Wednesday, December 16, 2020

Intrusion Alarm Circuits Guide

Intrusion Alarm Circuits Guide 

Intrusion alarm circuits are a fundamental element of wired intrusion / burglar systems. Designing the intrusion alarm circuit greatly affects its performance. In particular, more efficient circuit designs introduce less resistance and cause fewer false alarms.

Alarm Circuits Overviewed

Intrusion alarm circuits use wires between an Intrusion alarm panel and various sensors. When the circuit / connection of those wires is broken (e.g., an alarmed window opens), the alarm is triggered if the system is armed / enabled.

How an Alarm Circuit Works

An intrusion alarm circuit consists of a pair of wires running from an intrusion alarm panel to a sensor, such as a magnetic contact. Electrical charge flows from the positive terminal, down one wire, and into the sensor. When something causes the sensor to close, it completes the circuit, allowing the charge to flow down the other wire and back to the negative terminal on the panel.

In the case of the contact, the circuit is complete because the magnet causes the reeds to touch, allowing current to flow from the reed on the positive side of the circuit to the reed on the negative side.

Using a pair of wires to connect both sides of the sensor to both terminals on the panel creates a large circle, which is where the word circuit comes from. The electrons flow freely all around this circuit, from the positive terminal on the panel, through the sensor, and back to the negative terminal. Opening the window will cause the reed to separate, which will break the circle and stop the flow of electrons. In other words, opening a window will create an open circuit. It is this open circuit that causes an alarm condition.

Loops vs Splices

The two most common ways to add multiple sensors to circuits is to use loops or splices.

Loops are preferred because it creates a short pathway, which means less resistance, fewer points of failure and faster to install. However, loops can only typically be used in new construction where the technician has the ability to run wires and loops through the window frames before the drywall is installed. Prewiring requires coordination with the general contractor or the carpenter. The alarm company needs to be able to schedule a technician to complete the wiring before the drywall crew is scheduled to begin installing drywall, and the carpenter should be told where to drill holes on the moulding or window frame.

Splices should be minimized because they add resistance and are more time consuming to install. However, adding alarms to exiting homes or businesses typically require this since it is not feasible to open the drywalls to run a looped circuit.

Two types of splicing exists: field splice and ITB (in-the-box) splice. The benefits of field splices are lower total circuit resistance and using less wire, but it requires a more skilled technician to hide the splice. By contrast, ITB splices are easier to troubleshoot, have fewer potential points of failure and they can be done by a less experienced installer, but they have higher total circuit resistance and require an installer to home run a wire to each individual window.

Loops Explained

The image below shows an example of a loop that allows two windows to share a circuit. Opening either the top sash or the bottom sash of either the right window or left window will cause the same zone to open. To accomplish this, a technician runs a single wire from one contact to another, allowing the current to travel around the windows in a circle. The technician leaves a loop at every window, which will bring the circuit in one side of the contact and out the other.

One wire of the pair runs to the window on the right, and the other runs to the window on the left. The technician has run loops of wires from one side of the contact to the other. One side of the contact on the top right window has a loop running to one side of the contact on the left (shown in black below). The loop between the top left contact and the bottom left contact (shown in RED) completes the circle, as long as all the windows are closed.

Field Splices

A field splice is one that is made at the device end of the wire, usually at the device itself. A skilled technician can make a field splice if the conditions are right. Splices must be accessible for future troubleshooting, so a field splice can only be made if there is someplace to hide them away from casual view. For example, when wiring windows, a technician can staple the wire to the underside of the frame or moulding, out of sight but easily found by an experienced / certified intrusion alarm troubleshooter. Intrusion alarm installers commonly wire all sirens and strobes in a location to a single circuit, and make field splices inside the siren box.


In this example, a pair of wires (green) is running to the alarm panel. Red wires are running to magnetic contacts on the bottom sash and the top sash of the right window, and blue wires are running to the top sash and the bottom sash of the left window. One red wire is spliced to one blue wire, leaving one red wire and one blue wire to be spliced to the green wires.

ITB Splices

ITB splices, or in-the-box splices, are those made inside the alarm can. Separate wires are run to each individual contact, and they are then joined up at the panel using a splice.

ITB splices are much easier for inexperienced technicians, and much faster to wire up. Making ten splices, one after another, to add ten devices to five zones, is faster than making a splice at every entranceway and then figuring out how to tuck them away. They are also much easier to troubleshoot if properly labeled in the can, because a troubleshooter can quickly isolate the circuit branch causing the issue, and does not have to first find and identify the splice. However, running individual wires is more more labor intensive, and uses more wire.

Circuit Electrical Specifications

All devices in an alarm, including unpowered devices such as contacts, require a specific amount of charge flowing through the wires at a specific speed and pressure or it will not work.

Every circuit has a voltage, current, and resistance value:

  • Voltage is measured in volts (V).
  • Current is measured in amps (A).
  • Resistance is measured in ohms (Ω).

Voltage is a measurement of how much electricity is available for use. Every device lists the amount of voltage it requires to operate.

  • If given too few volts, the device will either not power up or will work erratically.
  • If given too many volts, it will either shut down or overheat.

Current is the pressure at which the charge flows. All devices consume, or draw, electricity at a predetermined rate.

  • Not enough amps may cause the device to work harder to draw voltage, which could cause it to either shut down, overheat, or work erratically.
  • Too many amps is not harmful as the device cannot draw more current than it can use.

Resistance is anything that slows the current. Factors that increase resistance are

  • Number of connected devices
  • Wire length
  • Splices
  • Time
  • Copper oxidization

Too much resistance on a circuit will lower the current, making it more difficult for the alarm to monitor the zone properly. Since resistance increases in all circuits as time goes on, improperly designed circuits have a high probability of causing false alarms years after being installed. Therefore, every effort should be made to keep the resistance as low as possible.

Parallel Versus Series

The two methods of joining multiple sections to a single circuit are parallel and series. Devices can either be wired in parallel or in series with each other. Circuits using parallel splices are called parallel circuits, and circuits using series splices are called series circuits.

In a series splice, one of the pair of wires is spliced to one the next pair of. This way, no matter how many pairs of wires are added, the end result is two wires that are simple to connect to two screw terminals. In between, lots of wires are spliced to each other. This makes troubleshooting simpler, because a technician can simply test a single branch of the circuit at a time. Series is typically best for connecting a small number of devices to a circuit. It is faster and easier to wire up. The downside is that series introduces a lot more resistance if too many devices are connected.

In a series circuit, the wires from each branch of the circuit will be spliced together until two wires not spliced to anything are left. These single conductors will be connected to the screw terminals, while the splices 'hang' in the air, not connected to anything but each other. No matter how many devices and wires are connected to the circuit, there will always be only one wire to connect to the positive and one to connect to the negative.

Parallel splices are typically best for connecting a large number of devices to a single circuit, or for circuits that draw lots of power. It greatly reduces the amount of resistance, allowing those large numbers of devices to be connected. However, it is harder / more complicated to implement, will not work if done incorrectly, and is more difficult to troubleshoot later on.

In a parallel circuit, all the matching sides of the wire pairs are simply spliced together, with the end result being two thick wire twists. This can be a challenge to connect to screw terminals. In order to troubleshoot the wire going to a branch of the circuit, a technician must first undo the entire splice.

Experienced alarm technicians develop a 'feel' for when to splice devices in parallel and when to splice in series. However, the key determinate is this: when a series splice will result in too much resistance, a parallel splice must be used. Before splicing anything, technicians can test a circuit in order to determine the amount of resistance present.

Measuring Resistance

Resistance is measured using a digital multimeter, or DMM. To measure resistance, turn the function dial of meter to the Ω (ohms) symbol, and touch the leads to the bare wires of the circuit. Technicians measure resistance in order to

  • Test that all devices on a circuit are functioning normally
  • Decide whether to keep devices on a zone or to split them up among multiple zones
  • Decide whether a circuit should be wired in series or in parallel
  • Record a baseline resistance at the time of installation
  • Troubleshoot, as a zone with a resistance reading well over baseline can indicate a broken wire or defective sensor

How Much Resistance Is Too Much?

There is no clear answer to the precise amount of devices, and consequently the precise amount of resistance, that should be allowable on a single detection circuit. As a general rule of thumb, many installers try to keep the baseline resistance on a single circuit to ~40Ω. Remember that the resistance will inevitably creep up over time, depending on the number and nature of sensors connected to the circuit, the number and nature of splices on the wire, the exact composition of the wire, and even the environment, which could cause the wire to oxidize faster or slower. The following animation shows the current slowing the more devices are added to the circuit:

Different alarm panel manufacturers have different standards for what constitutes an alarm condition, but all those standards are based on the panel reading the resistance on a zone circuit. If a circuit has a reading significantly higher than 40Ω, consider either using a parallel splice or splitting the zone, removing some devices from one zone and wiring them to a new zone.

Some installers prefer ITB splices because it allows them to decide to split the zone later on. If devices have been wired together using wire loops or field splices, this is not possible.

How Many Devices Is Too Many?

In theory, an installer can connect all the doors on a single zone, all the windows on another zone, all the motion detectors on a third zone, and so forth. However, this is quite an inefficient way of using an alarm. The more devices are on a single zone, the harder it will be for the user to figure out which device is causing the zone to be open.

If all the windows in a room are on a single zone, the user will have to check all of them before being able to arm the system. If a user wants to keep a single window open while arming the rest of the system, they would have to bypass all the windows in the room, which is a higher security risk than simply bypassing a single window. If central station needs to dispatch police or fire to the user's site, they will only be able to give a vague description of the location of the problem, not a specific location.

Most panels can only handle a limited number of zones out of the box. Using additional zones requires purchasing and installing zone expanders, which add to the overall cost of the installation. Using multiple zone expanders may require adding a second can, which likewise adds to the cost. The question of when to combine devices on a single zone and when to separate devices into separate zones has no easy answer, but becomes clearer with experience.

Wiring Sirens

Wiring sirens is slightly different than wiring other alarm devices.

  • Sirens are rated in watts, not volts like all other alarm devices
  • Watts are a measure of how much a power a device outputs
  • Volts a measure of how much power a device uses
  • Most sirens are rated to 30 watts

Most panels only have a single siren output. However, many applications call for the volume to be lower on some sirens than on others. For example, a siren mounted indoors would cause hearing damage if sounding at a full 110dB, but 110dB is necessary for notification outdoors. In order to have different volumes from a single output, installers can choose to wire sirens in either parallel (for louder volume) or in series (for lower volume). They can even choose to wire some sirens in parallel and other sirens in series. The sirens in series have more resistance than the sirens in parallel, so that there is more resistance, and therefore fewer watts, forcing the siren to sound at a lower volume.

Intrusion alarm siren wiring is a perfect illustration of Ohm's Law.

Ohm's Law

Understanding Ohm's Law makes alarm troubleshooting much easier. Ohm's Law states that there is a direct relationship between volts, amps, and ohms, specifically that volts equals amps times ohms. Amps is ohms divided by volts, and ohms is volts divided by amps. Adding resistance (ohms) makes the current (amps) go down, and adding current (amps) makes the resistance (ohms) go down.

The simplest way of lowering or raising the power available to the siren is by raising or lowering the resistance. This raises or lowers the amount of available power, which in turn affects the operation of the siren.

Understanding Ohm's Law can help a technician diagnose and repair power supplies, sensors, circuits, and sensors. Changing a splice from series to parallel, replacing a power supply for one that outputs the same voltage at a higher amperage, or adding a resistor are all repair options that an installer has once they understand how Ohm's Law works.

Source: IPVM.com & circuitstoday.com

Tuesday, December 1, 2020

Hands-Free Upgrade of Access Control System

Hands-Free Upgrade of Access Control System 

Access control systems also let employers restrict the locations each employee can enter, setting levels of security to balance their workers' safety and convenience. When an employee leaves the company, their credentials can simply be deactivated to prevent them from gaining unauthorized access. With access control security, you know who enters your business, when they enter and what door they use. These systems also include analytics that allow you to track where your employees are. In addition, they allow you to section off rooms or areas to authorized employees and receive reports of suspicious activity, such as if someone tries to enter an area where they don't belong. 
Social Distancing is the new norm of life and need to be practiced across the daily paths. While the governing authorities work for developing solutions to take care of human life, it is essential for various establishments to work out their own precautionary measurements to create safe and risk-free environment. Wireless access control systems are fast and easy to install. They save time and money for sites that have hard-to-wire buildings, remote gates and elevator applications. Addressing COVID-19 Concerns by Upgrading Existing or Non-Existing Access Control System to Hands-Free Wireless access control with non-Chinese factory product. 
Several companies have entered the mobile access card market, but they have not set up a meaningful product solution stream until 2019. In 2020, forecasts show that the mobile access card market will grow far more rapidly. Reviewing new entries into the market allows identification of the latest products that provide improving solutions to compatibility and speed problems.

How long before your phone replaces your access credentials at work? Mobile devices are everywhere. Number of mobile phone users alone was forecast to reach over 4.7 billion this year, with more than 60% of the world’s population already owning a mobile phone.  Smartphones have already begun to replace traditional lock-and-key setups in the home, and with the business world continuing to move in a more smartphone focused direction, a world where you tap your phone to gain access to your office probably isn’t too far off. The technology already exists, but implementation is not without its hurdles. While generally outweighed by the benefits, there are several potential challenges when it comes to using your Smartphone as a credential. Smartphone have become ubiquitous, but cards and FOBs are still cheaper to produce. Even though users are likely to have their phone on them constantly, access badges usually include a picture and are always meant to be visible. Still, as the technology improves, it’s likely that Smartphone verification is going to become more prevalent. One application that we’re seeing growth in is for mobile-enabled workforces to use smartphones and mobile devices as keys to gain access to secured buildings, rooms and areas. As this trend becomes more commonplace, it’s worth weighing the pros and cons.

 

Mobile Benefits

Firstly, let’s look at the benefit of using your smart phone as access credentials for your building.

  • ·  Smartphones are more secure than traditional access cards or FOBs. With the introduction of biometrics in modern smart phones (fingerprint sensors and face ID), even though someone might be able to get their hands on someone else’s phone, it’s no guarantee that they’ll be able to unlock it.
  • ·     Smartphone-based credentials are very difficult to clone.
  • ·  Smartphone-based implementations can reduce installation costs by leveraging an asset that everyone is already carrying around with them.
  • ·    Smartphone credentials are capable of much more than traditional card-based systems. Smart phones are capable of Multi-Factor Authentication (MFA), location awareness, mass notifications, and revocation can be done remotely.
  • ·      HR should be thrilled with a smartphone app-based access control system, as much less time will be needed to set up and issue credentials than issuing new keys and cards or replacing them. 

Finally, if you choose a provider who has created a secure app with credential storage in a secure cloud or location other than the phone, the security is even greater. Biometrics (the use of fingerprints) can even be used to access the key, since smartphones now include that capability. 

Essentially, even if someone did manage to steal the phone and crack the pin to open it, they would still need the proper information (or fingertips) to open up the app and access the key. 

A strong app will also have deep levels of encryption that will prevent the Bluetooth signal from simply being copied and replayed to open the lock.

Potential Challenges

Of course, as new technology emerges, there will be pushback. This isn’t a bad thing as it forces developers to overcome roadblocks to make systems as secure as possible. The difficulty comes from separating valid objections from merely an aversion to change. Going forward, the biggest issues with mobile credentials are:
·       Physical return of credentials. When someone parts ways with an employer, a physical access card or FOB would be collected. With a smart phone-based system (especially in a case where employees are bringing their own devices) this is obviously problematic. You can’t ask an employee to turn in their. The only solution to this problem is to ensure that your protocol for remotely disabling credentials is foolproof. If it is, this issue becomes a benefit, as you can revoke credentials at any time. Forgetting to have a card turned in or encountering any resistance from an employee is no longer a factor.
·   
Lack of a picture ID. With many physical access cards, a photo of the employee will be added as a second form visual verification. These cards are often clipped to an employee’s shirt or belt making it visible at all times and allowing people to identify them immediately. Phones are generally kept in pockets and would only be brought out at an access point. This issue’s importance will vary based on your business’ level of sensitivity when it comes to your assets or people. Additionally, all modern access control systems allow for a head shot to appear when credentials are presented to a reader. If a picture has been taken of the employee, and someone is present to identify them, they can verify that the person who presented the card or phone is the proper individual. It’s even possible to speak with the person in video which will allow for facial recognition with CCTV integration with the access control software.

