Sunday, April 16, 2023

Video Surveillance Commissioning Checklist

Video Surveillance Commissioning Checklist 

This below checklist helps end users, integrators and consultants verify that video surveillance installation is complete.

It covers the following sections:

·        Camera Physical Setup

·        Camera View Setup

·        Camera Network / Security settings 

·        Camera Configuration Changes

·        VMS Hardware

·        VMS Security

·        VMS General Settings

·        Workstation Setup

·        Network Setup

·        Cable Verification

CUSTOMIZE: We recommend each person using this customize the list for their own needs / situations. There is no 'one size fits all' checklist but this list is meant to serve as a starting point to make it easier and quicker to build your own.

Before starting in details, if you are customer, hire only experienced / certified professional to commissioning your system. He/she must well known in industry with past work performance certificate like company SSA Integrate in India. Or you get commissioning professional from Product OEM.

Camera

This section covers commissioning of cameras (IP and otherwise), including mounting and physical considerations, FOV/image quality concerns, and network /security setup.

Physical

·        Tighten housing and mount fasteners and screws

·        Weatherproof outdoor mounts

·        Clean lens, dome, and/or housing glass surfaces

·        Label cameras (if required)

Camera View Setup

·        Aim and focus camera (using auto and/or manual fine focus.

·        Save day/full light snapshot (all lights on, in full sun, etc.)

·        Obtain customer approval of daytime field of view

·        Save night snapshot (using worst case scenario, i.e., all lights off interior, if possible cloudy night exterior)

·        Obtain approval night-time performance meets customer specifications /expectations;

·        Save harsh light snapshot if present (such as sunrise/sunset on east/west facing cameras, interior WDR cameras when sun is most direct, etc.);

·        Obtain approval WDR/harsh light performance meets customer specifications/expectations

Network/Security Settings

·        Document MAC address. All network devices (PCs, servers, cameras, switches, etc.) have a fixed address, called a MAC address (Media Access Control), a unique 12 character identifier, such as: AC:CC:8E:0C:B5:F4. MAC is associated with a device's network interfaces, not the general device. In the case of cameras with multiple network connections (e.g., a camera with both a wired ethernet port and an integrated wireless radio), the device would have multiple MAC addresses.

·        Assign and document IP address

·        Update firmware to latest version (or manufacturer recommended/tested if different)

·        Change admin password from default

·        Create multiple users if required (by specification or manufacturer recommendation)

·        Set NTP server and verify time and date;

·        Disable unused services/close unused ports (FTP, telnet, SSH, etc.);

·        Configure IP whitelist/blacklist to limit camera access to authorized stations

Configuration Changes

Note that many of these settings, such as resolution, framerate, compression, motion detection, etc., may be configured in the VMS, though this varies depending on the camera/VMS combination used. Advanced features such as WDR, smart IR, analytics, and smart CODECs are rarely accessed via the VMS and must be configured through the camera web interface.

·        Configure resolution as specified;

·        Configure framerate as specified;

·        Verify recorded video resolution and framerate meet specifications

·        Configure compression settings as required, including quantization, smart CODECs, etc.

·        Configure WDR (on/off, levels, etc.) as specified

·        Configure exposure, e.g., turn off slow shutter, adjust to 1/30s max or faster as required.

·        Configure integrated IR power and smart IR settings if present;

·        Configure video motion detection/analytics/tampering settings;

·        Configure privacy zones as specified;

·        Configure PTZ presets and tours if used

·        Verify PTZ presets and tours if used

·        Disable or configure audio as specified

·        Configure camera title and time/date overlay

·        Configure event notifications (email, text, etc.)

·        Download and retain copy of camera configuration

 

VMS/Recorders

This section covers commissioning of VMS servers and NVRs/DVRs, including both hardware/network setup as well as OS and software. Some of these items may not be used depending on OS and VMS platform. For example, embedded recorders typically do not require OS updates.

