Security Cameras on boat

[Bigplumbs]

But is the video being stored to your mobile or are you just streaming it off the camera SD each time. What happens on the app on your phone if the camera is off line ie no net access or camera stolen

Well that is interesting. In the App it has the option to download the 10 second footage to your phone. But there is also an icon saying increase the length of alert video by buying cloud storage which I have not done.

So I have not downloaded the 10 sec footage and I just disconnected the power to the Camera and Yes I can still view the 10 second video. I think they are actually putting this 10 second video in the cloud but you cant have any more time per video than 10 sec. Pretty good to be honest as 10 sec after the motion alert would catch quite a lot

 

[Bigplumbs]

If anyone is Interested the camera I have been messing with on the Alert is the Wansview outdoor PT Cmera which you can move around in the app very good and waterproof

https://www.amazon.co.uk/Security-W...9Y2xpY2tSZWRpcmVjdCZkb05vdExvZ0NsaWNrPXRydWU=

 

[Bigplumbs]

This thread is not good for me as I already have over 20 cameras set up and have just bought 2 more. The Battery one with solar panel is the one that I am most interested in. Comming via Mr Bezos tomorrow

 

[Croftie]

Well that is interesting. In the App it has the option to download the 10 second footage to your phone. But there is also an icon saying increase the length of alert video by buying cloud storage which I have not done.

So I have not downloaded the 10 sec footage and I just disconnected the power to the Camera and Yes I can still view the 10 second video. I think they are actually putting this 10 second video in the cloud but you cant have any more time per video than 10 sec. Pretty good to be honest as 10 sec after the motion alert would catch quite a lot

Sounds good, mine sends a text alert to my phone which I can view but I think if the camera subsequently went off line (stolen, thrown in the water, no wifi on board) I cannot connect and see. Time for testing at the w/e

 

[Croftie]

This thread is not good for me as I already have over 20 cameras set up and have just bought 2 more. The Battery one with solar panel is the one that I am most interested in. Comming via Mr Bezos tomorrow

What one for each of your boats?

 

[Bigplumbs]

What one for each of your boats?

Well no. I just set them up all over my Property. Just a bit of Fun really.

I literally just set up this one to watch over the Jetski, Fletcher and Rib. Took about 10 mins including screw fixing it and that included dropping the micro SD card inside the camera

 

[Scubadoo]

I thought I would give this a go but I always disconnect all boat power when I leave my boat so I have bought a battery camera that seems to get good reviews with a solar panel I will try the marina WiFi at first to see if that works

here is the link to the one I have bought

https://www.amazon.co.uk/dp/B08DHXM...jbGlja1JlZGlyZWN0JmRvTm90TG9nQ2xpY2s9dHJ1ZQ==

The Which magazine reported iegeek camera was one of the many cameras they listed with security flaws and they also gave the wansview a don't buy rating (not due to security but software issues). It also reported to be wary of any cameras that use Camhi app. Essentially you have to understand the security issues raised by Which to assess if this is a security issue you should be concerned about.

Just found the original article, maybe useful guide on cameras to avoid:
The cheap security cameras inviting hackers into your home – Which? News

 

[Bigplumbs]

The Which magazine reported iegeek camera was one of the many cameras they listed with security flaws and they also gave the wansview a don't buy rating (not due to security but software issues). It also reported to be wary of any cameras that use Camhi app. Essentially you have to understand the security issues raised by Which to assess if this is a security issue you should be concerned about.

Just found the original article, may be useful guide on cameras to avoid maybe:
The cheap security cameras inviting hackers into your home – Which? News

The main issue is that most if not all have Security Issues and I am not sure if one is better than the other. As far as other cameras and apps are concerned I have tried a few and have found Wansview to be very stable and indeed their Tech backup is very good indeed. I have so many of them I wont be changing them anytime soon. I also have TP Link Tapo Cameras and Smart Plugs and they are also very good with a good App.

