Thursday, June 1, 2023

Ports on Security Camera NVR & DVR

Ports on Security Camera, NVR & DVR?

When you receive your DVR you might be wondering what some of the ports are for. This article will explain some of them, the reason they are their as well as a little bit of history.

USB = Universal Serial Bus

Universal Serial Bus is an industry standard developed in the mid-1990s to replace the slower serial and ps2 communication ports on a computer. The purpose was to be able to attach devices like a mouse, a keyboard, disk drives, network adapters, portable media players, and other devices that help qualify the word Universal in the name of the port. It has become such a standard that it has evolved over the years as USB 1.x, USB 2.0, USB 3.0, USB 3.1, and USB Type-C. The DVRs and NVRs continue with this trend by offering USB ports for connecting a mouse and flash drives or hard drives to the unit by using one of the available ports. Unfortunately, USB keyboards are not supported by the operating system and only the online keyboard is available for entering data. DVRs and NVRs are very similar to computers, so the device needs to be supported in the operating system. This matters especially when connecting drives in the sense that you could try to use a USB drive that is too new for the unit. A DVR or NVR manufactured during a certain era will only support flash drives and hard drives with sizes appropriate to that era. For example, you will not find a 64GB flash drive or a 6 Terabyte hard drive in 2007. There is no harm plugging in a USB drive to see if it is recognized since the port is plug and play.

Ethernet Port

An 8P8C (8 position 8 contact) modular connector, often called RJ45 (Registered Jack 45), has become an extremely important plug since the world wide web is connected with this standard Ethernet port on all kinds of devices. Our DVRs have one Ethernet port so that they can connect to a router for access to the unit from the world wide web. Our NVRs have the same port, and may also have power over Ethernet ports (POE) for cameras to connect to it for power and video data transmission. You can buy an 8 channel NVR, for example, that has a built-in 8 port POE switch that allows you to plug 8 IP network cameras into the back of the unit. You can also buy an 8 channel NVR that does not have any built in POE ports, so the video data would need to be networked back to the NVR. This can congest a network if you have other computers and devices using the same routers and switches, but there are ways to design your network topology to reduce or separate traffic.

BNC Connector

The BNC connector derived its name from Bayonet Neill–Concelman, which is a combination of its bayonet mount locking mechanism and its inventors, Paul Neill and Carl Concelman. The BNC connector is a quick connect radio frequency connector commonly made in 50 and 75 ohm versions used for coaxial cable.

This connector has become the heart and soul of the analog and HD-CVI DVR because of a quick plug and play connection option. Many people like to use existing coax cable and continue to use it with new technologies like HD-CVI rather than mess with a complete overhaul to an IP technology system. While IP may be the future, this connector has found new legs with new technologies and should remain viable for years to come. As long as coax cable still exists, the BNC connector will remain the default option.

RCA Connector

An RCA connector is designed to carry audio and video signals, and received its name from the Radio Corporation of America in the early 40s when it was designed to be an internal connector in home radio-phonograph consoles. This port has evolved over the years to encompass video in the famous red, white, and yellow composite video. Our DVRs and NVRs use the connector for audio-in and audio-out primarily since video on our DVRs is covered by the BNC port and NVRs use networking to transmit video.

HDMI Port

HDMI stands for High-Definition Multimedia Interface, and it is a proprietary interface designed for sending video and audio to and from HDMI compliant devices. The video is uncompressed and the audio can be compressed or uncompressed. Our DVRs and NVRs have this port as a connection option to a TV or monitor for viewing the live video or playback, as well as adjusting the settings of the unit through the menu options. The main improvement of this port over VGA, for example, is the ability to do high definition without video loss, which allows us to see higher quality video. This means that we can see more cameras on the screen at one time clearly and see more detail.

In Summary

There were many ports used in the past that are now likely on the way out. Most notably is the RS485 connector that is used to control the PTZ cameras. With Ethernet IP camera and HD-CVI camera technologies taking off, connecting a PTZ is now done over the one cable with no additional cables needed for PTZ control. They should still be present on hybrids and tribrids, but anyone buying a new system should opt for one of the new technologies since video surveillance is about protecting assets. VGA should hang around a little longer, but HDMIs ability to handle high definition video without video loss and audio on the same cable, make it very convenient. RS232 / Serial, PS2, LPT, are all in the port graveyard, but there are likely still some machines out there that have them.