Hardware/Security

·        Document MAC address(es) (often more than one if using multiple network cards)

·        Assign and document IP address(es)

·        Apply latest OS updates (unless not recommended by manufacturer);

·        Create secure admin password

·        Create additional users as specified

·        Test UPS operation and runtime (if supplied);

General Settings

·        Update software/recorders to latest version

·        Change admin password from default

·        Create operator/user logins

·        Configure required camera to view (NVR hardware)

·        Set NTP server and verify time and date

·        Configure storage volumes (physical drives, NAS, SAN)

·        Configure storage quotas (maximum recording length)

·        Configure recording schedule (e.g., 24/7, 8am-5pm, off-hours, holidays, etc.)

 

Workstations

This list involves client workstations, including hardware, OS, and VMS client setup and commissioning. Some of these steps may be omitted if local viewing on embedded recorders is used.

·        Document MAC address(es) of each workstation

·        Assign and document IP address(es)

·        Apply latest OS updates (unless not recommended by manufacturer)

·        Create secure admin password

·        Create additional users as specified

·        Update windows features (Assistant downloads and installs feature updates on your device).

·        Install VMS client and update to latest version

·        Configure camera views as required;

·        Configure view tours/switching as required

·        Configure map views as specified;

·        Configure event/alarm lists as required

·        Test UPS operation and runtime (if supplied)

 

Network

This section outlines commissioning of network hardware, including switches, routers, firewalls, etc. Some of these devices may not be used in all systems, or managed by the installing integrator.

·        Document MAC address(es) of each device

·        Assign IP address and document

·        Update switch/firewall/router firmware to latest version

·        Change admin password from default

·        Configure VLAN(s) as required; 

·        Configure QoS as required;

·        Disable unused switch ports as specified;

·        Configure SNMP monitoring if required;

·        Configure MAC filtering if required

·        Download and retain configuration for each switch

·        Test UPS operation and runtime for each switch (if supplied)

 

Cabling

This section covers commissioning of the surveillance cabling system, including labelling, supports, aesthetic concerns, and testing.

·        Label all cables, patch panels, wall outlets, etc., as specified

·        Ensure cables are secured to supports (J-hooks, ceiling truss, etc.)

·        Conceal cables where possible/required

·        Leave properly coiled and dressed service loops at camera location and head end as required; 

·        Test all terminations and document results as specified

·        Document cable test results as specified (if certification is required)

COMMISSIONING CHECKLIST FOR CCTV SYSTEMS

SL No

COMMISSIONING CHECKLIST FOR CCTV SYSTEMS

CONFIRM CHECK ()

COMMENTS

1

Check the installation is in strict accordance with the agreed specification (*and/or Customer Operational Requirement document) and is to a high standard of workmanship.

 

 

2

Check that the system complies with current industry standards, i.e. BS EN 50132-7 or BS EN 62676-4, inspectorates’ code of practice. Note: The agreed specification should state the standards to which it is installed.

 

 

3

*Check the installed system meets the requirements in the agreed system test plan (where used/agreed with the customer).

 

 

4

Check all wiring is correctly terminated and that cables are installed as recommended by the equipment manufacturer(s).

 

 

5

Check the supply voltage is correct to all parts of the system. Record the voltage of all Extra Low voltage equipment. i.e. Cameras, PSUs etc.

 

 

6

Check the system continues to operate correctly when the mains supply is disconnected (if stand-by power supply is specified / used).

 

 

7

Check the correct operation of all monitoring, multiplexing, switching & recording equipment (including time synchronisation) meets the agreed specification, including image quality & image export requirements.

 

 

8

Check privacy masking zones are set up as agreed / where appropriate, and in accordance with the agreed specification.

 

 

9

Check correct camera & lens combination fitted. Field of view and image quality in accordance with the agreed specification

 

 

10

Check correct alarm interface triggering including alignment / range / sensitivity of associated detection devices.