Regarding the Security Issues I Know they exist and as one other poster said I think life is too short to worry too much about them.

Or you could be like an elderly friend of mine who wont do hardly anything on line cos they are out to get you you know. Mind you he also wont eat a curry or chinese because it contains cat or rat meet of course.

 

[TwoHooter]

Hurricane - any chance of a very simple schematic of your two routers + VPN? I'm not clear whether at each end both routers connect to the WAN separately, or whether one router at each end connects to the WAN and the second router hangs off it. I know you've written about this before but a refresher would be good.

 

[Hurricane]

Hurricane - any chance of a very simple schematic of your two routers + VPN? I'm not clear whether at each end both routers connect to the WAN separately, or whether one router at each end connects to the WAN and the second router hangs off it. I know you've written about this before but a refresher would be good.

Ok
I'm on the boat at the moment but I will try and do something this evening.
But, essentially the two DDWRT tunnelling routers are on the LAN side of the main routers.

 

[Hurricane]

Hurricane - any chance of a very simple schematic of your two routers + VPN? I'm not clear whether at each end both routers connect to the WAN separately, or whether one router at each end connects to the WAN and the second router hangs off it. I know you've written about this before but a refresher would be good.

OK - Here it is
Very much simplified.


The actual setup is quite complex.
It has taken several few years to perfect but is now very reliable.
In the early days, the OpenVPN tunnels required careful booting and bespoke startup scripts but since those early days, the firmware has been continually upgraded and it is a very stable solution.
The DDWRT routers can be powered off/on and will reconnect whenever they can.
When crossing to Mallorca from mainland Spain for example the tunnels will reconnect as soon as the 3G/4G is available,

Essentially, in the above diagram, everything to the left of the red line is physically located at my home (the OpenVPN server).
Everything to the right of the red line is on the boat (OpenVPN Client).
Everything below the blue line is, effectively, on the same network.
For example the PC on the boat can connect to the Server at home.
This design can be extended with multiple clients (like the boat side of the red line).
For example my Android phone can connect into the system as a client and have full access to the secure network and an internet server etc.
I've also left off the IP assignments so if anyone would like to know more, just let me know.

I have deliberately not included in the diagram, lots of other devices that I have connected - i.e. a VoIP telephone system connecting the house with the boat.

DDWRT - explanation.
The open source DDWRT project has been around for a long time.
Essentially, DDWRT is firmware that can replace the firmware in most routers.
It has been "branched" several times and there are other similar solutions out there.
Originally, it was written for the Linksys WRT54G router (hence the name).
OpenVPN was added about 12 years ago but now seems to be in the standard builds.
I am currently using a Linksys WRT1200AC router as my home DDWRT - set up as an OpenVPN server.
The boat DDWRT is a Buffalo WZR-1750DHP - set up as an OpenVPN client.

This is just a very simple explanation of a very complex system to install.
The tunnels use SSL (https://) so when setting it up, I created certificates that can only be used by my OpenVPN clients.
I also created my own Certificate Authority so there is no interaction with other SSL certificates.
All this stuff is available at no cost - just remember that "Google is your Best Friend"

 

[Bigplumbs]

That is very interesting and at the same time very scary. If something goes down I think there must be a lot of head scratching

 

[Hurricane]

That is very interesting and at the same time very scary. If something goes down I think there must be a lot of head scratching

Not as scary as someone hacking into your PC because you have compromised the security of your LAN by installing cameras connected to Chinese servers.
Actually, debugging it after the initial installation should be fairly straight forward.
And, as I said above it is now very robust.

 

[TwoHooter]

Thanks Hurricane. Nothing beats a schematic to complement written descriptions.

My friends the Hamiltons used DD-WRT extensively on Dirona so I have read about it on their blog. I understand it's being used increasingly in the commercial world.

