Password Security and Attacks

Most models of IP Network cameras and many associated devices use basic authentication that transmits login information including passwords in plain text over the network and often over the Internet. There are significant risks involved in this type of operation. This article details common types of attacks.

http://www.infoworld.com/print/90521

The IPVideo PSIM Display Console uses a hashing system that is very difficult to crack and never transmits the passwords over the network. Passwords are never stored on client machines and stored in the PSIM router as encrypted hashes.

Transcoding for Security Video

Technology leaps in video security are often fueled by developments adopted from large dollar markets like entertainment. The use of transcoding and format down sampling in the DynaView SOC Video Management System are good examples of this approach.  This article offers a good discussion of the power and value of these techniques.

The Evolution of Transcoding

For live video streams used in security and surveillance applications on demand transcoding and format conversion offer substantial reductions in wide area network utilization while requiring practical levels of server and router power.

Wither Goeth Windows?

As our last post here for 2008, it seems fitting to discuss the fate of Windows and, indeed, the operating system in general. Vista as discussed here in Ode To Windows for example, has been pretty much a flop. I love the phrase incompressible failure in the article.

The decision to avoid Vista in DynaView systems was a good one.  On the other hand, Windows 2008 server (ironically sharing much of Vista’s core but little of its flashy facade) is poised to become the de facto standard server O/S.  Some even advocate its use on workstation desktops.

Another chirping chick is Google’s Chrome browser which intends nothing less than making the Operating System irrelevant. And, even Apple has gained some corporate share.

Whenever you start to think everything is cast in stone and the “big dogs” have a lock on the market, think again!

Interesting times for those involved in mainstream computer technology. Happy new year!

Basics of WLAN Antenna Selection

During the recent engineering and completion of several wireless LAN (WLAN) system, I realized that a common thread existed concerning the selection of antenna types in order to best meet stated design goals.

I have summarized the basics of antenna theory as it applies to this problem in a short illustrated white paper.

Although some familiarity with terms such as dB (decibels) will be helpful, the above paper should provide understanding for anyone with a basic techincal background. Anyone wanting a deeper understanding of decibels and RF power can review this Cisco discussion.

Great System Demonstration

Some testing today has confirmed that it is possible to run a basic version of DynaView direct from an installation on a USB Key. The complete installation is well under 100 Megabytes so just about any key will work. Once this installation is made to the key (or copied to the key from any other running machine’s /nvr folder) it can be used by inserting it into any windows XP or better machine. Then, navigate to vMaster.exe and double click to start. Any module configurations and cameras licensing that were present will be lost but the system will work in 4-camera demo mode.

You will need to “re-configure” including resetting all module IP addresses which takes a minute or so. But, if your source for the install was a running machine on the same network, even the cameras data will be intact and valid except for the machine names and configurations of vCapture and other modules.

It is also possible to set up file-based demo cameras on such a USB key or even run VGen for live images.

Do bear in mind that some of the special facilites like CamPatrol and Scheduler depend on installation of windows services and may not run.

This is by far the quickest and easiest way to do a live demo short of bringing in a working machine.

High Power PoE Test Drive

Today’s lab work included testing the combination of the Microsemi (Power Desine) PD-7001G 30 watt mid-span PoE power injector and the same company’s PD-AS-701/12 30 watt high powered PoE splitter. These devices are well suited for use with cameras like the Axis 215 PTZ which require less than 25 watts but more than the 12 watts available from 802.3af systems.

Our real-world testing included a pair of the above devices plus a Kill-A-Watt AC power meter, a 12 ohm 50 watt load resistor, a DC ammeter and a DC voltmeter. Results as follows

AC Power – 15W @ no load, 30W @ full load
AC Volt-Amps – 27VA @ no load, 48 VA @ full load
DC Voltage 12VDC @ no load, 11.85VDC @ full load
Load Test Current 1.85 amperes
Load Power 21.9 Watts
Overall efficiency 73%
Injector Final Case Temp ~100F
Splitter Final Case Temp ~120F

These devices require free air flow and should not be buried under any type of insulation or barrier. The power available is more than sufficient for the Axis 215. Here is a good table of applicability of high power PoE to various Axis cameras. This table suggests that the 701/24 can provide power for the even larger 232D+ or 233 PTZ cameras. Do bear in mind it will NOT run the heater/blower in an outdoor dome.

RAID 5 May Be Doomed in 2009

A story appearing online is forecasting the doom of RAID 5 in 2009. Apparently with storage capacities of modern SATA hard drives now reaching 2-terabytes in size, the odds of a read error during a RAID 5 disk reconstruction is becoming unavoidable.

RAID1 – What Say You?

IPVideo Corporation has been manufacturing RAID1 storage options for its video management systems for the past year Our customers, particularly those that do not have the resources to effectively monitor total system performance, have found RAID1 to be a reliable and user friendly approach for critical storage.

Some of the reasons IPVideo Corporation recommends RAID1:

All data is mirrored on both hard drives in the array for redundant protection of all recorded video. This is normal data, no striping.

RAID1 provides a simple rebuild process; upon hard drive failure, plug in a new drive and walk away. No user intervention required.

RAID1 allows the user to remove a hard drive at any time without causing any downtime. Users can provide authorities with the actual hard drive the video was recorded on, retaining the chain of evidence. Video can be played back on any PC with USB attached drive carriage.

RAID1 will auto-rebuild. Video will continue to store normally during array rebuild process. No particular vulnerability. RAID5 takes a significant amount of time to rebuild in the event of a failed array. RAID5 is in a degraded state during a rebuild and is vulnerable to data loss in the event of a second drive failure. The data is also vulnerable to loss until all the data that was on the failed drive is rebuilt onto a replacement drive.

RAID1 stores fewer video streams per drive letter, this improves load balancing as compared to other RAID levels that consolidate drives on to one stripe or drive letter since Windows effectively uses the extra throughput of the extra physical spindles.

RAID1 has a lower failure rate. For example, consider a RAID 1 array with two identical models of a disk drive with a 5% probability that the disk would fail within three years. Provided that the failures are statistically independent, then the probability of both drives failing (with no replacements for 3 years) is 0.25%.

RAID5 configurations suffer from poor performance when faced with a workload which includes many writes which are smaller than the capacity of a single stripe.

If you have a comment or some insight into RAID options for security video storage we would appreciate hearing from you.

Wireless – Less is More

The installation and use of commercial quality long range point-to-point wireless network links provides great flexibility in IP camera deployment but is generally associated high cost and somewhat challenging technical problems.

We have recently engineered several wireless IP camera installations using the EnGenius 3220 series of high powered outdoor wireless AP/Client Bridge equipment. While there are many better-known makes, we find the 3320 series offers these advantages:

-Models with 5dBi omni, 9 dBi patch, and 16 dBi patch antennas built-in.
-Low cost, around $150 per unit which is the low end of the general price range.
-Simple installation and set-up, point-to-point or point-to-multipoint.
-True 802.af Power over Ethernet (PoE) operation (many use a non-standard PoE).

The available antenna configurations are very flexible, good mouniting brackets are included, and PoE injectors and power supplies are included, making for easy installation. The built-in antennas eliminate the need for RF cables and potentially leaky connectors.

A lesson we learned the hard way is that when the path is relatively short (100 to 500 feet), the units should NOT be run at full power. The high output of the radios causes overload which actually prevents proper operation.

Trees in the LOS (line of sight) path do reduce range. The units have a web page based signal strength indication which helps with antenna alignment but lack any external readout. The 16 dBi unit has a half-power beamwidth of 30 degrees while the 9 dBi offers 60 degrees.

This equipment is available from specialty reseller DoubleRadius and other more general distributors.

Axis Camera SNMP

SNMP (simple network management protocol) is a commonly used mechanism for monitoring and administration of network connected devices. These are also called SNMP traps. Axis has provided the following comment on the implementation of SNMP in their cameras and servers:

“Currently there are no SNMP traps included in our products; from what I’ve heard. It is planned in firmware 4.49 but is very limited. Just Ip change and link up.”

We will keep an eye out for SNMP implementation in other IP cameras and servers. There are several other ways to manage Axis IP cameras and servers.