So, i need to use a switch layer 3 (in additional to the router-modem, in order to connect my nvr/xvr/cameras to a different vlan?The "ban" means nothing unless you are purchasing and installing in a government facility...
And the ban doesn't address the real issue and that is the issue of allowing IoTs like cameras touch the internet.
It is common knowledge that EVERY camera manufacturer firmware has been hacked, including high-end Axis.
Even NDAA compliant Verkada was hacked and 150,000 cameras in private companies, along with prisons and public school systems were part of it, which would be government funded..
150,000 security cameras hacked, exposing Tesla, prisons, hospitals
Hackers gained access through a 'Super Admin' account, allowing them to peer into the cameraswww.business-standard.com
It is why we recommend DO NOT LET YOUR CAMERAS OR NVR TOUCH THE INTERNET. You isolate them via VLAN or dual NIC. Do not set the system up with P2P or UPnP or scan some QR code.
I repeat, do not let your cameras touch the internet and you are fine.
In reality, since police departments have partnered with Ring to gain access to Ring video that is cloud based under the name of public safety, there is probably a much more risk of the enemy gaining access to stuff than thru the Dahua and Hikvision products that can be isolated from the internet....
Or any manufacturer that has cloud based services that require that internet connection or their device doesn't work.
IPC-T5442T-ZE IPC-T5442TM-AS IPC-T5842T-ZE SMD 3.0 Smart IR Latest New Firmware From EmpireTech
- Thread starter EMPIRETECANDY
- Start date
looney2ns
IPCT Contributor
That is certainly one way, but many users here will put a second NIC in their BI machine and hang all of their cameras off that NIC. When set up correctly, that will also isolate your cameras from the rest of the network and doesn't require a managed switch.
Personally I use a managed switch (it doesn't have to be layer 3). You can pick up used enterprise quality 24-48 port POE managed switches off EBay for about the same or even less money than buying a new consumer grade switch (speaking in general terms here - I'm sure someone can find a cheap new switch
). I run that along with a pfSense firewall (again these systems can many times be set up for less money than many consumer grade routers).Well, i only need 3 ip ports (i believe this is not going to change).That is certainly one way, but many users here will put a second NIC in their BI machine and hang all of their cameras off that NIC. When set up correctly, that will also isolate your cameras from the rest of the network and doesn't require a managed switch.
Personally I use a managed switch (it doesn't have to be layer 3). You can pick up used enterprise quality 24-48 port POE managed switches off EBay for about the same or even less money than buying a new consumer grade switch (speaking in general terms here - I'm sure someone can find a cheap new switch
I have no other devices in this network (apart from my xvr and two ip cams).
Do i still need a vlan setup?
If so, any suggestions of a cheap poe which can suit my needs (i guess one with 4 ports is enough)? - i mean any brands which are consider to be of good quality and reliability.
By the way what is BI refer to? (I believe you are not refer to business intelligence)
No, ofcourse it will be connected to the internet.
I need to be able to control the xvr-recorder remotely.
I believe that my setup should have a router which gets an input (downlink) from the ISP. The router will be connected to the poe switch as well as my ip cameras and xvr - is it correct?
Another thing - I wonder if vlan is required even there is no other devices in the network (besides the cctv devices)? - *required to strengthen the security.
So nothing else is connected to this router - not a computer, phone, tablet, etc?
But even if not, you run the risk of vulnerabilities and backdoors to the XVR and then using your internet for DDoS bot attacks and you should secure your network as mentioned in post #658
These types of devices are always finding vulnerabilities.
www.dahuasecurity.com
But even if not, you run the risk of vulnerabilities and backdoors to the XVR and then using your internet for DDoS bot attacks and you should secure your network as mentioned in post #658
These types of devices are always finding vulnerabilities.
Trust Center - Dahua UK&Ireland
Dahua fully recognizes the importance of cybersecurity. Here you can find the latest cybersecurity notices/announcements, how to report a vulnerability, and recommended prevention methods
Yes, no other devices are connected (and it is probably not going to change).So nothing else is connected to this router - not a computer, phone, tablet, etc?
But even if not, you run the risk of vulnerabilities and backdoors to the XVR and then using your internet for DDoS bot attacks and you should secure your network as mentioned in post #658
These types of devices are always finding vulnerabilities.
Trust Center - Dahua UK&Ireland
Dahua fully recognizes the importance of cybersecurity. Here you can find the latest cybersecurity notices/announcements, how to report a vulnerability, and recommended prevention methods
I have a firewall rule that drops all egress traffic from my cameras to the internet. Probably could/should do more, but at least the cameras can't communicate out.
Where is this firewall located in the recorder itself or in the router?
What about the recorder itself?
So, you don't use a vpn?
I don't use an NVR. This firewall is part of my Ubiquiti Unifi network. I do not use VPN. I don't have any need to connect to my cameras from outside my LAN.
Just received two IPC-T5442T-ZE from Andy.
Should I update the firmware? If yes, where cam I find Andy's latest version
Should I update the firmware? If yes, where cam I find Andy's latest version
IPC-T5442T-ZE IPC-T5442TM-AS IPC-T5842T-ZE SMD 3.0 Smart IR Latest New Firmware From EmpireTech
Hey guys The Smart IR firmware with SMD 3.0 V2.8 2022 Aug Version has been released. The update is mainly for Smart IR, New Security Baseline function, highly recommend to update, esp the 4K models. This firmware is working great with the help of @Wildcat_1 , has big improvement on the 4K...
cybernetics1d
Getting the hang of it
My 5442-ZE is still on 2021 original firmware when I bought it last year. I think it has Smart IR in this version. It works fine for me. I’d check yours to see if it has it before upgrade. Unless you’re see many false positives with this 2021 firmware version, I’d advise to stick with it until you’re having an issue with it.
I have numerous IPC-T5442T-ZE cameras, all running the firmware 2022-02-18. I believe the primary benefit of that version was some security improvements, which shouldn't matter so much if your cameras are locked down within your own network, but I upgraded one camera and found a small benefit in the low-light clarity with manual settings so I updated all of mine. Otherwise I do agree with the standard advice of leaving things alone unless you need or at least expect something. Given that you just received the cameras, and ideally don't even have them mounted yet, it's as good a time for you to update the firmware as you'll ever have. After mounting your cameras, you'll want to be more cautious.
mephisto_uk
Getting the hang of it
Was the first post updated with the latest version available? It has the file "EmpireTech IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.840.15OG00D.0.R.220818.bin" which may be an older one already by now?
Just checking as for some reason I can't get ONVIF to send alerts to BI at the moment, I'm just wondering if it could be a firmware bug.
Just checking as for some reason I can't get ONVIF to send alerts to BI at the moment, I'm just wondering if it could be a firmware bug.
slidermike
Getting the hang of it
The file looks to be the older Aug '22 in the first post.
I'm coming from firmware 2020-12-03 and this new firmware 2022-08-18 spams the log with NTP Set Time entries whereas the old one didn't. Is there any way to disable the logging of NTP updates?