No doubt that new standard ports will come, as they are always being invented or improved. The research and development teams at all technology companies are working towards the next big thing, so that they can create a new standard port for years to come. DVR and NVR companies will incorporate any new port into their system that is useful as it grows in popularity. For example, if a port replaces USB 3.0 for connecting external hard drives, that would become a standard very quickly.

Some software based port are required to come online of IP camera, DVR or NVR. One for the HTTP port (port 80) and one for the TCP port (port 37777). You will find that the majority of network devices which are accessible using an Internet browser will be set as standard to port 80, including IP cameras and routers etc. This is due to the standard port for HTTP, or information being displayed through an browser, being port 80.

HTTPS (Hypertext Transfer Protocol Secure) is a secured HTTP version where all traffic is bind with strong encryption that passes through Port 443. This port is also connected with TCP protocol and creates a secure connection between the webpages and browser.

Port 554 RTSP for communication between the Content Server and the Wowza Media Server. Needs to be open between the Content Server and the Wowza Media Server.

TCP port 9530 uses the Transmission Control Protocol. TCP is one of the main protocols in TCP/IP networks. TCP is a connection-oriented protocol, it requires handshaking to set up end-to-end communications. Only when a connection is set up user's data can be sent bi-directionally over the connection.

Attention! TCP guarantees delivery of data packets on port 9530 in the same order in which they were sent. Guaranteed communication over TCP port 9530 is the main difference between TCP and UDP. UDP port 9530 would not have guaranteed communication as TCP.

A web server would typically have this open and listening if there are any types of these activities. If the machine is windows you can run "netstat -a -b -v -n", to display the processes associated with a particular open port.

A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei (HiSilicon), Huawei subsequently refuted their involvement.

How the Backdoor Works

The backdoor uses port knocking via the management port of vulnerable equipment. A series of commands are sent to the device via the management port, TCP 9530, which in turn opens telnet. When telnet is enabled the attacker can use one of six hardcoded root credentials to gain full control of the vulnerable device.

The skill level needed to exploit this is low and similar to the skill level needed to exploit the Dahua Wiretapping Vulnerability from last year, requiring a limited working knowledge of python. A proof of concept is available, which is used to:

Send a command to open Telnet on the target device (OpenTelnet: OpenOnce)
Use a pre-shared key for access (2wj9fsa2)
Receive an 8 character number / respond with that number + PSK
Open a Telnet session with the device
Login with 1 of 6 hardcoded root accounts

Major Chinese Manufacturer Impact Unlikely

Major China manufacturers like Dahua, Hikvision, Uniview are not impacted, from everything we have seen. We executed the proof of concept code from the disclosure on multiple devices and were unable to gain access using the backdoor.

The backdoor primarily impacts devices using HiSilicon SOC with Xiongmai software, which is dozens of small OEM manufacturers, using minimally modified OEM firmware, Open Source OS and drivers, and enabling telnet on port 9530.

Further Reading:
https://ipvm.com/reports/hik-backdoor
https://ipvm.com/reports/hik-exploit
https://ipvm.com/reports/dahua-backdoor
https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html
https://www.malwarebytes.com/blog/news/2021/09/patch-now-insecure-hikvision-security-cameras-can-be-taken-over-remotely
https://www.securityweek.com/many-hikvision-cameras-exposed-attacks-due-critical-vulnerability/
https://www.securityweek.com/backdoor-found-dahua-video-recorders-cameras/

Monday, May 15, 2023

Port Forwarding on a Netcomm 3G Broadband Router 3G15Wn

This guide will walk you through the steps of port forwarding on the Netcomm 3G Broadband router 3G15Wn (Firmware L411-402NVM-C01_R10)

NetComm's web user interface (UI) was easy to navigate, although for no reason we could determine loading any of the wireless configuration pages took an exceedingly long time, leading to frustration.

Almost every menu option also creates a drop down when you mouse over, which is fine enough, but some of those drop-down menus then expand sideways when you mouse over them, with no indication that there's further options hidden there in the first place. With 16 menu items under the "Advanced" menu, many of which have daughter menus, it's really quite easy to get lost, or have an idea of just how many features there are.

1) Open up your favorite browser and go to the router’s default gateway address.

http://192.168.1.1 (Default Address)

2) Log in to the router.

Default Username: admin

Default password: admin

3) Once you have logged into your router go to the “Advanced” tab hover over “NAT” then click “Port Forwarding”.

4) Click on “Add” ad the bottom of the page.

5) Be sure to select the radio button “Custom Service” and choose a name for the service (small description eg. web, camera, xbox, etc..). “Server IP Address” is the Internal IP address that you want the port to be open on. Be sure you have “Protocol” set to “TCP/UDP” and “External Port” is the port you wish to open, “Internal Port” is the port leading to the machine on your home network. Apply/Save.

Once you save the settings you should now be able to test your port at www.portchecktool.com. Please keep in mind your ISP (Internet Service Provider) can be blocking certain ports such as port 80, 25 and 21. You can call and ask if they are. If you are still not able to see the ports check your firewall and anti-virus software on your computer.

An example configuration, you have a web cam that has the IP address 192.168.1.100 and it runs on port 80. You want to be able to access this camera from outside your network on port 8080. You would enter the below values into port forwarding page.

Custom Service = Small Description

Server IP Address = 192.168.1.100

Protocol = TCP/UDP

External Port = 8080

Internal Port = 80

Then to view the camera you would use your No-IP host of “somehost.no-ip.com” like this: http://somehost.no-ip.com:8080 to reach the webcam.

Port Forward Troubleshooting

If you are having problems with a port forward, try the following.

1. If you did not exactly follow the How can I forward ports with pfSense? guide, delete anything you have tried, and start from scratch with those instructions.

2. Port forwards do not work internally unless you enable reflection. Always test port forwards from outside your network.

3. If you're still having problems, edit the firewall rule that passes traffic for the NAT entry, and enable logging. Save and Apply Changes. Then try to access it again from the outside. Check your firewall logs to see if the traffic shows as being permitted or denied.

4. Use tcpdump to see what's happening on the wire. This is the best means of finding the problem, but requires the most networking expertise. Start with the WAN interface, and use a filter for the appropriate protocol and port. Attempt to access from outside your network and see if it shows up. If not, your ISP may be blocking the traffic, or for Virtual IPs, you may have an incorrect configuration. If you do see the traffic on the WAN interface, switch to the inside interface and perform a similar capture. If the traffic is not leaving the inside interface, you have a NAT or firewall rule configuration problem. If it is leaving the interface, and no traffic is coming back from the destination machine, its default gateway may be missing or incorrect, or it may not be listening on that port. For certain types of traffic you may see return traffic indicating the host is not listening on that port. For TCP, this would be a TCP RST. For UDP, it may be an ICMP Unreachable message.

Common Problems

1. NAT and firewall rules not correctly added (see How can I forward ports with pfSense?). Hint: You probably do NOT want to set a source port.

2. Firewall enabled on client machine.

3. Client machine is not using pfSense as its default gateway.

4. Client machine not actually listening on the port being forwarded.

5. ISP or something upstream of pfSense is blocking the port being forwarded

6. Trying to test from inside your network, need to test from an outside machine.

7. Incorrect or missing Virtual IP configuration for additional public IP addresses.

8. The pfSense router is not the border router. If there is something else between pfSense and your ISP, you must also replicate port forwards and associated rules there.

9. Forwarding ports to a server behind a Captive Portal. You must add an IP bypass both to and from the server's IP in order for a port forward to work behind a Captive Portal.

10. If this is on a WAN that is not your default gateway, make sure there is a gateway chosen on this WAN interface, or the firewall rules for the port forward would not reply back via the correct gateway.

11. If this is on a WAN that is not your default gateway, ensure the traffic for the port forward is NOT passed in via Floating Rules or an Interface Group. Only rules present on the WAN's interface tab under Firewall Rules will have the reply-to keyword to ensure the traffic responds properly via the expected gateway.

12. If this is on a WAN that is not your default gateway, make sure the firewall rule(s) allowing the traffic in do not have the box checked to disable reply-to.

13. If this is on a WAN that is not your default gateway, make sure the master reply-to disable switch is not checked under System > Advanced, on the Firewall/NAT tab.

14. WAN rules should NOT have a gateway set, so make sure that the rules for the port forward do NOT have a gateway configured on the actual rule.

Monday, May 1, 2023

Netgear Genie R7000 Port Forwarding for Security DVR

Within the Netgear Genie Nighthawk R7000, there is a port forwarding section you will need to access for port forwarding. To enable port forwarding on your system you will need to make “port rules” in your router to allow select traffic from the internet to allow access to devices on your network. Without this configuration you will not be able to view your surveillance cameras remotely either online or from your phone. Therefore you must go through the steps listed below to configure your router to allow for this traffic. This particular guide is for the Netgear Genie Nighthawk R7000..

You can use this guide to help configure port forwarding on the Netgear Genie router for any device on your network. There are two rules that must be made on your router for your security surveillance system. One rule for port 80 and one rule for port 37777. Port 80 is a port that is commonly used by other applications as well, so in the event that it is already being used by another service, you will have to use another rule such as port 8080. For this demonstration we will use port 8080 as an example.

You must check your DVR’s network menu and change the HTTP Port from 80 to 8080 if you need to utilize a different port number.

1) Access your router

You must access your router on your home network in order to make any changes. To do this you need to find your Default Gateway(Router’s IP address) of your network. You can follow this guide {here} to find your default gateway. For this type of router, it is commonly 192.168.1.1. Type this IP address directly into your internet browser bar to bring up the router login screen. Here you will be prompted for your login credentials. If you do not know your login credentials, you can check online for the manufacturer default, or call your internet service provider..

2) Navigate to Port Forwarding Section

Once you have accessed your router, you will see two tabs at the top for “Basic” and “Advanced.”

Choose “Advanced” to bring up choices on the left side of the screen. Click on the “Advanced Setup” drop down menu and from here select the option “Port Forwarding / Port Triggering.” This will bring up the menu we need to create port rules in your router.

3) Create Port Forwarding Rules

First at the bottom of the menu there will be an icon for “add custom service.” Click here to make your first rule. You will see several areas that you need to fill out to create this rule. Let’s go through the steps and make the first rule for port 8080.

3.1) Service name

This is the name you want to give your port rule. Make it something easy to find and distinguish later, such as “port 8080.”

3.2) Service type

This is the type of service you are creating. Keep this TCP/UDP

3.3) External starting point and External ending point

Both of these options must be the port number you are creating the rule for, in this case type 8080.

3.4) Internal Starting Port and Internal ending point

Again, both of these must be the port number you are creating the rule for, in this case type 8080.

3.5) Internal IP address

This is the IP address of the device you are accessing with this port rule. The device, you want internet traffic routed to. For this, you must type in your DVR’s, NVR IP address, found in the DVR’s, NVR networking section.

After these steps are completed, hit “apply” to create this rule. You have just created the necessary port rule for port 8080. Follow these steps again and create a rule for port 37777, using the same steps but everywhere you entered 8080 before, you would now enter 37777. If you have created these two rules appropriately, you should be ready to access your DVR, NVR remotely either online or through your phone.

4) Scanning your Ports

Last, you want to make sure that the rules you configured are applied to your router and active, meaning that these ports are now open for use. You can check if your ports are open by scanning the ports.

Go to GRC.com to scan for open ports on your internet connection. This must be done from the same internet connection as to which the DVR, NVR is connected.

Click Proceed to begin, and wait for the next page to load.

When the page reloads, you will then type just the two port numbers in the search bar separated by a comma such as "8080, 37777" not "port 8080, port 37777." Click "User Specified Custom Port Probe" to check for open ports on your router.

Look only at the status next to each port after the scan is complete If the status next to the ports is "Open", then the port rules should be applied correctly and you are done. If they say "Closed" then the rules were not created properly or there is some other issue happening. If they say "Stealth" however, this points to an issue with your internet service provider (ISP). Your ISP is blocking these or all ports from being used for whatever reason and you will have to contact them to resolve this issue.

Sunday, April 16, 2023

Video Surveillance Commissioning Checklist

This below checklist helps end users, integrators and consultants verify that video surveillance installation is complete.

It covers the following sections:

· Camera Physical Setup

· Camera View Setup

· Camera Network / Security settings

· Camera Configuration Changes

· VMS Hardware

· VMS Security

· VMS General Settings

· Workstation Setup

· Network Setup

· Cable Verification

CUSTOMIZE: We recommend each person using this customize the list for their own needs / situations. There is no 'one size fits all' checklist but this list is meant to serve as a starting point to make it easier and quicker to build your own.

Before starting in details, if you are customer, hire only experienced / certified professional to commissioning your system. He/she must well known in industry with past work performance certificate like company SSA Integrate in India. Or you get commissioning professional from Product OEM.

Camera

This section covers commissioning of cameras (IP and otherwise), including mounting and physical considerations, FOV/image quality concerns, and network /security setup.

Physical

· Tighten housing and mount fasteners and screws

· Weatherproof outdoor mounts

· Clean lens, dome, and/or housing glass surfaces

· Label cameras (if required)

Camera View Setup

· Aim and focus camera (using auto and/or manual fine focus.

· Save day/full light snapshot (all lights on, in full sun, etc.)

· Obtain customer approval of daytime field of view

· Save night snapshot (using worst case scenario, i.e., all lights off interior, if possible cloudy night exterior)

· Obtain approval night-time performance meets customer specifications /expectations;

· Save harsh light snapshot if present (such as sunrise/sunset on east/west facing cameras, interior WDR cameras when sun is most direct, etc.);

· Obtain approval WDR/harsh light performance meets customer specifications/expectations

Network/Security Settings

· Document MAC address. All network devices (PCs, servers, cameras, switches, etc.) have a fixed address, called a MAC address (Media Access Control), a unique 12 character identifier, such as: AC:CC:8E:0C:B5:F4. MAC is associated with a device's network interfaces, not the general device. In the case of cameras with multiple network connections (e.g., a camera with both a wired ethernet port and an integrated wireless radio), the device would have multiple MAC addresses.

· Assign and document IP address

· Update firmware to latest version (or manufacturer recommended/tested if different)

· Change admin password from default

· Create multiple users if required (by specification or manufacturer recommendation)

· Set NTP server and verify time and date;

· Disable unused services/close unused ports (FTP, telnet, SSH, etc.);

· Configure IP whitelist/blacklist to limit camera access to authorized stations

Configuration Changes

Note that many of these settings, such as resolution, framerate, compression, motion detection, etc., may be configured in the VMS, though this varies depending on the camera/VMS combination used. Advanced features such as WDR, smart IR, analytics, and smart CODECs are rarely accessed via the VMS and must be configured through the camera web interface.

· Configure resolution as specified;

· Configure framerate as specified;

· Verify recorded video resolution and framerate meet specifications

· Configure compression settings as required, including quantization, smart CODECs, etc.

· Configure WDR (on/off, levels, etc.) as specified

· Configure exposure, e.g., turn off slow shutter, adjust to 1/30s max or faster as required.

· Configure integrated IR power and smart IR settings if present;

· Configure video motion detection/analytics/tampering settings;

· Configure privacy zones as specified;

· Configure PTZ presets and tours if used

· Verify PTZ presets and tours if used

· Disable or configure audio as specified

· Configure camera title and time/date overlay

· Configure event notifications (email, text, etc.)

· Download and retain copy of camera configuration

VMS/Recorders

This section covers commissioning of VMS servers and NVRs/DVRs, including both hardware/network setup as well as OS and software. Some of these items may not be used depending on OS and VMS platform. For example, embedded recorders typically do not require OS updates.

Hardware/Security

· Document MAC address(es) (often more than one if using multiple network cards)

· Assign and document IP address(es)

· Apply latest OS updates (unless not recommended by manufacturer);

· Create secure admin password

· Create additional users as specified

· Test UPS operation and runtime (if supplied);

General Settings

· Update software/recorders to latest version

· Change admin password from default

· Create operator/user logins

· Configure required camera to view (NVR hardware)

· Set NTP server and verify time and date

· Configure storage volumes (physical drives, NAS, SAN)

· Configure storage quotas (maximum recording length)

· Configure recording schedule (e.g., 24/7, 8am-5pm, off-hours, holidays, etc.)

Workstations

This list involves client workstations, including hardware, OS, and VMS client setup and commissioning. Some of these steps may be omitted if local viewing on embedded recorders is used.

· Document MAC address(es) of each workstation

· Assign and document IP address(es)

· Apply latest OS updates (unless not recommended by manufacturer)

· Create secure admin password

· Create additional users as specified

· Update windows features (Assistant downloads and installs feature updates on your device).

· Install VMS client and update to latest version

· Configure camera views as required;

· Configure view tours/switching as required

· Configure map views as specified;

· Configure event/alarm lists as required

· Test UPS operation and runtime (if supplied)

Network

This section outlines commissioning of network hardware, including switches, routers, firewalls, etc. Some of these devices may not be used in all systems, or managed by the installing integrator.

· Document MAC address(es) of each device

· Assign IP address and document

· Update switch/firewall/router firmware to latest version

· Change admin password from default

· Configure VLAN(s) as required;

· Configure QoS as required;

· Disable unused switch ports as specified;

· Configure SNMP monitoring if required;

· Configure MAC filtering if required

· Download and retain configuration for each switch

· Test UPS operation and runtime for each switch (if supplied)

Cabling

This section covers commissioning of the surveillance cabling system, including labelling, supports, aesthetic concerns, and testing.

· Label all cables, patch panels, wall outlets, etc., as specified

· Ensure cables are secured to supports (J-hooks, ceiling truss, etc.)

· Conceal cables where possible/required

· Leave properly coiled and dressed service loops at camera location and head end as required;

· Test all terminations and document results as specified

· Document cable test results as specified (if certification is required)

COMMISSIONING CHECKLIST FOR CCTV SYSTEMS

SL No	COMMISSIONING CHECKLIST FOR CCTV SYSTEMS	CONFIRM CHECK (✓)	COMMENTS
1	Check the installation is in strict accordance with the agreed specification (*and/or Customer Operational Requirement document) and is to a high standard of workmanship.
2	Check that the system complies with current industry standards, i.e. BS EN 50132-7 or BS EN 62676-4, inspectorates’ code of practice. Note: The agreed specification should state the standards to which it is installed.
3	*Check the installed system meets the requirements in the agreed system test plan (where used/agreed with the customer).
4	Check all wiring is correctly terminated and that cables are installed as recommended by the equipment manufacturer(s).
5	Check the supply voltage is correct to all parts of the system. Record the voltage of all Extra Low voltage equipment. i.e. Cameras, PSUs etc.
6	Check the system continues to operate correctly when the mains supply is disconnected (if stand-by power supply is specified / used).
7	Check the correct operation of all monitoring, multiplexing, switching & recording equipment (including time synchronisation) meets the agreed specification, including image quality & image export requirements.
8	Check privacy masking zones are set up as agreed / where appropriate, and in accordance with the agreed specification.
9	Check correct camera & lens combination fitted. Field of view and image quality in accordance with the agreed specification
10	Check correct alarm interface triggering including alignment / range / sensitivity of associated detection devices.
11	Check correct operation of functional cameras (e.g. PTZ, wash/wipe, zoom, focus) for free movement with no obstructions
12	Check correct setting of all pan / tilt / zoom limits
13	Check ancillary equipment such as lighting & movement detectors are functioning correctly (if applicable).
14	Check recording resolution of each camera and mansion
15	Check all interfaces to alarms trigger the correct camera, preset and recording modes as applicable.
16	Check appropriate warning notices have been provided and affixed as necessary.
17	Check Hard disk Capacity and indicate with quantity
18	For remote monitored CCTV systems, check with the Remote centre for image quality, recording, receipt of alarms etc. Note: For detector activated CCTV systems, BS8418 applies.
19	The designated user(s) has received a training and instruction on the correct operation of the system including any adjustable features.
20	For remote monitored CCTV systems, procedures for summoning support and any agreed requirements have been explained to the user.
21	The correct documentation has been provided to enable the system to be operated correctly.
22	A system logbook has been provided and an explanation of how to record / report events given.
23	Contact details for summoning assistance have been provided in the logbook and their use explained to the user.
24	Any security code numbers / password, keys and software license details have been issued and explained to the user.
25	Comments/outstanding work.

* where applicable.

Above report sheet any one can use as “customer CCTV handover & acceptance certificate”.

I confirm that the CCTV system has been installed to my satisfaction, and that the premises have been left in a tidy condition and that I have received:

1. Training & full written instruction in the operation of the system

2. A CCTV system logbook duly explained, completed with contact details for summoning support.

The CCTV section encourages debate on new developments and concerns, such as digital video evidence and facilitating communication protocols between different manufacturers’ products. In doing so it seeks to ensure that all stakeholder interests are represented including: security companies, users, the police, inspectorates and insurers. The section also works with government on these issues. Always try to use NDAA (National Defence Authorization Act 2018 ) approved camera & NVR hardware.

NDAA Section 889 creates a general prohibition on telecommunications or video surveillance equipment or services produced or provided by the following companies (and associated subsidiaries or affiliates):

· Huawei Technologies Company; or

· ZTE Corporation

It also prohibits equipment or services used specifically for national security purposes, such as public safety or security of government facilities, provided by the following companies (and associated subsidiaries or affiliates):

· Hytera Communications Corporation;

· Hangzhou Hikvision Digital Technology Company; or

· Dahua Technology Company