Page 1 of 1

Intruder knocking off the computer ?

Posted: Thu Jun 02, 2005 4:25 pm
by sebbarre
Hello

I've started playing with ZM for two days, and it's great.

Now I'm wondering about something that seem like an obvious problem, yet I could not find anything in the documentation.

Pretty simple: what if an intruder knocks off / destroys the computer running ZM before the event is filtered, preventing it from sending me an email or uploading the event ?

It seems to me that for an event to be generated the ZM state has to switch from 'Idle' to 'Alarm' then back to 'Idle', or something like that ? So during the time the intruder is in the camera field, generating frame for the ongoing event, what happens if the computer is knocked off ? I assume since the event has not "ended", it was not filtered either, so none of the filer that would warn me by email, or upload the proof picture to a server would be triggered. Am I right ?

The behaviour I would probably expect is the following:
1) an alarm is triggered...
2) after a short customizable time, even if the event is not "finished" (and probably given a threshold), I would like to be able to have ZM send a quick email/message to me so that I can quickly look at my camera remotely. This would probably happen only once.
3) even if the event is not done, I would like to be able to have ZM send an email/message and/or upload a copy of the frames, every n-th minutes or seconds, so that even if the computer is destroyed, I have some proof. In the same way, what happens if the guy stays like 30 minutes in the camera field, I probably don't want to wait 30 minutes to be warned.

I mean I guess a quick way to achieve that would be to set a "maximum length of event" parameter, say 15 seconds, so that every 15 seconds, the event is created an filtered, and everything is send to me. Yet that would probably be overkill, but at least I think a continuous upload of the frames would be nice (you probably would need to keep the FTP connection active), and a quick email after 5 seconds or so, that would give me chance to log to the camera, and press whatever button to start recording the whole thing automatically.

Am I missing something ? I just feel like it would just be too easy for an intruder to destroy or steal the computer ZM is running on before I'm being warned and the pics are uploaded. So to me the first minute or so of the event, before he gets a chance to do it, are probably important, so this minute could probably be uploaded right away.

Am I making any sense ?

Thanks

I'm using ZM 1.21 from the LiveCD, a Logitech Quickcam 4000 Pro.

Posted: Sat Jun 04, 2005 8:21 pm
by dreadlocks
thats a physical security issue, this takes being clever
I have my servers locked in a closet, ive lined the inside of the closet with 3/4 inch plywood, re-enforced the door and put only a dead bolt on the front..
Ive got a 1 inch gap at the bottom of the door and a small vent at the celing with an exaust fan in it.. someone is really going to have to do some work to get in there. (plus several other features i wont post on the internet)

your best bet is to hide your ZM machine real well.. take a cardboard box, wire your ZM machine in it and write "Vacation Videos" on the outside of the box and throw it in your attic with a bunch of other boxes on it..

Or, something I thought might work.. Ive seen PC's modded to fit inside an original nintendo, make this your ZM machine and then take a sticker and write BROKEN on it and slap it on the front.. who would bother stealing a NES, let alone a broken one.. for added measure take a broken dreamcast and sit it down next to it and put a sticker on it saying "WORKING"..

if your ZM machine is sitting out in the open and looks like a nice computer its gona be one of the first things a thief is gona run off with.. if you search the internet you can find tons of intresting projects where ppl fit there computer inside lamps, tables, old apple computers and so on.. doing something like this would be your best bet for ensuring your ZM server isint stolen

Posted: Sun Jun 05, 2005 1:07 am
by sebbarre
dreadlocks wrote:thats a physical security issue
Fair enough. But let's consider that point, wouldn't you want to be alerted by ZM as early as possible. Say, your intruder triggers your alarm for 30 minutes, generating one long big event. I would rather be warned, say, after 1 minutes, and do something about it eventually. Now technically, this is probably a weak point since my events are rather fragmented for the moment.
dreadlocks wrote:if your ZM machine is sitting out in the open and looks like a nice computer its gona be one of the first things a thief is gona run off with..
Especially since it's my laptop :) Oops :) Well, this is a temporary situation for the next two weeks, until I move to my new house, at which point I will certainly have a dedicated computer, and generally ssh or VNC to it to control it.
dreadlocks wrote:for added measure take a broken dreamcast and sit it down next to it and put a sticker on it saying "WORKING".
Ouch :) I love my dreamcast ! Does not get as much attention as my XBox, but we had quality time :)

Thanks for the advices

Posted: Tue Jun 07, 2005 10:06 am
by zoneminder
I think this thread raises a valid point, though physical security is always important as well.

I'm looking at adding something that will allow a more rapid reaction and notification of particular events. There are a few problems with this approach in some circumstances. For instance if an event is captured at 10fps it is unlikely that ZM will be able to ftp the frames off site at such a rate, especially if it's doing them one at a time, as it will if it's doing them as they are captured. I think perhaps using a more high water mark approach might work better for this so that only progressively more interesting frames are noted in this way and other ones are not uploaded. So it wouldn't be the same as the normal uploading or notification process but a special 'alert' type function which just gets you enough information to hopefully salvage something if your PC is being ravaged.