One reason for the high expected growth for usage of smartphones as digital access control keys is that mobile technology is already widely used for identification, authentication, authorization and accountability in computer information systems. Another reason is that using mobile devices as keys aligns perfectly with the mobile-first preferences of today’s workforces. Using mobile devices as keys not only delivers a convenient user-experience. It also helps boost operational efficiency and satisfaction of today’s mobile-enabled workforces. As important, it represents a more cost-effective, simpler way for companies to manage identification credentials as it eliminates numerous manual tasks related to handling, printing, distributing and disposing of physical identity badges.

When all is said and done, one of the biggest benefits that those who choose to implement mobile credentials will see is lower installation costs. The SIA points out that “A smartphone credential adds significant functionality over a traditional credential and is always upgradeable to add new capabilities – all for the same cost, or less…Also, users do not require a reader to enter a door, so enterprises can eliminate readers on most doors to keep the entrance looking clean and to reduce installation costs.” When you couple this with the other benefits of mobile credentials, it becomes clear that this will more than likely become the preferred method of access control for most workplaces in the near future.


ASSA ABLOY, Suprema being a pioneer in multiple doors opening and access controlling technology, provides such critical solutions suitable for wide segments of commercial spaces. With easy and safe access for authorized personal, without compromising on the security needs of the organizations, the contactless access readers and exit switches for sliding and swinging door operators. 

Aperio is first Wireless Online Access Control technology that enables mechanical locks to be wirelessly linked to an existing access control system. In terms of formats, three common methods of mobile credentials are used in access:

  • BLE (Bluetooth Low Energy)
  • NFC (Near Field Communication)
  • App Based Credentials

‘Mobile access cards’ is one of the terminologies that everyone has been talking about. RF cards used for access security are being integrated into smartphones just as digital cameras and MP3s were in the past. While people might forget their access cards at home in the morning, they seldom forget their smartphones. Using smartphones for access control increases entry access reliability and convenience.

Structurally which method is used makes a big difference for overall mobile access performance. In general, access manufacturer data sheets will detail which/how many methods are available with their product, with each method having different limitations and benefits.

The breakdown below shows the major differences between types:

For example, notice the difference in Range between the three formats. While NFC range is short (typically less than 9 inches), the range for BLE is longer at ~150 feet, while App systems essentially have ranges only limited by Wi-Fi and cellular connectivity.
In other cases, which method is used impacts reliability too. For example, with HID Mobile, using BLE is less reliable for connecting to the reader than NFC, and because different phone types may limit which method is options used, overall user experience is often determined by which mobile access method they use.
Another valuable aspect of mobile credential is that it makes it possible to issue or reclaim cards without face-to-face interaction. Under existing access security systems, cards must be issued in person. Since card issuance implies access rights, the recipient’s identification must be confirmed first before enabling the card and once the card has been issued, it cannot be retracted without another separate face-to-face interaction. In contrast, mobile access cards are designed to transfer authority safely to the user's smartphone based on TLS. In this way, credentials can be safely managed with authenticated users without face-to-face interaction.
Mobile cards can be used not only at the sites with a large number of visitors or when managing access for an unspecified number of visitors, but also at the places like shared offices, kitchens and gyms, currently used as smart access control systems in shared economy markets.
The market share of mobile access cards today is low even though the capability can offer real benefits to users and markets. While the access control market itself is slow-moving, there are also practical problems that limit the adoption of new technologies like mobile access cards.

The first problem is usability: compatibility and speed.
While NFC could be an important technology for mobile credential that is available today on virtually all smartphones, differences in implementation and data handling processes from various vendors prevents universal deployment of a single solution to all devices currently on the market.
 
