New security camera system recommendation

[JustInTime2020]

Hello everyone,
I decide to upgrade my surveillance security after owning a Lorex 1080 p system without issue. I bought another Lorex 4KHDIP168Ni for 1499 that comes with NVR 9163X and eight 9232 cameras about a month ago, still sitting in the box.
I then come across this site, joined and have learned so much the last three days just reading some of the posts here. I realized that there are better options, especially with IVS feature. Unfortunately, Lorex does not offer IVS. I am wondering if you can help and recommend a reliable security system:

1. I am thinking of getting the 16 channels for future expansion. I will need eight cameras for now. I am debating between Blue Iris/OpenVPN/pfSense or NVR connecting to a router for remote view. I mostly check on these camera via my Iphone.
2. It seems Dahua is a very popular choice here. I read somewhere that Dahua/HKVision being banned in the US. I am wondering if this will be an issue for US users.
3. I am looking for a reliable system that is user friendly, reliable, high resolution that can help protect my property and won’t be obsolete in the near future (5-8 years from now).
4. The property that these camera will be installed was built in the 50s; its max height is probably 9 feet max so the outdoor cameras need to be vandal resistant/proof, thinking of dome camera at the moment but I am wondering if there is any other option out there.

Thank you everyone for your feedback and recommendations.

Justin.

 

[Hammerhead786]

Welcome to the forum. Check out the Cliff notes and wikis on this site.

 

[looney2ns]

Welcome, yes study the Cliff Notes and the Wiki.

 

[smoothie]

I highly recommend the BlueIris/OpenVPN/pfSense route. It is more complicated but is in turn so much more versatile and secure that it is totally worth it, at least the OpenVPN/pfSense part as the BlueIris doesn't factor into security. You can use BlueIris or an NVR on either OpenVPN/pfSense or just simple port forwarding/remote viewing. Use of a VPN such as OpenVPN to remotely access your cameras and home network is overwhelmingly recommended and demonstrably better. Think of your firewall (pfSense or ISP router or Linksys etc) as the door to your house. Is that door unlocked so anyone can walk inside (port forwarding) or is it a reinforced steel bank vault that is hardened to attack (OpenVPN/pfSense).

You can use this guide to setup ad/malware/malicious domain and IP range blocking on pfSense, if you use this in conjunction with PiHole (DNS server the blocks unwanted stuff) and uBlock Origin (browser plugin that blocks unwanted stuff) your network will be VERY well protected.

Block Ads & Malvertising on pfSense Using pfBlockerNG (DNSBL)

This walkthrough uses the DNSBL portion of pfBlockerNG to remove ads/advertising and more importantly, malvertising. It essentially creates a functionality similar to the pi-Hole project except it doesn’t require a separate piece of hardware. Instead,

www.linuxincluded.com

If you are going to build your own pfSense machine I highly recommend buying Intel brand network cards, 2 of them so one can be LAN and one can be WAN.

I suggest setting the pfSense as the DHCP server which assigns the PiHole as the DNS server to clients. The PiHole has the pfSense as the upstream DNS server so DNS requests must pass the filtering of the PiHole then the pfSense to be successful. You can also add "Snort" to the pfSense for Intrusion Prevention System which can be tuned to your liking from forgiving to tyrannical with regards to when it blocks an address and for how long.

Also welcome fellow So Cal member

 

[mat200]

Hello everyone,
I decide to upgrade my surveillance security after owning a Lorex 1080 p system without issue. I bought another Lorex 4KHDIP168Ni for 1499 that comes with NVR 9163X and eight 9232 cameras about a month ago, still sitting in the box.
I then come across this site, joined and have learned so much the last three days just reading some of the posts here. I realized that there are better options, especially with IVS feature. Unfortunately, Lorex does not offer IVS. I am wondering if you can help and recommend a reliable security system:

1. I am thinking of getting the 16 channels for future expansion. I will need eight cameras for now. I am debating between Blue Iris/OpenVPN/pfSense or NVR connecting to a router for remote view. I mostly check on these camera via my Iphone.
2. It seems Dahua is a very popular choice here. I read somewhere that Dahua/HKVision being banned in the US. I am wondering if this will be an issue for US users.
3. I am looking for a reliable system that is user friendly, reliable, high resolution that can help protect my property and won’t be obsolete in the near future (5-8 years from now).
4. The property that these camera will be installed was built in the 50s; its max height is probably 9 feet max so the outdoor cameras need to be vandal resistant/proof, thinking of dome camera at the moment but I am wondering if there is any other option out there.

Thank you everyone for your feedback and recommendations.

Justin.

Welcome Justin,

Sometimes you can find some nice deals on Lorex kits - and many of the Lorex products are Dahua OEM and can be used with Blue Iris.

One frustrating thing I have noticed about Lorex is that they may change the NVRs and / or camera models included in various kit numbers.

Currently at lorex's website the kit "4KHDIP168Ni" includes 2 different cameras than what you got ( 8MP bullets: 4x LNB8973BW and 4x LNB8921BW )

The camera included in your kit: LNB9232 iirc have the larger 8MP sensor 1/1.8" which many of us prefer over the older 8MP 1/2.5"

 

[K175un3]

Hello JustInTime2020, the Dahua Eyball style cameras aren't too shabby.

As the dome style with the bubble have more issues with water ingress, condensation, Infrared and reflections.

 

[JustInTime2020]

Thank you everyone for responding. Several questions:
1. Do you think I should return the Lorex system and use the funding to invest into IVS capable camera system ? It seems the LNB 9232 camera is a new camera and a favorable choice with larger sensor
2. I have been reading on Wiki regarding Blue Iris/pFSense / OpenVPN. My understand is I need a
capable computer with i7/quad core with 8 Mb memory with Blue Iris/pFSense software install. This will then connect to a router with OpenVPN enable, which then connect to the LAN. I also read that I can use external hardware such as a
built Netware box to further enhanced the security? I appreciate your help. I want to learn and get it done right
Thank you again

Justin

 

[looney2ns]

Thank you everyone for responding. Several questions:
1. Do you think I should return the Lorex system and use the funding to invest into IVS capable camera system ? It seems the LNB 9232 camera is a new camera and a favorable choice with larger sensor
2. I have been reading on Wiki regarding Blue Iris/pFSense / OpenVPN. My understand is I need a
capable computer with i7/quad core with 8 Mb memory with Blue Iris/pFSense software install. This will then connect to a router with OpenVPN enable, which then connect to the LAN. I also read that I can use external hardware such as a
built Netware box to further enhanced the security? I appreciate your help. I want to learn and get it done right
Thank you again

Justin

1-Yes
2-Read this

 

[smoothie]

1 - Yeah I would probably say return the Lorex. It is a fine basic system but I think once you start hanging out on this site and seeing what quality camera systems are capable of you will end up wanting those feature which the Lorex cannot provide. So you will ultimately replace all the Lorex hardware in the long run, so I vote return the Lorex and build your custom system from the start.

2 - Blue Iris, pfSense and OpenVPN do require certain hardware to function. You can go about this a number of different ways. pfSense and OpenVPN are generally linked as OpenVPN is a "package" you can add to your pfSense config, so think of this entity/device/computer etc as the pfSense to which you add OpenVPN functionality. You can have a pfSense without OpenVPN, but you cannot have an OpenVPN without a pfSense or other high level device to run the OpenVPN software.

There are several ways you can implement the Blue Iris and pfSense systems. I have Blue Iris running on an old Dell PowerEdge server while my pfSense runs on a dedicated Dell workstation with two aftermarket Intel network cards. You can also run both Blue Iris and pfSense as virtual machines within a host. You wrote that "...such as a built Netware box for..." which I am assuming was a typo or autocorrect for Netgate (the makers of pfSense". Given that Netware is an old operating system for file servers I didn't think you were referencing it. The benefit of having everything on one machine is cost and space savings but depending on how many cameras and at what resolutions plus the speed of your internet with the number clients locally and VPN connections remotely you can very quickly overload single platform hardware. You can pickup old servers pretty cheaply and they can make excellent single platform workhorses that can carry a tremendous load.

The key with pfSense, or indeed any firewall, is to keep the outside world out. This is best accomplished with multiple network cards, Intel being the best, with 1 network card dedicated to external or WAN (Wide Area Network) connectivity. My home network is fairly complicated but I still only have 2 NICs (Network Interface Cards) in my pfSense box. 1 is the WAN and 1 is the LAN (Local Area Network). I then have my internal LAN divided up into multple vLANs (Virtual Local Area Networks). My pfSense machine is an Intel i5-4440 CPU @ 3.1GHz quad core with 8GB ram and a 128GB samsung SSD hard drive. It is on this hardware for two reasons, first I wanted to hardware that has the AES-NI CPU Crypto functionality and second I had this machine lying around doing nothing. I have my ISP router/modem set to "Bridge" or "Pass thru" mode which means that device it not provides any filtering or translations or really anything other than acting as the interface between the Ethernet cable from my pfSense to the WAN data network of my ISP. The pfSense does everything the ISP modem can do and so much more other than the interface of their WAN technology to Ethernet. The public IP addresses assigned to me, both v4 and v6, are assigned to my pfSense.

The pfSense, or any firewall, is the door to the outside world. That door can be a flimsy screen door or a hardened reinforced bank vault. The pfSense is much closer to bank vault and with some extra effort can be extremely secure. Buying Netgate hardware versus using your own does not affect the security of the product provided you build it properly with the correct hardware. OpenVPN is "bouncer or doorman" for your door, properly setup and configured it allows the right people in the front door nearly effortlessly and turns away everyone else and fooling it into allowing you in when you don't belong is all but impossible.

One of the strengths of pfSense are the "packages" you can add to it. My pfSense runs:
apcupsd - agent for monitoring an APC brand UPS, performs graceful shutdown of my pfSense when power is lost. APC = America Power Conversion and UPS = Uninterruptible Power Supply
bandwidthd - monitors bandwidth usage and displays the info in various reports
darkstat - network statistic gatherer
ntopng - network probe
openvpn-client-export - creates downloadable packages containing all the required files to connect to my OpenVPN from the outside
pfBlockerNG-devel - pfBlockerNG is a block list that allows me to filter out traffic from known malicious or advertising domains and ip ranges, the devel version has more features with earlier access but is more complicated
Service_Watchdog - service that watches for other specified services, if they stop or crash it will restart them
snort - IDS/IPS or Intrusion Detection System / Intrusion Prevention System. This allows me to black list ip addresses that violate various threat vectors and ban communications with them for up to 28 days
squid - lightweight http proxy
squidGuard - sub-addon to squid granting in stream antivirus and other protections.

Additionally I use the pfSense native abilities of DHCP server, DHCPv6 server, NTP and DNS resolver. And obviously the pfSense firewall capabilities.

Here is an example of my pfSense dashboard: