South Korea’s military has been forced to remove over 1,300 surveillance cameras from its bases after learning that they could be used to transmit signals to China, South Korean news agency Yonhap reported.
The cameras, which were supplied by a South Korean company, “were found to be designed to be able to transmit recorded footage externally by connecting to a specific Chinese server,” the outlet reported an unnamed military official as saying.
Korean intelligence agencies discovered the cameras’ Chinese origins in July during an examination of military equipment, the outlet said.
Reolink, amcrest. Amcrest dont get anything starting with ASH in the model name.
If you want ONVIF, be sure to check the specs, many cheaper models drop support, but not all.
Some YI cameras have easily replaced firmware and can do rtsp too, but you have to do your homework on those models to be sure you’re getting one that can be modded.
You’ll still want to (IMO) toss any of them in a vlan without internet access, and rather than provide that vlan access to an NVR on another vlan, I’d lean toward your NVR having a second connection to that vlan. I’m a huge fan of segmentation though, so YMMV.
I can vouch for reolink, they have fairly straight forward nvr with decent cameras for the money. Been using their poe nvr system for around 5 years now and have never had an issue with it.
Yeah, that was my old setup: dedicated VLAN with the NVR and cameras in it. Had a firewall rule so I could access the NVR from regular LAN but nothing “got out” of the camera VLAN without being requested from the LAN first.
At first I had the NVR in the LAN with FW rules to reach the cameras in their VLAN, but my FW at the time struggled with all the simultaneous streams going through it so I moved the NVR in with the cams.
Maybe I’ll just stick with my current setup of just getting old analog camera housings and sticking Raspberry Pi + camera module inside lol
Dual nic NVR then? You could even just throw a simple switch with no uplink (but preferably managed so you can tag the traffic) and for extra safety just allow only the LAN traffic you want on the NIC/Port connected to your regular LAN from the NVR.
Nothing wrong with a DIY can though! As long as it works of course
“NVR” in my case is just Zoneminder lol. I run it on a dedicated USFF PC and didn’t want to deal with multi-homing it or a USB ethernet adapter. When I upgrade it, yeah, I’ll probably get something with a dual NIC and go that route.
Right now, yeah, it’s all DIY since I scrapped those cameras years ago (neither held up well to UV after 6-7 months outdoors), so I’m less concerned about it with all of them being RPis now. The only thing I lack is PoE since I didn’t want to spring for the HATs.
Yeah all of my servers are on usff PC’s, so I get it.
If you do a hypervisor like proxmox, then throw your NVR in a VM, you can just create a couple of virtual NICs (though you’ll be back at that FW issue I’m sure).
USB NICs are pretty well supported these days though, and cheap to boot. Just need to be certain you’ve got usb3 if you want to make use of that gig though!
I’ve got a few pi-a-likes that I’m doing similar camera fun with, though using some webcams in there and a 3d printed case. At least that way they match my diy temp sensors with esp32s!