Security Cams

Hey everyone,

I'm getting ready to build a home security system and I need a little help.
I'm planning on using 8x Hikvision DS-2CD2042WD-I 4MP IR Bullet Network Cameras
I also got NETGEAR ProSAFE 24-Port Gigabit PoE Smart Managed Switch with 8 PoE+ Ports 192w (GS728TP-100NAS)
For Power over Ethernet

This is my first surveillance build and I am confused about choosing a CPU and Motherboard. I am planning on putting the machine in a 2U rack case with 8 hot-swap drive bays so I need a board with 8x SATA 6 connectors.
Any recommendations would be great.

Thanks

1 Like

You can get a 8 port SAS pcie adapter. And a couple SAS to sata cables if you have sata drives. Most boards with that many ports are going to be nearing the enterprise realm which are mostly SAS anyway.
For considerations on CPU you should reference the NVR software. Keep in mind features like motion detection which will load down the CPU.

1 Like

If your going to have 8 videos streams at once you're going to need a hefty chip

4 cores at least

Also WD purple drives are designed for this

1 Like

On my setup running 16 cameras I'm using a AMD 6300 6 core CPU W/16 gig of Ram, the MB is a older Asus M5A99X Evo 2.0 board it has worked out fine, the only issue you might have is building around a 2U case will have heat and noise issues, I used a 4U rack case that not only gives it lots of room to breath but offer the ability to use off the shelf standard PC fans that move a lot of air quietly.

Don't scrimp on the PSU, remember it's going to run 24-7/365 and a good UPS would be money well spent to protect all of it....

BTW I use the same Net Gear POE switch for some of my cameras it has been a great switch,,,i also use one of the Net Gear M4100 switches (24 POE ports) which is also a very good switch.

What are you going to be using for monitoring software?

since you specified wanting 8 separate drives, im guessing you want to run raid or zfs? and whats the budget for cpu and motherboard? total budget? you may be able to pick up a server off of ebay already assembled minus the drives on the cheap.

IMHO, the first consideration needs to be security. How do you plan to isolate these devices from the hosts on your LAN. Hopefully, you've already sorted that out.

I looked at this page and they only mention powering the units via 12v. or POE. Keep in mind that there are a few different POE standards, so you'll want to ensure that your switch and these cameras are compatible.

For a server motherboard, I tend to use Supermicro products, unless there is a pressing reason to do something else. A storage server as you propose shouldn't be too taxing on the CPU. Instead, I would focus on storage and I/O. I'd be inclined to use FreeBSD/ZFS. ZFS will prefer a little more RAM, so spend your CPU savings here. If you can't find a mobo with all the SATA ports, DO NOT get a RAID card, get a HBA card instead. I'd also be inclined to use Intel NICs, if the mobo isn't already so encumbered with them.

I'm planning on using Blue Iris,.

1 Like

I am guessing at 8 drives. Its more of a space issue than anything else. If i need more then I will have to get a larger rack case. I may be able to get something good, used and cheap off of ebay but that is not the point. I'm a university student working on a degree in Networking and Cybersecurity. This is more of an exercise in physically building and installing a system then anything else. Plus I end up with a sick security system.

1 Like

The switch that I got is a managed switch. So my plan was to set up a VLANs on the switch for the camera network and then use a Router to communicate between VLANs. If you know of a better and more secure way to isolate these devices... Please, I am open to suggestions.

As far as compatibility goes, I do not want to get caught in some kind of project-finance death spiral. So I purchased 1 camera to make sure it works before I purchase the other 7.

Completely separate physical networks are both costly and cumbersome, so the best real world solution would be to quarantine the cameras on their own VLAN, as you propose. Just be careful in crafting your firewall rules in order to ensure that they remain isolated, since cameras seem to be the favorite plaything of the bad guys who build those huge botnet armies.

While there are some actual POE standards, such as 802.3af and 802.3at, the trouble is that there are several manufacturer-specific implementations, as well. Some manufacturers support more than one standard concurrently, with different products and some hardware is compatible with more than one flavor of POE. Therefore, it's essential that you read the fine print, before reaching for your wallet.

While the VLAN setup will work and is in my opinion preferred, the best security is to not allow the VLAN access to the internet in either direction, granted it will limit access to the CCTV feeds to only local net traffic it is by far the safest route, because you and you alone have all of the control.

If you must allow access from a remote via the internet I'd suggest a secure server that requires login credentials to access the feeds, it's not fool proof but will slow down the attacks, facing the feeds to the internet is just crazy but you see a lot of folks doing it...hence the advent of botnet command and control over them.

2 Likes

I agree with you and that is now my new plan. After spending an hour on the phone with Netgear support, I found out that they sent me a defective switch. 8 of the PoE ports are dead. So I am going to send it back and get something a little more basic; I have no need to view the cameras over the internet anyway.

Thanks for all the help everyone. Give me about a week to get a new switch (I will probably go with Cisco) and then I'll be back when I start to put this thing together.

1 Like

Best advice here. Recently there was a backdoor found with Hikvision cameras which allows you to log in to a camera and do all sprts of naughty stuff. Treat a security camera like its an IOT device and never trust it. Use its capabilities away from anything you trust.

1 Like

While your waiting for your switch, lets talk about cameras, you are choosing ...

I have used several of these and while they are OK cameras I'd like to suggest a different camera that I'm sure you will find you like better..

Yes I know these are only 1.3mp, believe me in this type of application being a high mega pixel camera does have a advantage but in reality it's not even close to a necessity, or even in some cases wanted because of the size of the image files that they create when a event is captured.

The reason I recommend the Trendnet cameras is quality, I have a mix of Hikvision and Trendnet cameras and while they look identical and mostly configure exactly the same other than firmware and camera interface differences, there is a difference in quality. The cameras as I said look the same on the exterior and are probably built in the same Chinese factory, but internally they are different, while the Trendnet are basically bullet proof, some of the Hikvision produce artifacts in the feed, it's momentary and doesn't trigger a event but it's obvious that they are not the same level of quality.

Having said that I have two Hikvision cameras that do not have this issue, but I have to of the EXIR cameras that one has the issue the other does not, EXIR is a great thing, the cameras are physically bigger than normal bullet cams but the IR range is greatly extended. I use one EXIR mounted high on the side of a building to illuminate a 40'x150' area and at night it is like daytime viewing that feed, but that camera about every 1-2min will create artifacts in the monitoring feed and like I said it doesn't create a event (motion detect) but is really annoying because it grabs your attention. The odd thing is it will do this for several hours then go maybe 4-6 hrs before doing it again.

Here's what a EXIR looks like..


or

So when considering cameras along with placement to capture the FOV (field of view) that you want, you need to also consider the depth of field, a good example is that I have a camera on a driveway that is about 160' long at the end of that 160' is a camera, the monitored image covers the entire drive very clearly but the motion detect will only trigger if the vehicle or person is around the 60-80' distance from the camera which requires another camera in a closer location to capture all the way out (if you need that coverage). Luckily for me this drive has three other cameras that also cover various aspects of it that trigger all the way out to the sidewalk....lol

Hopefully you find some of this info of use, we can talk cameras and camera placement for days, but a good site plan even if it is in your head is better than just throwing up cameras and finding out later (after wire is run and camera is mounted) that you have blind spots, re-positing cameras is one thing but needing a 2nd camera to cover a given area is sometimes the case, I'd highly recommend temporary camera mounting to get a idea of field of view before doing the finished installation.


Oh one other thing.....DO NOT even consider cheap IP POE cameras from China that you will see on the net for cheap cheap prices, they are junk, I have tried several and if they work at all their lifespan is very short, I have a dome cam in a building that was given to me that configures very easily but freezes, the IR has about a 4' distance, the colors suck and the camera won't refresh 90% of the time after a event is triggered.....just pure junk!

