP host of “somehost.no-ip.com” like this: http://somehost.no-ip.com:8080 to reach the webcam.

Port Forward Troubleshooting

If you are having problems with a port forward, try the following.

1. If you did not exactly follow the How can I forward ports with pfSense? guide, delete anything you have tried, and start from scratch with those instructions.

2. Port forwards do not work internally unless you enable reflection. Always test port forwards from outside your network.

3. If you're still having problems, edit the firewall rule that passes traffic for the NAT entry, and enable logging. Save and Apply Changes. Then try to access it again from the outside. Check your firewall logs to see if the traffic shows as being permitted or denied.

4. Use tcpdump to see what's happening on the wire. This is the best means of finding the problem, but requires the most networking expertise. Start with the WAN interface, and use a filter for the appropriate protocol and port. Attempt to access from outside your network and see if it shows up. If not, your ISP may be blocking the traffic, or for Virtual IPs, you may have an incorrect configuration. If you do see the traffic on the WAN interface, switch to the inside interface and perform a similar capture. If the traffic is not leaving the inside interface, you have a NAT or firewall rule configuration problem. If it is leaving the interface, and no traffic is coming back from the destination machine, its default gateway may be missing or incorrect, or it may not be listening on that port. For certain types of traffic you may see return traffic indicating the host is not listening on that port. For TCP, this would be a TCP RST. For UDP, it may be an ICMP Unreachable message.

Common Problems

1. NAT and firewall rules not correctly added (see How can I forward ports with pfSense?). Hint: You probably do NOT want to set a source port.

2. Firewall enabled on client machine.

3. Client machine is not using pfSense as its default gateway.

4. Client machine not actually listening on the port being forwarded.

5. ISP or something upstream of pfSense is blocking the port being forwarded

6. Trying to test from inside your network, need to test from an outside machine.

7. Incorrect or missing Virtual IP configuration for additional public IP addresses.

8. The pfSense router is not the border router. If there is something else between pfSense and your ISP, you must also replicate port forwards and associated rules there.

9. Forwarding ports to a server behind a Captive Portal. You must add an IP bypass both to and from the server's IP in order for a port forward to work behind a Captive Portal.

10. If this is on a WAN that is not your default gateway, make sure there is a gateway chosen on this WAN interface, or the firewall rules for the port forward would not reply back via the correct gateway.

11. If this is on a WAN that is not your default gateway, ensure the traffic for the port forward is NOT passed in via Floating Rules or an Interface Group. Only rules present on the WAN's interface tab under Firewall Rules will have the reply-to keyword to ensure the traffic responds properly via the expected gateway.

12. If this is on a WAN that is not your default gateway, make sure the firewall rule(s) allowing the traffic in do not have the box checked to disable reply-to.

13. If this is on a WAN that is not your default gateway, make sure the master reply-to disable switch is not checked under System > Advanced, on the Firewall/NAT tab.

14. WAN rules should NOT have a gateway set, so make sure that the rules for the port forward do NOT have a gateway configured on the actual rule.

Wednesday, March 15, 2023

Camera Ban Due to Zero Cyber Security

Since what some experts considered a password-free engineering hack was found between firmware layers in HikVision cameras around 5 years ago, CCTV cameras manufactured in China have been squeezed from Australian federal government contracts, despite the fact no Chinese-made video surveillance camera in Australia (or anywhere else in the world) has been found transmitting video streams to the Chinese Government.

The US communications regulator singled out tech giants Huawei and ZTE and surveillance camera makers Hikvision and Dahua. Spy chiefs have warned that the US could be vulnerable to economic espionage or digital sabotage.

The UK Government departments have been told to stop installing surveillance cameras made by Chinese companies on "sensitive sites" because of security concerns.

Both the UK and Scottish governments have banned Hikvision plus other PRC providers from certain government usage for national security reasons, in a sea change for UK video surveillance.

The Governor of New Hampshire has banned products from certain PRC companies including Dahua, Hikvision, and TikTok for use on state networks or devices in an executive order.

Security threat accusation is made against the Smart City project. The Mangaluru City Corporation (MCC) has installed Hikvision brand CCTV cameras in the city. This company is of China origin.

The Indian government has restricted PRC manufacturers such as Dahua and Hikvision from bidding on Indian government projects.

At this point, it’s worth noting that almost all professional CCTV cameras are installed on secure subnets supported by dedicated switches, servers, and video management systems, or they are installed standalone on DVR and NVRs. These systems log network actions from authorised users, including camera views, saves, searches and applications of analytics functionality, where this applies.

It goes without saying that no pro-grade network intrusion detection system could fail to alert network engineers to the transmission of big band video signals from secure network ports to an external network location. It would generate an immediate alert, remedial action and public condemnation.

While IP cameras can upgrade firmware automatically over public networks and will undertake handshakes with a manufacturer’s servers, these actions are ubiquitous across network devices of all types and, in the case of CCTV cameras, can be deactivated, with devices either left using original firmware, or upgraded manually.

Typically, network-based electronic security systems are updated manually by security teams managing system maintenance. These Australian security techs are highly integrated with an end user’s security operations team and will respond at a moment’s notice to issues of camera performance, network failure, or network breach.

Further, in compact applications, such as in the suburban high street offices of MPs, 3-4 CCTV cameras are installed in a basic star configuration that revolves around a PoE NVR/DVR supported by a dedicated keyboard, mouse and monitor. They are not connected to local data networks, let alone hooked to out of country servers – unlike a significant number of other manufacturers, neither Hikvision nor Dahua offers VSaaS in Australia.

Typically, the basic turret cameras used in such applications are mid-wide angle, have modest resolutions, fixed lenses, and are installed with an outward-facing angle of view covering front and rear entrances, car spaces and foyers to allow recording of events for police investigation after an incident.

Recordings are undertaken on local hard drives and written over after 30 days. Viewing of footage and event searches can only be undertaken by a person with access control rights to the location, and who is authenticated with a password issued by a nominated system administrator – typically an admin assistant or office manager who works on-site.

These cameras are installed for safety and security, not to ‘spy’ on MPs. Nor are these cameras being ‘found’ by shocked staffers in third-tier government applications, as if the cameras crept in at night and hung themselves onto walls, as some news websites have implied.

These CCTV systems were installed in plain sight by professional Australian security technicians using products supplied and supported by professional Australian security distributors with technical support from suppliers’ local operations, after an official government tender process.

These cameras and related systems were chosen by government decision makers because they offered the best performance for the least cost. This is not an imperative that will change when government agencies next take locations with modest security requirements to tender.

Similar strictures around installation and governance apply to the 11 Hikvision cameras at the Australian War Memorial, which are likely external bullet cameras installed to view choke points and entries, and are entirely governed by local subnet rules and managed and viewed using an over-arching video management system provided by a third party.

This server-based VMS brings together all the cameras across the site onto a video wall for monitoring by a dedicated security team. It’s normal for a major site like the Australian War Memorial to have multiple camera brands and camera types installed for different reasons at different times with different priorities of budget. Expensive upgrades are undertaken in stages.

Milestone has discontinued technology partnerships with "mainland China" companies, including mega-manufacturers Dahua and Hikvision, the company confirmed to IPVM.

Ambarella, a major supplier of AI chips for IP cameras, has stopped selling to Dahua, Ambarella confirmed to IPVM.

Western Digital and Seagate are no longer selling to Dahua due to US semiconductor export controls imposed on Nov 2022, IPVM has confirmed with WD directly and from sources for Seagate.

ADI has stopped relabeling Dahua, a year after the company secretly started selling relabeled Dahua gear as an ADI house product, despite the NDAA ban, human rights sanctions, and the FCC designation of Dahua as a threat to national security.

The most cyber secure IP surveillance camera is Mobotix, however, the Australian government rarely uses this brand, despite its enormous operational flexibility and impeccable cybersecurity credentials. Bosch, Axis and iPro are also highly regarded, and tier 1 offerings from everyone else – including HikVision and Dahua, which put considerable effort into cybersecurity and transparency to correct early issues that impacted all CCTV camera makers – are close behind.

Unsurprisingly in the current geopolitical climate, Chinese CCTV cameras are by far the most examined network devices when it comes to cyber security, and their camera firmware and supporting management solutions are constantly trawled through by experts looking for issues in devices that, despite their ‘surveillance’ function, are static edge sensors, governed by the settings of the network switches and servers that manage them.

It’s impossible to believe the Australian government’s highly qualified cybersecurity experts are not perfectly aware that edge devices, like CCTV cameras, when properly commissioned and installed on well-designed and secure data networks, are impossible to access remotely, and can’t be infected by ‘spyware’ in the way a mis-managed workstation or laptop might be.

Instead, they must be acutely aware the greatest security threats to security systems are posed by errors in network application, a failure to activate camera cybersecurity settings during installation and pre-commissioning, and weaknesses in the physical security around network components. And cybersecurity experts must know such risks apply to every networked device across a department’s topology – phones, switches, wired and wireless routers, laptops, servers, apps – not just to devices offering click-worthy headlines.

In our opinion, given the highly evolved state of cybersecurity in professional CCTV cameras (and intercoms), the possibility edge devices in secure subnets from any camera manufacturer, could suddenly breach network security settings and start operating unilaterally is so vanishingly small that cybersecurity can’t be the problem.

Instead the government’s core issue seems to be one of uncertainty and misunderstanding around a technology that, when properly installed and managed, leaves virtually no room for uncertainty at all.

Ref:
IPVM Portal
Sen network
US, UK web pages

Tuesday, November 15, 2022

CCTV Camera Cable Variations

We know that selecting your CCTV cameras and video recorder may have been a little more work than you might have anticipated. We’re sorry to say that the decision making process isn’t over just yet. We can say with confidence that about 90% of tech support related issues are a result of problems with cabling. This makes your choice in cable one of the more important decisions you’re going to make.

Siamese Cable

Siamese cable is really two different cables fused together. You have your coaxial cable (RG59) for video, and power cable. The video portion will serve to relay the video feed from your camera back to your DVR, while the power cable will relay power from your power supply to the camera. Siamese cable is appropriate for any analog, HD-CVI, and HD-SDI security camera system.

This is easily the most popular choice, but there are different levels of quality which can tie into the decision making process. You’ll often see the acronym “AWG” along side of this type of cable. American wire gauge (AWG) is just the unit of measurement that represents the “gauge” or thickness of the wire.

Your standard pre-made Siamese cable will usually be 24AWG or 26 AWG. This is going to seem thin when you hold it in your hand but it’s still very practical. Cable like this is functional for runs up to 150 feet. We don’t recommend going much further than that as you’ll very quickly begin to experience video and/or power loss because of the thinner gauge copper wire. Also, because of it’s thin gauge, pre-made Siamese cable can only be used reliably with standard analog cameras. You will not be able to use this with HD-SDI or HD-CVI cameras.

Pre-made Siamese Cable

The alternative to pre-made is to purchase Siamese cable sold by the spool. This is also commonly referred to as RG59 cable. The coaxial cable that comes off of a spool is normally 20AWG while the power cable is 18AWG. There are two different types of coax in this industry and most of it is copper clad. This means that the center wire is aluminum or silver but cased inside of a copper shell. This type of cable is good for runs up to 300 feet. Some people have been able to push this as far as 400 feet, but usually after 300, you begin to experience video degradation. The other option is solid copper Siamese cable. Unless you have an HD-CVI system, this probably isn’t going to be necessary for you, but you might find that this is a good solution for you if you just need to stretch those 300 foot runs a bit further without video loss.

Siamese Cable from Spool with Various Power and BNC Connectors

Just keep in mind that standard analog and HD-SDI systems are only designed be able to go up to 300 feet. Whether it’s copper clad or solid copper, either one should work just fine for you. Solid copper cable only comes into the picture with HD-CVI systems because there runs can go up to approximately 1600 feet. Without solid copper Siamese cable, you start to experience video degradation pretty early on.

CAT5e Cable

Cat5 and Cat5e are absolutely different no matter what anyone tells you. Ordinary Cat5 cable should not be used with CCTV products. The quality of the cable is too poor for this application and will cause frequent problems if it works at all. If you choose to run this type of cable, it needs to be at least CAT5e (we’ll get to CAT6). You can use this type of cable with standard analog cameras, and it’s required for IP/network cameras. If you choose to go with Cat5e for your analog cameras, you shouldn't have any issue with runs up to 1000 feet. If you are using Cat5e with IP cameras that are power over Ethernet (PoE), your cable runs can go as far as 300-1000 feet, while non-PoE cameras will be limited to the power supply being used with them (usually about 300 feet). The power consumption of your PoE IP camera will ultimately dictate the maximum length of your run but you can usually expect at least 600 feet (12W power consumption).

Analog cameras, as you may have already realized, aren’t really set up for Cat5e cable. The work around for this is to use baluns. Think of baluns like converters that attach to your cameras to make them compatible with Cat5e. There are various types of baluns to choose from depending on your needs.

Network camera, or IP cameras, have a network cable port on their pigtail. Whether the IP camera is power over Ethernet (PoE) or not, the network cable port will be there. You’ll also have a female power terminal on the pigtail very similar to that of any analog or HD camera.

If you have a camera that’s PoE, you can run that single length of Cat5e cable and you’ll have video and power going through the same cable. If your camera is not PoE, you will need a dedicated power source to power the camera. The Cat5e cable will still be good for video, but you’ll most likely need to run a separate power cable in addition to your Cat5e cable unless you have an outlet close enough for the power supply to reach the camera.

The alternative to running two separate cables is to use simple PoE power adapters for non-PoE IP cameras that will essentially convert your non-PoE camera into a PoE camera. They’re identical in purpose to video and power baluns. You’ll still need a dedicated 12V DC power supply for the camera, just like you would any analog camera, but these adapters will enable you to position your power source somewhere much more convenient; for instance, next to your network switch or network video recorder (NVR).

Cat6 Cable

This type of cable is almost never necessary. The fact is that as of right now, there aren’t any IP cameras that require Cat6 cable, but because of the fact that Cat6 is backwards compatible with CAT5e, there is absolutely no harm in using CAT6 or CAT8. Due to the fact that CAT6 is the newer, bigger, and better thing out on the market though, a lot of people choose to go with Cat6 cable in an effort to predict the future in a way. By using CAT6 cable now instead of Cat5e, you may be preventing yourself from having to run new cable later when you upgrade your system. Predictably, cameras will only be getting more advanced and as such will probably require a more advanced cable in the distant future, such as Cat6. Theoretically, Cat6 may be able to lengthen the maximum distance of your runs, but testing for it is so scarce that we wouldn't be able to confirm that with any confidence.

Cat 5 vs Cat 6 vs Cat 8 Ethernet Cables

Designed by integrating cutting-edge technology, the cat 8 cables elevate the performance to the next level. Having a higher bandwidth performance than Cat 5e and Cat 6, Cat 8 cables are the most sought-after ones nowadays.

A comparison of Cat5e, Cat6 and Cat8 Ethernet cables would reveal that cat 8 cables are far more superior than the former two, even though it has a few cons.

Cat8 cables have better frequency characteristics that make them capable of offering higher data speeds than Cat 5e and Cat 6. It can support bandwidth up to 2 GHz for a distance of up to 30 meters. The data speed guaranteed by cat 8 varies from 25 Gbps to 40 Gbps.

On the other hand, Cat 5e Ethernet cables offer a maximum frequency of 100 MHz and Cat 6 supports a max frequency of 250 MHz. The data speed of the Cat 5 cable is limited to 1000 Mbps and that of the Cat 6 Ethernet cable is 10,000 Mbps.

The only major drawback of Cat 8 Ethernet cable is the distance it performs the best. Cat 8 cables are ideal for home installations, LAN in office spaces of small areas etc. Cat 8 Ethernet cables simply assure network speeds from 2500 Mbps to 40,000 Mbps.

The Power of Ethernet or POE is another advantage of using Cat 8 cables. Thereby you can save on cabling expenses at home as well as office. Ideal for space management, reducing clutter, and optimal performance, Cat8 Ethernet cables might be a preferable choice for you.

Twisted Pair Cat 8 Cables

Increased data speed has become a necessity presently. Every minute delay is costing businesses, and individuals offering services their money, time and effort. The electromagnetic field created through the passage of electricity and electromagnetic interference can impede the speed and flawless performance of the network.

Twisted pair cables are a solution used for reducing the effects of the magnetic field. The magnetic field created would be contained in the limited space. Thus high-speed data transmission would occur unaffected.

More twists in the network cabling would provide improved frequency characteristics to the cable. Furthermore, individually shielded pairs of network cables are another method for enhancing frequency.

The categories of cables available in the market presently are:

Cat 5 cables

o Bandwidth – 100 MHz

o Data Speed – 100 Mbps

Cat 5e cables

o Bandwidth – 100 MHz

o Data Speed – 100 Mbps

Cat 6 cables

o Bandwidth – 250 MHz

o Data Speed – 1 Gbps

Cat 6A cables

o Bandwidth – 500 MHz

o Data Speed – 10 Gbps

Cat 7 cables

o Bandwidth – 600 MHz

o Data Speed – 10 Gbps

Cat 7a cables

o Bandwidth – 1000 MHz

o Data Speed – 10+ Gbps

Cat 8 cables

o Bandwidth – 2500 MHz

o Data Speed – 40 Gbps

Saturday, October 15, 2022

Difference of Core i3, Core i5 & Core i7

During Security Software installation we are giving some pre requisite to customer / we assumed what type of System hardware is required, accordingly get costing from Vendor. If you are System integrator, your design team must know about the processor.

Intel Core i³ Processor

This particular Intel processor is the entry level processor of this new series of Intel processors. While it may not be the fastest one of the bunch, it can get the job done, at least for most applications.

Mind you, if you need high speed, I suggest one of the other processors that I will unveil in front of your eyes later on in this post. Here’s some of the Core i3 features.

· Uses 4 threads. Yes, it uses hyper-threading technology which is the latest craze due to its improved efficiency over earlier processors that were put on the market.

· This processor consists of 2-4 cores, depending on which one you get your hands on.

· Contains A 3-4 MB Cache

· Uses less heat and energy than earlier processors, which is always a good thing in this day and age.

Intel Core i⁵ Processor

· This is the mid-size processor of this bunch, recommended for those who demand a little speed, but not quite enough where the user will be running resource-intensive applications.

· As with the Core i3 processor, this comes with 2-4 cores, the main difference is that it has a higher clock speed than the Core i3.

· This is also a heat and energy efficient processor, but it does seem to be better at this particular job than the Core i3 processor.

· The number of threads used in this is no different than the Core i3 with 2-4 threads, and it also uses hyper threading technology for a boost in performance.

· The cache of the Core i5 is bigger than the Core i3, it’s at 3-8 MB.

· The Core i5 is where the turbo mode is made available, this provides users with the opportunity to turn off a core if it’s not being utilized.

Intel Core i⁷ Processor

· This is for the users that demand power, yes it does provide more power and if Tim Allen gets one of these, this would be the beast that he gets his hands on. Great for gamers and other resource intensive users.

· The cache on this one is 4-8 MB.

· This processor comes with 8 threads, definitely enough to get the job done quickly, maybe even at the speed of light if you’re lucky. And yes it also utilizes hyperthreading technology.

· You will have four cores to take advantage of with this particular series.

· And just like the other ones in this Intel series of processors, it is more energy efficient and produces less heat.

Below reviews the specifications (high-level) of 10^th Gen Intel Core i7 processors as of late 2020.^*

	Cores/ Hyperthreading	Base Frequency	Maximum Turbo Frequency	Cache
Core i7 Laptops	4-8 / Yes	1.00-2.70 GHz	3.80-5.10 GHz	8-16 MB
(10th Generation)
Core i7 Desktops	8 / Yes	2.00-3.80 GHz	4.50-5.10 GHz	16 MB
(10th Generation)

The Intel Core i9 is often called Intel's processor line for "CPU enthusiasts," the early-adopters who always demand the industry’s latest and greatest. A Core i9-powered desktop or i9-powered laptop is great for users whose work requires extremely advanced computing capabilities (editing 4K video, for example). It’s also popular with high-end gamers who play live-action, multi-player, VR-based titles that can benefit from a CPU with hyper-fast cycle times and high core-thread counts.

The Core i9 debuted in 2017 along with a new socket-motherboard combination to support it. As this FAQ was written, the i9 had evolved to a deliver up to10 cores and 20 threads (desktop version). It costs more than the other members of the Intel Core family, but for certain applications, games and other workloads, the difference could be meaningful.

Table below lists the top-level specifications of Intel Core i9 processors (10^th gen) as of late 2020.

	Cores/ Hyperthreading	Base Frequency	Maximum Turbo Frequency	Cache
Core i9 Laptops	8 / Yes	2.40 GHz	5.30 GHz	16 MB
(10th Generation)
Core i9 Desktops	10 / Yes	1.90-3.70 GHz	4.60-5.30GHz	20 MB
(10th Generation)

Here are some broad statements addressing the comparative cost of Intel Core i9-enabled systems versus models with lesser processors, along with the kinds of users (and use cases) that are most likely to benefit from an advanced Core i9 PC:

Core i⁹ PC – Cost category

The Core i9 is the “enthusiast” line of Intel Core CPUs

Core i⁹ PC – Typical users

Processor early-adopters
Users of extremely demanding software
Gamers who always want the latest/greatest
Workstation users, server operators, etc.

Core i⁹ PC – Use cases

Everything the lesser Intel processors can do plus core-intensive activities such as editing huge video files, rendering complex engineering designs, acting as a server, and so on.