I am pleased to see that my understanding was right - at each end you have two routers in series. The first one connects to the cloud and anything which is inherently insecure (like pretty much every consumer level camera in the world) connects through that. The assumption must always be that anything connected to that router might be compromised. One has to accept that a successful hack would expose the views from cameras to the hacker but for most of us there's nothing visible to our cameras which would be of interest to anyone. I did wonder whether there's a risk when I am passing warships in Plymouth and Pompey but adversaries presumably know most of what they want to know about our warships from other sources. The other hacking risk is that someone hacks one of the devices in the insecure LAN and makes it a bot. This can cause data consumption problems or blocking of an IP address but most of us can live with that risk. The second router protects everything that really does matter, and protects against the real risks which IMHO are theft of money and ID, or ransomware.

Now it's my turn to proffer a schematic. Images first, then description. Starting with our existing system.

(1) Our existing system. The reason we have a router in the engine room is because WiFi signals can't escape the soundproofing material. We used to have a sixth (WiFi) camera on the flybridge brow looking forward and it was great, but it wasn't as waterproof as it was supposed to be and it failed - it's gone now, and the plan is to have 4 cameras giving an almost 360 degree view from the top of our mast, one of which will of course look forwards. These are very important to us, we have been hit by yachts 3 times while moored and so far we have always been on board but one of these days I'm going to need evidence to pursue a claim.

(2) the first phase of my proposed improvements - I intend to introduce a separate router for the cameras and give the NVR (network video recorder) its own dedicated monitor. This is an essential first step towards keeping the cameras away from the ship's computer which I do want to protect as much as possible. It not only runs the nav system but because I work from the boat it carries a few other bits and pieces.

(3) the second phase is to add the extra cameras and upgrade the NVR from 8 channels to 16. Some confusion crept in when the NVR was bought because I always intended to have more than 8 cameras, but it's not a problem because the new NVR can be hidden away just as easily as the existing one. I'm not saying an intruder couldn't find it and toss it overboard but my best guess is it would take them some time to achieve that, and they will have set off the alarms long before they get to the NVR.

(4) the final phase makes my proposed system look a bit like Hurricane's (not a lot, just a bit!). I want to introduce yet another router so that the cameras are effectively on a separate LAN to everything else, and at the same time to put the ship's router at the masthead to improve reception when in tidal harbours where the boat can end up quite low down and obscured by walls and buildings. There's been a separate thread about this on the Practical Boat Owner forum: Wifi on board

Any comments anyone? Will this work? Is it sensible? Any better way of doing this?

 

[Bigplumbs]

Not as scary as someone hacking into your PC because you have compromised the security of your LAN by installing cameras connected to Chinese servers.
Actually, debugging it after the initial installation should be fairly straight forward.
And, as I said above it is now very robust.

Possibly

But you are aware that most mortals would have no hope of doing what you have done

 

[TwoHooter]

Possibly
But you are aware that most mortals would have no hope of doing what you have done

Agreed, but to be fair Hurricane only explained his network because I asked him to. And if anyone wanted to replicate his network and was prepared to spend enough time learning how to do it, they would eventually succeed.

 

[Hurricane]

There are lines to draw with these technologies.
How many of you use Teamviewer?
Teamviewer "tunnels" through a NAT firewall in the same way as the cheap Chinese cameras.
But I would like to think that Teamviewer is a more respected company that can be "trusted" more than most.
The same could be said about Alexa/Amazon - BTW I wonder how many people know just how BIG Amazon is in this field.
They aren't just a shopping retailer - they operate one of the biggest data systems in the world so they would have a lot to loose if Alexa fell into the same category as these Chinese camera servers.

For those that don't know, Teamviewer allows you to remotely control your desktop computer whilst you are away from your PC (even outside your LAN)
I gave up using Teamviewer about 2 years ago - mainly because they had me tagged as a commercial user (and I am not) but I couldn't convince them otherwise.
OK - so I walked - and found better alternatives.
For a few years now, I've been using a product called NoMachine.
It only works within the LAN but it does manage all my computers from my main desktop PC.
For example, I run a standard desktop operating system set up as a server.
In the Linux world, there are special builds specifically for servers but in a home environment, I find that it is easier to have a complete desktop environment complete with its desktop GUI and use that as a server.
In fact that computer is a "headless" (no monitor, keyboard or mouse) Linux desktop PC.
That machine runs 24/7 and shares its drives, resources and devices but I manage it by connecting to its desktop using No Machine.
Once NoMachine is running and connected, you would never know that you are connected to a remote computer.
So, all my computers run NoMachine and I can connect to them wherever I am - including on the boat (via the OpenVPN/DDWRT tunnels)

As I say, setting up NoMachine requires all the computers to be on the same LAN so you can't use NoMachine to access your home computers from outside your LAN.
That is where Teamviewer used to come in.
But I've found a really easy alternative to Teamviewer.
It is called DWSERVICE
See here
DWService - remote access, remote administration, remote support
DWSERVICE can be installed on any computer (virtually ANY operating system) - even a Raspberry Pi - or Windoze (if you MUST)
Once set up, you set up an account purely for you.
From that point on, you simply load a browser on ANY computer in ANY part of the world and browse to DWService - remote access, remote administration, remote support
Then, using that browser, you can connect to any of your computers that are switched on and have been added to your DWSERVICE account.
DWSERVICE tunnels through your NAT firewall routers.
DWSERVICE allows you to run a desktop (screen) connection to your remote computer as well as a file browser thus allowing you to upload and download files to/from your remote computer.
Fabulous bit of software and free to use.
BTW - virtually all my software is FOSS (Free and Open Source Software) and costs me nothing to install and run.

But as I said when I started this post - there are lines to draw.
Like Teamviewer, DWSERVICE opens up the secure part of your LAN to potential abuse.
Think about it - if YOU can get through to your remote computer, so can someone else.
IMHO, everything is about risk and some of the features that these great systems offer are worth considering.

Just some thoughts which I think are relevant to this thread.
For example, I have been setting up my latest Reolink Cameras on the boat by actually using my desktop computer at home.
I have been running NoMachine to remotely access my home computer where the Reolink PC software is installed.
So, when I get home, it is all set up - just how I left it on the boat.

 

[Bigplumbs]

Agreed, but to be fair Hurricane only explained his network because I asked him to. And if anyone wanted to replicate his network and was prepared to spend enough time learning how to do it, they would eventually succeed.

yes I know you asked and Hurricane gave excellent answers I was not in any way being critical. Amongst my friends I am thought of as some sort of IT wiz and have helped many of them in the past. The point is I am not such a wiz maybe 20 % up the scale if there is a scale.The vast majority of people are way way below Hurricane and have to sit there effectively vanurable to these attacks that ‘could’ Happen. It is worth remembering that many people still can’t attach or embed a pic or video on here. ?

 

[Bigplumbs]

I set up the battery Powered Igeek camera yesterday Alexa (who is a stunner by the way) delivered it personally.

first impressions are it is very good and has little rubber feet so I can move it around as I wish it also shows WiFi signal power at the particular location. just testing it at home first but so far very impressed

in about 20 hours the battery has dropped from 100 to 95 % which is quite good I have not yet connected the solar panel but I think it would top up the battery well. I will test that today if the sun comes out. Image quality is very very good

 

[Hurricane]

yes I know you asked and Hurricane gave excellent answers I was not in any way being critical. Amongst my friends I am thought of as some sort of IT wiz and have helped many of them in the past. The point is I am not such a wiz maybe 20 % up the scale if there is a scale.The vast majority of people are way way below Hurricane and have to sit there effectively vanurable to these attacks that ‘could’ Happen. It is worth remembering that many people still can’t attach or embed a pic or video on here. ?

Just a comment.
I am no expert.
I've been doing IT and working with microprocessors since they first hit the scene in the early 80s.
I have no formal training or education in IT but I don't give up when something doesn't work - I just keep going until it works.
Everything I do has been learned from Google.
Anyone can do this.