Take a look here to see what I mean...

https://www.aliexpress.com/cheap/cheap-poe-ip-camera.html

Another thing is you will see the term ONVIF, this is a open standard that IP security devices should comply with, it is a good thing if a camera is ONVIF compliant and in the case of some monitoring software is a requirement to even configure the stream, ONVIF is highly touted in the cheap cameras and higher quality cameras don't even mention it except in the features..

https://www.onvif.org/

While I'm writing a wall of text........ nothing wireless either! :grin:

I have a fourth port on my pfSense router, I was thinking of isolating my PoE switch with all of it's IP cameras that way, and using my openVPN server to access my LAN, and firewall rules that WAN does not go to "IP camera OPT1" but when I'm LAN via VPN I can access IP cameras (and the monitoring software) for security. It introduces more steps and delay in regards to access, but would be nice if it prevents any bot net tomfoolery. What do you guys think?

Also thinking of trying my hand for the first time on making a quick android app that simply starts to OpenVPN connection then when connected starts whatever IP camera app I use to help make accessing them from my phone more seemless- heck also put some kind of timeout so if I home screen out of it, I don't stay connected to the VPN for days on end.

That is some good information to think about. The property I will be covering is > 1 acr.
This is what I had in mind....

1 Like

Looks typical, there's really no way to tell until you hang a camera and look at your field of view, not all cameras / lenses are the same so some give you a deep field of view while others are more wide-angle with a shallower field of view, honestly until you hang a camera, play with the motion detect, and see the field of view in the monitoring software you won't know or see any blind spots or how far out a subject can trigger a event.

A lot of bullet cams seem to have a working distance that will trigger a event (motion detect) at about 50-75' from the camera, keep in mind that is horizontal and vertical distance combined, while having a field of view much greater in some cases well over 150' but can't detect motion after that 75' mark.

To me a good placement is above the ground 7-8' and a working distance or area to protect in the 30'-50' range, that will put most cameras in a sweet spot that will almost always capture a event with less false triggers.

There are other considerations like cameras facing dead east or dead west will have times of the day that the sun will render them useless because it will be shining directly into the lens (lens flair), lens shades / hoods do help but you can not stop this from happening and moving the camera angle will help but not on every day out of 365 days.

So a camera mounted higher up with a more extreme angle towards the ground will help lens flair but it shortens the total distance the camera can accurately detect motion (it's further away) so you can see compromises will have to be made on a site by site basis, some of these compromises like my example in the other post of one driveway cam required another camera to get total coverage of the driveway that would detect motion all the way to the street.

http://www.cctvcamerapros.com/CCTV-Camera-Lens-Comparison-s/741.htm

http://www.icode.co.uk/icatcher/help/info/lenses.htm

Which brings up the subject of masks...... most monitoring software has the ability to overlay a mask to isolate areas of the camera view to either reject motion or to only look in that area for motion disregarding the rest of the image. Case in point: I have a camera that looks at the northeast corner of my property, I have a neighbor next door with a flag pole in his front yard that is within the field of view to trigger a event, it took me awhile to figure out that his flag waving was causing false events.....

By using the mask in the motion detect feature of the monitoring software I overlay-ed a mask at the top portion of the image blocking out the sky and his flag....no more false triggers. lol

The great thing about POE is that you run one Cat5 cable and it does it all, that really adds a lot of flexibility to the installation, you can get easily 200-300' from your switch and have a stable image with a good quality camera. Which brings up the topic of equipment placement....lol


Before I forget to tell you, the #1 thing you need......no must do is change the user name and password on every camera you install, remember you are running a network interface outside into the wild, it may be securely mounted, maybe even you make your camera connections inside a building or ran in conduit, keep in mind that Cat5 cable is a direct link or access to your network, hopefully you get my point. :slight_smile: