Hello all - I hope everyone is staying safe. I have a question regarding USA cameras. I know Dahua camea's are highly recommended. However, without getting into details (which I cannot), I cannot use nor do I want foreign cameras. If we take pricing out of the equation, are there USA made cameras and NVRs you would recommend? Thanks!
Looking for USA made cameras
- Thread starter Curlyp
- Start date
- Joined
- Nov 25, 2016
- Messages
- 839
- Reaction score
- 2,280
Arecont claims to design and manufacture their cameras in the U.S.A, but I'd still be cautious. "Made in U.S.A." can still mean using components and subsystems imported from China.
Frankly you'd do much better buying Dahua cameras and setting up a VLAN to isolate them from the Internet.
Frankly you'd do much better buying Dahua cameras and setting up a VLAN to isolate them from the Internet.
holiday
Pulling my weight
hmm.. that's no difference from getting xmeyes and isolating them in a VLAN.. although Dahuas are built to a better quality..
maybe try Avigilon (Canada) , Axis Communications (Sweden) , Viviotek , Brickcom ( Both from ROC an Ally of USA) , Panasonic / Samsung (unknown origin) if you are keen.
Thank you both for the information. I will look into these brands. Are the Dahuas still built in China with a USA firmware? Once the USA firmware is installed on them, are there still "call backs" happening? Regardless I would isolate them on a VLAN as you suggested. ]
@holiday The brands you suggested, Avigilon, Axis, Viviotek, and Brickcom are they comparable to the Dahuas? If I have to sarafacice a little bit of quality to make sure the camera is not phoning home, then I am okay with that.
Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,839
- Reaction score
- 6,412
It's not really "USA firmware." It's Dahua's English-language version of its firmware. Yes, there can be and are "call backs" and other vulnerabilities found at times.
Axis and Avigilon make some very nice cameras. No sacrifice in quality (probably better in some cases) but you'll pay a high price for that. Maybe lag a little getting to market as far latest sensors et. al. vs Dahua and Hikvision but generally equivalent,
One thing that you need to watch is that most all have some Chinese-made products in their line so you can't necessarily buy by name alone. They should have a list somewhere of their Federally compliant products.
You can't really trust any of these things no matter where they're made. The operating assumption should be that they're not trusted devices and to isolate them to the extent that you can. If not phoning home specifically, you'll find various exploits that are found for most all over time.
EMPIRETECANDY
IPCT Vendor
Maybe US Army and NASA use US Made Cameras 
Only a joke.
Here has a lot talking about the security for the cam systems.
Only a joke.Here has a lot talking about the security for the cam systems.
Basically any device that you can remotely access these days will "phone home". It is so customers don't have to deal with configuring firewalls, port forwarding and public ip addresses just to communicate with their device.
Whether it's a camera, thermostat, or door lock, they all phone home to let a central server know where they are located, so when you try to remotely access it, you just have to ask the central server where to find it, and it points you in the right direction.
Phoning home isn't inherently evil, but has become to be assumed it is evil. You have to trust the device phoning home isn't sending any sensitive information, and that the connection cannot be compromised. Generally that isn't trusted.
So no matter what device you install with an easy to use remote access platform, it will be phoning home, somewhere, and sending some information to someone. What that all specifically is we generally do not know.
Whether it's a camera, thermostat, or door lock, they all phone home to let a central server know where they are located, so when you try to remotely access it, you just have to ask the central server where to find it, and it points you in the right direction.
Phoning home isn't inherently evil, but has become to be assumed it is evil. You have to trust the device phoning home isn't sending any sensitive information, and that the connection cannot be compromised. Generally that isn't trusted.
So no matter what device you install with an easy to use remote access platform, it will be phoning home, somewhere, and sending some information to someone. What that all specifically is we generally do not know.
- Joined
- Nov 25, 2016
- Messages
- 839
- Reaction score
- 2,280
And this is the crux of the situation. No matter where a product is manufactured, how can you be sure that it isn't using a foreign made component? How can you be certain that one of the engineers who designed it wasn't bribed to put a hook in the firmware for external exploits?
The only security you can truly trust is the security that you design yourself. That's why a VLAN is critical to a secure camera system. It doesn't matter where the camera was designed and manufactured. If you can isolate it from the Internet, then it will never be able to phone home regardless of where it was constructed.
You have to trust something at some point that someone else made. Whose to say whatever you're using to create that vpn can't be compromised?
You just have to decide for yourself who you can trust. If we could only trust and use things we made ourself, we'd all have to be software and hardware engineers. Might as well go live in the bush. And then even if we did design it all, whose to say we did everything perfectly so that it can't be exploited by someone else?
Regardless of camera, isolated VLAN and robust firewall config are your friend
Thanks for the clarification on it being English language vs USA firmware.
Reading through the comments, everyone has some great points. The common them is isolating the cameras and have a robust firewall.
I haven't searched the forums yet, but do you know if there is a Federally compliant list floating around here?
Good point. Heck, even our iPhones are "phoning home". I am just in a sticky spot and need to make sure my cameras are not sending personal information, locations, etc back to certain countries.
Very true. Hell, how do I know the components in my body from multiple surgeries are not foreign! haha. These are all very good points and none of us have the answer. I guess I should look at what the majority of users here are using and what has been tested and vetted and go from there. Following best practices from what you all are doing would help mitigate call backs and sensitive information leaving my network.
Good point. Thank you.
All - would you say the most tested and vetted cameras would be the English version of the Dahua's? I am going to look into Axis and Avigilon as well. @EMPIRETECANDY do you sell Axis and Avigilon cameras?
- Joined
- Nov 25, 2016
- Messages
- 839
- Reaction score
- 2,280
I'm not arguing that point at all. There's no such thing as absolute trust under any circumstances. But if the OP doesn't trust a good VLAN and firewall arrangement to keep his cameras isolated from the web, then buying a camera that says "Made in U.S.A." won't necessarily make him any safer.
Yep, if you want true ability to not phone home or be hacked, make it what CCTV really is or was - zero ability to be seen outside of the building - no VLANs or dual NIC and not a single component of the system is connected to the internet at all.
Short of that closed of a system, one has to take the necessary precautions to minimize the risk. Isolate cameras from the internet via VLANs or dual NIC, strong firewall, no P2P or port-forwarding, etc.
Short of that closed of a system, one has to take the necessary precautions to minimize the risk. Isolate cameras from the internet via VLANs or dual NIC, strong firewall, no P2P or port-forwarding, etc.
SouthernYankee
IPCT Contributor
a VLAN that is implemented in the router or switch depends on the software. Do you really trust that software ? I sure as hell do not !
The best solution is to use a dual NIC. But you are trusting windows 10 to not forward the information. It minimizes your risk but does not eliminate it.
The best solution is to use a dual NIC. But you are trusting windows 10 to not forward the information. It minimizes your risk but does not eliminate it.
Other than maybe some networking techie forum, you will not find another group of more security conscious folks here and if folks here are comfortable with these cameras and configuring them to not phone home, then it is about as close as you can get.
Many here trust the cameras @EMPIRETECANDY sells and even he would tell folks not to use UPnP or P2P or port forwarding...
Many here trust the cameras @EMPIRETECANDY sells and even he would tell folks not to use UPnP or P2P or port forwarding...
Agree with @SouthernYankee nothing beats true HW isolation either via multi homed / dual mic setups or separation through other areas of the infrastructure deployed
sebastiantombs
Known around here
Short of air gap, dual NICs are the best available route, but block everything possible at the router as well.
The OP is asking about cams made in the USA for a specific reason other than assumed security. Obviously it is a contractual issue. The brands that @wtimothyholman @holiday and @Mike A. mentioned are not from China, but the OP specifically stated made in USA. I personally do not know of any.
That being said, I doubt that any cam that is 'Made in the USA' is made totally of parts constructed in the USA. I do not think that there are CMOS and other chip parts that are made in the USA. Yes, TI makes some chips here but are they used in cams?
That being said, I doubt that any cam that is 'Made in the USA' is made totally of parts constructed in the USA. I do not think that there are CMOS and other chip parts that are made in the USA. Yes, TI makes some chips here but are they used in cams?
And therein lies the problem that our government doesn't realize with these mandates LOL - what good is it if the outer shell, bracket, support, etc. is made in the USA but the actual chip parts and inner workings, you know the parts that can actually be coded to phone home, is not made in the USA...