 

 

11

Check correct operation of functional cameras (e.g. PTZ, wash/wipe, zoom, focus) for free movement with no obstructions

 

 

12

Check correct setting of all pan / tilt / zoom limits

 

 

13

Check ancillary equipment such as lighting & movement detectors are functioning correctly (if applicable).

 

 

14

Check recording resolution of each camera and mansion

 

 

15

Check all interfaces to alarms trigger the correct camera, preset and recording modes as applicable.

 

 

16

Check appropriate warning notices have been provided and affixed as necessary.

 

 

17

Check Hard disk Capacity and indicate with quantity

 

 

18

For remote monitored CCTV systems, check with the Remote centre for image quality, recording, receipt of alarms etc. Note: For detector activated CCTV systems, BS8418 applies.

 

 

19

The designated user(s) has received a training and instruction on the correct operation of the system including any adjustable features.

 

 

20

For remote monitored CCTV systems, procedures for summoning support and any agreed requirements have been explained to the user.

 

 

21

The correct documentation has been provided to enable the system to be operated correctly.

 

 

22

A system logbook has been provided and an explanation of how to record / report events given.

 

 

23

Contact details for summoning assistance have been provided in the logbook and their use explained to the user.

 

 

24

Any security code numbers / password, keys and software license details have been issued and explained to the user.

 

 

25

 Comments/outstanding work.

 

 

* where applicable.

Above report sheet any one can use as “customer CCTV handover & acceptance certificate”.

I confirm that the CCTV system has been installed to my satisfaction, and that the premises have been left in a tidy condition and that I have received:

1. Training & full written instruction in the operation of the system

2. A CCTV system logbook duly explained, completed with contact details for summoning support.

The CCTV section encourages debate on new developments and concerns, such as digital video evidence and facilitating communication protocols between different manufacturers’ products. In doing so it seeks to ensure that all stakeholder interests are represented including: security companies, users, the police, inspectorates and insurers. The section also works with government on these issues. Always try to use NDAA (National Defence Authorization Act 2018 ) approved camera & NVR hardware.
NDAA Section 889 creates a general prohibition on telecommunications or video surveillance equipment or services produced or provided by the following companies (and associated subsidiaries or affiliates):

·        Huawei Technologies Company; or

·        ZTE Corporation

It also prohibits equipment or services used specifically for national security purposes, such as public safety or security of government facilities, provided by the following companies (and associated subsidiaries or affiliates):

·        Hytera Communications Corporation;

·        Hangzhou Hikvision Digital Technology Company; or

·        Dahua Technology Company


Saturday, April 1, 2023

Pros and cons of using drones for perimeter security

Pros and Cons of using Drones for Perimeter security

Physical intrusion in private properties still remains a major concern today. To counter this, people generally resort to video surveillance in combination with other hardware.

According to a report from Markets and Markets, the video surveillance market, which includes both hardware and software, is presently at USD 45.5 billion and is expected to reach USD 74.6 billion by 2025.

These unmanned aerial vehicles (UAVs) offer a range of benefits over traditional security measures, including improved coverage, faster response times, and reduced costs. For physical security installers, integrating drones into their security solutions can provide a significant competitive advantage and open up new business opportunities.

Perimeter security is an active barrier or fortification around a defined area to prevent all forms of intrusion. Modern security systems are an amalgamation of sophisticated hardware and software that generally include cameras, motion sensors, electric fencing, high-intensity lights, and a command center to manage them all.

Challenges with conventional security systems (without drones) for perimeter security

Below are some of the drawbacks and limitations that are inherent in a conventional security system:

·        CCTV cameras and motion detectors are stationary, thus leaving plenty of room for blind spots.

·        Patrolling requires human guards – for larger areas, this is the least efficient way of securing a premise.

·        Response to an intrusion is delayed since a human responder has to reach the location.

 

5 advantages of using drones for perimeter security

While there are several advantages to using perimeter security drones, customers must know that not every benefit may apply to every vertical. For example, drones may offer better coverage in some cases, but if a site is riddled with obstacles in the form of complex buildings, UAVs may find it difficult to operate. Having said that, here are five benefits:

1. Improved coverage

One of the most significant advantages of using drones for perimeter security is the ability to provide wider coverage of the area being monitored. Drones can fly at various heights and angles, enabling them to capture footage from locations that may be difficult or impossible to reach using traditional security measures. As a result, drones can provide a more comprehensive view of the perimeter and identify potential security threats more effectively.

2. Faster response times

Drones can respond to security incidents much faster than human security personnel. Once a potential threat is detected, the drone can quickly move to the location and assess the situation, providing real-time information to security teams. This enables security personnel to respond more rapidly and effectively, potentially preventing security breaches or minimizing the damage caused by such incidents.

3. Reduced costs

Drones can be a cost-effective alternative to traditional security measures. By using drones, physical security installers can reduce the need for expensive human resources, such as security guards. In addition, drones can provide 24/7 surveillance, reducing the need for multiple security shifts and reducing overall operating costs.

4. Flexibility

Drones can be deployed quickly and easily, making them ideal for providing security in a range of scenarios. They can be used for event security, construction site security, critical infrastructure security, and many other applications. Additionally, drones can be programmed to follow specific flight paths or patrol specific areas, providing increased flexibility and customization.

5. Improved safety

Drones can be used to provide security in hazardous or hard-to-reach areas, reducing the risk to human security personnel. For example, drones can monitor areas that are prone to natural disasters, such as flood-prone areas or earthquake-prone regions. This can help to ensure the safety of security personnel and reduce the risk of injury or loss of life.

5 disadvantages of using drones for perimeter security

Although the advantages may outweigh the disadvantages in many verticals, customers need to remain aware that drones have several limitations. At the end of the day, drones are restricted by several factors and optimizing your security operations around these limitations is essential to achieving the best results.

1. Limited flight time

One of the primary limitations of using drones for perimeter security is the limited flight time. Most commercial drones have a flight time of 20-30 minutes, which may not be sufficient for large areas or extended surveillance periods. This means that multiple drones may be required to cover a single perimeter, increasing costs and complexity.

2. Dependence on technology

Drones are highly dependent on technology and may be susceptible to system failures, such as signal loss or malfunctioning equipment. This could compromise the effectiveness of the security system and potentially lead to security breaches.

3. Weather conditions

Many drones are highly sensitive to weather conditions, and high winds, rain, or fog can compromise their effectiveness. This means that they may not be suitable for use in all weather conditions, reducing their overall effectiveness.

4. Privacy concerns

The use of drones for security purposes may raise privacy concerns among individuals in the area being monitored. This could lead to legal challenges or a negative public perception of the security system, which could undermine its effectiveness.

5. Regulatory constraints

The use of drones for security purposes is subject to a range of regulatory constraints, including restrictions on flying in certain areas or operating outside of certain hours. This could limit the effectiveness of the security system or add complexity to its operation. Also, several countries like the US require commercial drone operators to hold valid licenses, which might further increase operational costs.

Conclusion

In short, the use of drones for perimeter security has both advantages and disadvantages. While drones offer improved coverage, faster response times, reduced costs, flexibility, and improved safety, they are also limited by their flight time, dependence on technology, weather conditions, privacy concerns, and regulatory constraints.

Regarding technology, factors to consider also include the type of drone to use. For instance, while remote-controlled drones are popular, several leading companies offer autonomous drones that offer a host of several advantages and disadvantages.

Physical security integrators must carefully evaluate these factors before deciding to add drones into their security solutions. With careful planning and implementation, however, drones can provide a significant competitive advantage and help to enhance the effectiveness of security systems.

FAQ (Frequently Asked Questions)

Q: How Drones add a new dimension to perimeter security?

A: Drones are mobile flying machines that can go anywhere. Thus they eliminate blind spots. In the event of an intrusion, a drone can apprehend an intruder real-time fast and send footage realtime to remote viewers.

Q: What impact can drones have on the security industry?

A: Drones have pushed the technology bounds of the security industry. They are making security systems smart and robust, which can tackle all forms of threats.

Q: What are the Uses of drones for perimeter security?

A: Drones are used in conjunction with CCTV cameras and other sensors to apprehend intruders fast and send real-time feedback to remote viewers.

Q: Can we use drone for remote surveillance security purposes?

A: Drones can be remotely controlled using a fleet management system like FlytNow. Such a system allows a user to manage and control multiple drones from a unified dashboard remotely. The user even has access to the live video feed.

Q: What drones are used for security operations?

A: 1. DJI Matrice 200 Series

2. Yuneec H520

3. Parrot Anafi

4. Autel Robotics EVO

5. DJI Inspire 2

6. DJI Phantom 4 Pro

7. Aibotix X6

8. Skydio 2

9. DJI Mavic 2 Pro

10. DJI Mavic Air

Wednesday, March 15, 2023

Camera Ban Due to Zero Cyber Security

 Camera Ban Due to Zero Cyber Security

Since what some experts considered a password-free engineering hack was found between firmware layers in HikVision cameras around 5 years ago, CCTV cameras manufactured in China have been squeezed from Australian federal government contracts, despite the fact no Chinese-made video surveillance camera in Australia (or anywhere else in the world) has been found transmitting video streams to the Chinese Government. 


The US communications regulator singled out tech giants Huawei and ZTE and surveillance camera makers Hikvision and Dahua. Spy chiefs have warned that the US could be vulnerable to economic espionage or digital sabotage.

The UK Government departments have been told to stop installing surveillance cameras made by Chinese companies on "sensitive sites" because of security concerns.

Both the UK and Scottish governments have banned Hikvision plus other PRC providers from certain government usage for national security reasons, in a sea change for UK video surveillance.

The Governor of New Hampshire has banned products from certain PRC companies including Dahua, Hikvision, and TikTok for use on state networks or devices in an executive order.

Security threat accusation is made against the Smart City project. The Mangaluru City Corporation (MCC) has installed Hikvision brand CCTV cameras in the city. This company is of China origin.

The Indian government has restricted PRC manufacturers such as Dahua and Hikvision from bidding on Indian government projects.


At this point, it’s worth noting that almost all professional CCTV cameras are installed on secure subnets supported by dedicated switches, servers, and video management systems, or they are installed standalone on DVR and NVRs. These systems log network actions from authorised users, including camera views, saves, searches and applications of analytics functionality, where this applies.

It goes without saying that no pro-grade network intrusion detection system could fail to alert network engineers to the transmission of big band video signals from secure network ports to an external network location. It would generate an immediate alert, remedial action and public condemnation.

While IP cameras can upgrade firmware automatically over public networks and will undertake handshakes with a manufacturer’s servers, these actions are ubiquitous across network devices of all types and, in the case of CCTV cameras, can be deactivated, with devices either left using original firmware, or upgraded manually.

Typically, network-based electronic security systems are updated manually by security teams managing system maintenance. These Australian security techs are highly integrated with an end user’s security operations team and will respond at a moment’s notice to issues of camera performance, network failure, or network breach.

Further, in compact applications, such as in the suburban high street offices of MPs, 3-4 CCTV cameras are installed in a basic star configuration that revolves around a PoE NVR/DVR supported by a dedicated keyboard, mouse and monitor. They are not connected to local data networks, let alone hooked to out of country servers – unlike a significant number of other manufacturers, neither Hikvision nor Dahua offers VSaaS in Australia.

Typically, the basic turret cameras used in such applications are mid-wide angle, have modest resolutions, fixed lenses, and are installed with an outward-facing angle of view covering front and rear entrances, car spaces and foyers to allow recording of events for police investigation after an incident.

Recordings are undertaken on local hard drives and written over after 30 days. Viewing of footage and event searches can only be undertaken by a person with access control rights to the location, and who is authenticated with a password issued by a nominated system administrator – typically an admin assistant or office manager who works on-site.

These cameras are installed for safety and security, not to ‘spy’ on MPs. Nor are these cameras being ‘found’ by shocked staffers in third-tier government applications, as if the cameras crept in at night and hung themselves onto walls, as some news websites have implied.

These CCTV systems were installed in plain sight by professional Australian security technicians using products supplied and supported by professional Australian security distributors with technical support from suppliers’ local operations, after an official government tender process.

These cameras and related systems were chosen by government decision makers because they offered the best performance for the least cost. This is not an imperative that will change when government agencies next take locations with modest security requirements to tender.

Similar strictures around installation and governance apply to the 11 Hikvision cameras at the Australian War Memorial, which are likely external bullet cameras installed to view choke points and entries, and are entirely governed by local subnet rules and managed and viewed using an over-arching video management system provided by a third party.

This server-based VMS brings together all the cameras across the site onto a video wall for monitoring by a dedicated security team. It’s normal for a major site like the Australian War Memorial to have multiple camera brands and camera types installed for different reasons at different times with different priorities of budget. Expensive upgrades are undertaken in stages.

Milestone has discontinued technology partnerships with "mainland China" companies, including mega-manufacturers Dahua and Hikvision, the company confirmed to IPVM.

Ambarella, a major supplier of AI chips for IP cameras, has stopped selling to Dahua, Ambarella confirmed to IPVM.

Western Digital and Seagate are no longer selling to Dahua due to US semiconductor export controls imposed on Nov 2022, IPVM has confirmed with WD directly and from sources for Seagate.

ADI has stopped relabeling Dahua, a year after the company secretly started selling relabeled Dahua gear as an ADI house product, despite the NDAA ban, human rights sanctions, and the FCC designation of Dahua as a threat to national security.

The most cyber secure IP surveillance camera is Mobotix, however, the Australian government rarely uses this brand, despite its enormous operational flexibility and impeccable cybersecurity credentials. Bosch, Axis and iPro are also highly regarded, and tier 1 offerings from everyone else – including HikVision and Dahua, which put considerable effort into cybersecurity and transparency to correct early issues that impacted all CCTV camera makers – are close behind.

Unsurprisingly in the current geopolitical climate, Chinese CCTV cameras are by far the most examined network devices when it comes to cyber security, and their camera firmware and supporting management solutions are constantly trawled through by experts looking for issues in devices that, despite their ‘surveillance’ function, are static edge sensors, governed by the settings of the network switches and servers that manage them.

It’s impossible to believe the Australian government’s highly qualified cybersecurity experts are not perfectly aware that edge devices, like CCTV cameras, when properly commissioned and installed on well-designed and secure data networks, are impossible to access remotely, and can’t be infected by ‘spyware’ in the way a mis-managed workstation or laptop might be.

Instead, they must be acutely aware the greatest security threats to security systems are posed by errors in network application, a failure to activate camera cybersecurity settings during installation and pre-commissioning, and weaknesses in the physical security around network components. And cybersecurity experts must know such risks apply to every networked device across a department’s topology – phones, switches, wired and wireless routers, laptops, servers, apps – not just to devices offering click-worthy headlines.

In our opinion, given the highly evolved state of cybersecurity in professional CCTV cameras (and intercoms), the possibility edge devices in secure subnets from any camera manufacturer, could suddenly breach network security settings and start operating unilaterally is so vanishingly small that cybersecurity can’t be the problem.

Instead the government’s core issue seems to be one of uncertainty and misunderstanding around a technology that, when properly installed and managed, leaves virtually no room for uncertainty at all.

Ref:
IPVM Portal
Sen network
US, UK web pages