Accordingly, Bluetooth Low Energy (BLE) has been considered as an alternative to NFC. Bluetooth is a technology that has been applied to smartphones for a long time, and its usage and interface are unified, so there are no compatibility problems however, speed becomes the main problem. The authentication speed of BLE mobile access card products provided by major companies is slower than that of existing cards.
The second problem is that mobile access cards must be accompanied by a supply of compatible card readers. In order to use mobile access cards, readers need to be updated but this is not a simple task in the access control market. For 13.56 MHz smart cards (which were designed to replace 125 kHz cards), it has taken 20 years since the standard was established but only about half of all 25 kHz cards have been replaced so far. Legacy compatibility and the need for equivalent performance, even with additional benefits, will drive adoption timing for the Access Control market.

While BLE technology helps resolve the compatibility problem of mobile access cards, we can identify some breakthroughs that can solve the speed problem. Authentication speed is being continuously improved using BLE's GAP layer and GATT layers, and new products with these improvements are now released in the market.

Making use of key improvements allows Suprema's mobile access card to exhibit an authentication speed of less than 0.5 seconds providing equivalent performance to that of card-based authentication.

MOCA System's AirFob Patch addresses the need for technological improvements in the access control market in a direct, cost effective, and reliable way – by offering the ability to add high-performance BLE to existing card readers – enabling them to read BLE smartphone data by applying a small adhesive patch approximately the size of a coin.
 
This innovative breakthrough applies energy harvesting technology, generating energy from the RF field emitted by the existing RF reader – then converting the data received via BLE back into RF – and delivering it to the reader.
 
By adding the ability to use BLE on virtually any existing RF card reading device, MOCA allows greater ability for partners and end users to deploy a technologically-stable, high performance access control mobile credential solution to their employees, using devices they already own and are familiar with. Adding MOCA AirFob Patch eliminates the need to buy and install updated readers simply to take advantage of mobile credential, lowering costs and risks, and increasing employee confidence and convenience.


Monday, November 16, 2020

Access your Hikvision NVR or Camera on Android devices

How to access your HikVision NVR or Camera on Android devices 

Closed-circuit television (CCTV), also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly transmitted, though it may employ point-to-point (P2P), point-to-multipoint (P2MP), or mesh wired or wireless links but transmit a signal to a specific place only. Not for open to all. This article I write just for HikVision Lover only. Personally I am not support to install Hikvision/Dahua product or OEMN product. Technically 100% unsafe your personal video data.

Day by Day increase hacking of video surveillance camera. Now cyberattacks on CCTV systems making news headlines on a weekly basis of late, there is a good deal of concern and uncertainty about how at risk these systems are, as well as why they are being attacked.

In 2014, a US ally observed a malicious actor attacking the US State Department computer systems. In response the NSA traced the attacker’s source and infiltrated their computer systems gaining access to their CCTV cameras from where they were able to observe the hackers’ comings and goings.

In October 2016, 600,000 internet connected cameras, DVR’s, routers and other IoT devices were compromised and used to for a massive Bot Net to launch what was the largest Denial of Service (DOS) attack the internet had experienced to date.

In the lead up to the 2017 US Presidential inauguration, 65 per cent of the recording servers for the city of Washington CCTV system were infected with ransomware. How did the attack take place? Whilst unknown, it most likely occurred by the same means as other common PC hacks such as infected USB keys, malicious web sites, or phishing attacks.

May, 2018, over 60 Canon cameras in Japan were hacked with “I’m Hacked. bye2” appearing in the camera display text. How did the attack take place? Simple. IP cameras were connected to the internet and were left on default credentials. It appears that the hackers logged into the cameras and changed the on-screen display. What was the impact? Other the defacement of the camera displays and some reputational damage, there doesn’t seem to have been much impact from these attacks.

On Aug 13, 2018, The US President has signed the 2019 NDAA into law, banning the use of Dahua and HikVision (and their OEMs) for the US government, for US government-funded contracts and possibly for 'critical infrastructure' and 'national Security’ usage.

US government is effectively blacklisting Dahua and HikVision products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:

What security risks those products pose for them

What problems might occur if they want to integrate with public / government systems

What future legislation at the state or local level might ban usage of such systems

On Jun 06, 2019 Hanwha Techwin is dropping Huawei Hisilicon from all of their products. Its belongs to China’s origin. Backdoor entry is open on product.

China's Wuhan Institute of Virology, the lab at the core of coronavirus. The institute is home to the China Centre for Virus Culture Collection, the largest virus bank in Asia which preserves more than 1,500 strains ( https://www.livemint.com/news/world/china-s-wuhan-institute-of-virology-the-lab-at-the-core-of-a-virus-controversy-11587266870143.html ). Result Corona has infected people in 185 countries. Its spread has left businesses around the world counting the costs. Global economy impact. Recession increase. Now people avoid to get china factory made product, electronics goods importing has stopped from china to other country. People looking for product except china. Now come to Video surveillance, access control equipment.

The ban that prohibits the purchase and installation of video surveillance equipment from Hikvision, Dahua and Hytera Communications in federal installations – passed on year 2018 National Defense Authorization Act (NDAA). In conjunction with the ban’s implementation, the government has also published a Federal Acquisition Regulation (FAR) that outlines interim rules for how it will be applied moving forward. Like NFPA, now NDAA law accept globally.

Rules outlined in this FAR include:

  • A “solicitation provision” that requires government contractors to declare whether a bid includes covered equipment under the act;
  • Defines covered equipment to include commercial items, including commercially available off-the-shelf (COTS) items, which the rule says, “may have a significant economic impact on a substantial number of small entities;”
  • Requires government procurement officers to modify indefinite delivery contracts to include the FAR clause for future orders;
  • Extends the ban to contracts at or below both the Micro-Purchase Threshold ($10,000) and Simplified Acquisition Threshold ($250,000), which typically gives agencies the ability to make purchases without federal acquisition rules applying.
  • Prohibits the purchase and installation of equipment from Chinese telecom giants Huawei and ZTE Corporation. This would also presumably extend to Huawei subsidiary Hisilicon, whose chips are found in many network cameras;
  • And, gives executive agency heads the ability grant a one-time waiver on a case-by-case basis for up to a two-year period.

Specifically, NDAA Section 889 creates a general prohibition on telecommunications or video surveillance equipment or services produced or provided by the following companies (and associated subsidiaries or affiliates):

  • Huawei Technologies Company; or
  • ZTE Corporation

It also prohibits equipment or services used specifically for national security purposes, such as public safety or security of government facilities, provided by the following companies (and associated subsidiaries or affiliates):

  • Hytera Communications Corporation;
  • Hangzhou Hikvision Digital Technology Company; or
  • Dahua Technology Company

While the prohibitions are initially limited to the five named companies, Section 889 authorizes the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the FBI, to extend these restrictions to additional companies based on their relationships to the Chinese Government. The prohibitions will take effect for executive-branch agencies on August 13, 2019, one year after the date of the enactment of the 2019 NDAA, and will extend to beneficiaries of any grants, loans, or subsidies from such agencies after an additional year.

The provisions of Section 889 are quite broad, and key concepts are left undefined, such as how the Secretary of Defense is to determine what constitutes an entity that is “owned or controlled by, or otherwise connected to” a covered foreign country, or how the head of an agency should determine whether a component is “substantial,” “essential,” or “critical” to the system of which it is part. The statute also fails to address the application of the prohibitions to equipment produced by U.S. manufacturers that incorporate elements supplied by the covered entities as original equipment manufacturers (“OEMs”) or other kinds of supplier relationships.

Section 889 contains two exceptions under which its prohibitions do not apply:

(1) It allows Executive agencies to procure services that connect to the facilities of a third party, “such as backhaul, roaming, or interconnection arrangements.” This likely means telecommunications providers are permitted to maintain common network arrangements with the covered entities.

(2) It permits covered telecommunications equipment that is unable to “route or redirect user data traffic or permit visibility into any user data or packets” it might handle, meaning a contractor may still be able to provide services to the Government so long as any covered equipment provided is unable to interact or access the data it handles.

Now we come to short process. First of all we need to find the IP address of the Hikvision device we want to connect too. First of all download SADP. This program will scan your network for Hikvision devices connected on your network.

Older Hikvision devices are shipped with a static IP address of 192.64.0.0, whereas new devices are shipped with DHCP enabled which means they will automatically be assigned an IP address that corresponds to your local network. If you're camera is set to a static IP address you will need to find out what range it needs to be changed to. To find out your local IP address follow the steps below.

  1. click start > control panel
  2. click network and internet
  3. Click network sharing center
  4. click Local area Connection
  5. Look at your IPv4 Default Gateway, it is usually either 192.168.1.1 or 192.168.0.1, however it can differ.

Once you know the default gateway you can set a new IP address for your device. You only want to change the last three digits of the IP address. I would recommend starting the last three digits at 100, so you don't conflict with anything else on your network such as a printer or phone.

If you're not responsible for your network, make sure to check with your IT department or administrators that the IP address isn't already taken.

An example of a set IP address would be 192.168.1.100.

Once you know what IP address to set your device too, you will need the password of the device to set it.
By default the password is 12345 for Hikvision devices.

For a quick overview of what you should see in SADP, check the image below. In the example the IP address is 192.168.1.212, this is because we have a variety of different cameras and devices on our network.

Once all this is set up, your cameras or NVR will be properly configured with your Local Network. You should be able to go into your browser and type in the IP address of the camera/NVR, and it will come up with a log in page.

Getting everything to work in the app


First of all, head on to the play store, as you need to install the iVMS4500 android app. Once you have downloaded the app, go ahead and launch it.

The first time you start up the app you will have to go through a small tutorial, which will show you a variety of cameras in china. Once the tutorial is over, tap the menu tab in the top right corner of the app and then tap the devices tab. from here there will be a plus sign in the top right hand corner. Tap this to add your Hikvision Device.

When you click the plus button you will see the following screen (Minus some information I have already entered) I will explain the options further below.

Alias - what you want to call the device you're adding. Useful for organisation. The alias is exclusive to the app, and doesn't change any actual camera settings.

Register mode - Set this to IP/Domain to add the device via it's IP address properly.

Address - The IP address of the device goes here

Port - usually leave this the same.

Username - admin
Password - 12345

Camera no. - Ignore this part, it will change depending on what device you are adding.

Tap the floppy Disk Icon to save the device.

Now go back, you will return to the devices tab. Uncheck the "Hangzhou, China" device, and check the device you added. From here click live view and you are ready to view your cameras on your local network.

From this point onwards, you will be able to view your Hikvision device on your android device, as long as you are on the same network.

Port-Forwarding, and accessing your devices from anywhere

If you want to access your cameras, or NVR remotely (From anywhere) You will need to have the devices port-forwarded. Port-forwarding is different for each router, but the ports that must be opened remain the same. For more information on Port-Forwarding, and a guide on how to set up your specific router, please head tohttp://portforward.com/.

When port forwarding a Hikvision camera, the ports that should be opened are

Port 80 - HTTP Protocol
Port 8000 - Client Software Port
Port 554 - RTSP Port
Port 1024 - 3G/4G Port, for access via a 3G or 4G mobile connection

Once you have successfully port forwarded your Hikvision device, follow the steps above, relevant to the OS you're using, and then insert the port-forwarded address of the device where the IP option goes.

This view may be slightly choppier, it depends on the speed of your current internet connection.

Q. What is the driving issue behind the National Defense Authorization Act (NDAA),
formerly known as HR5515?
A.     Cybersecurity concerns. In particular, cybersecurity of telecommunications and video surveillance products from specific companies that have deep relationships with a “covered foreign country” government, the People’s Republic of China.

Q.The named companies that are banned by the NDAA are based in China. Does the NDAA ban all video surveillance and telecommunications products and components made in China?
A: No. The NDAA does not ban all products and components that are designed or manufactured in China.
As per NDAA Section 889, f – definitions, 3 – Covered Telecommunications [and Video Surveillance] Equipment or Services, items A through D calls out specifically-named companies “that the Secretary of Defense, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country [The People’s Republic of China]”.
Hence, the NDAA does not ban products manufactured in China by companies that are headquartered and owned by entities that are not based in China.