I need to have a bit more of a think, I think :lol:

Phil

stupid idea?

Posted: Thu Jun 09, 2005 8:24 pm
by somepdguy
Hi All,


see my other post about zm streaming to a central server.

to get round this problem of someone being able to nick the ZM box I am trying to use the local onsite ZM box as a relay to a main offsite server down an ADSL line. Surely this would solve the problem you are talking about here??? if someone wakled in and nicked the on site box you would see right up to the last moments on the main ZM server - and have the footage to give to the police?

What do you think?

Pete

Posted: Thu Jun 09, 2005 8:48 pm
by jameswilson
hi
right up for my first post. I work for NSI gold security firm and when we install dvr's there not normally on their own, cctv usually protects outside, intruder alarm (police response) inside. now u need physical proyection roo. your dvr should be central to your building ( so ur int alarm is definetly gonna confirm) and physically secured. Once the alarm has axtivated they aint gonna have lng to get what they actually hit you for get your dvr and unbolt ( or otherwise carefully remove as they do) it from the rack cabinet etc. oh and by the way they have been known to cut telephone lines before hitting a building. ( something we still do on high risk site is fit a dummy timelapse vcr fools em if its not an inside job)

Posted: Thu Jun 09, 2005 9:33 pm
by cordel
I like that idea Phil.
PDGuy I'm already doing what you discribe so it can be done in ZM as it is now.
Following the recent threads the problems that come to mind that may be preventing it from working are:
Depending on your settings in ZM even if your are capturing in B/W zm may colorize the picture so the settings for the remote server may need to be set to color.
Also if you have autentication turned on you need to add a user and password to the end of the host path. This path is for the fedora core 3 RPM. (/cgi-bin/zm/zms?mode=jpeg&monitor=2&scale=100&maxfps=1&user=remote&pass=remotepassword)
I create a limited login just for this so that all that user can do is veiw streams in case it's compromized.
Now the axis cameras have the login info as part of the host name because the method of authentication is defferent.

The other thing to pay attention to is if you have a router you need to forward the port to the server so that it can be seen. Always check that you can see the remote server from a browser is a good check to make sure that you have your router/firewall setting correct.
Last thing is the capture size has to match what the remote server is sending.
It may be possible to read the headers to see what size the picture that are served are and have zm detect this but I could be wrong. I've been meaning to study more but work has been keeping me really busy (which means the more video capture devices out there the better).
Just few few things I've noticed people strugling with.
Regards,
Cordel

Well, what are you protecting?

Posted: Sun Jun 19, 2005 2:44 pm
by Baylink
Anyone who's read (or, better, reads regularly) the RISKS Digest, http://www.risks.org, realizes that the issue is one of evaluating the potential risks, and what their costs might be.

To be blunt, if you're just playing around, it doesn't really much matter *what* you do about physical security on the recording computer, the wiring, etc.

If you expect to treat a ZoneMinder installation as a "real" security system, though, then you will choose wired cameras (net or video) over wireless, you'll centralize camera power, running it over the cabling to the secure central location, and you'll provide the appropriate physical security for the recorder box, including enough backup power to keep the box and the cameras running if someone cuts power to the building.

If you're *really* serious about it, you'll probably pick a -48VDC power supply for the PC chassis (you can get those, but you won't pay $40, believe me) and setup your own battery string, with, say, 4 Group 8D deep cycle marine batteries, and an appropriate charger, to run the PC and the cameras.

Why not just use a big UPS? Efficiency. Why go to AC just to go back to DC...

In between these extremes, you pretty much have to decide how much investment in securing the recorder is actually justified. If you have a sufficiently high-bandwidth link, putting the recorder off-site can be a good idea... if the Bad Guys don't cut the wires.

Same problem we had about two years ago...

Posted: Mon Jun 20, 2005 3:09 am
by SifuDean
Hi,

Pete is on the right track with his idea of having a centralised system for storage. We found the same problem almost 2 years ago and it took us almost a year to decide to create a product to solve the problem.

The centralised product has envolved abit since then and we are looking at supporting multiple DVR types as alot of the time it is the average small business or warehouse that is getting knocked off and once they have what they wanted they go for the DVR.

They will either smash the cabinet or what ever to get the DVR or they will destroy it on-site which could include setting a fire.

Here in Melbourne Australia we have had clients that this was the normal break-in process. Even have one that had it's dogs stoned to death which took some time. These guys never got caught and that was because the DVR hadn't been replaced since the last break-in which was around 10 days earlier.

The point is you can build the DVR into a bunker and it won't matter in some cases where it would be preferred to have a way of being notified and a response sent.

I personnally think that Zoneminder can be superior then alot of products on the market today and all it would take is the same care and direction that it has now.

Having the centralised storage is one part. The next is responding to the centralised data and alert.

X10 is ok for a home or SOHO user but getting our hands on C-Bus or I-Bus libraries would open up a larger market.

Regards,

Deano

Posted: Mon Jun 20, 2005 5:26 am
by cordel
Funny you should say, I've been looking into the typical alarm systems in production now and find a majority of them are behind the times. I ordered some processors to build my own that would include the standard of todays dialers, ethernet, programable zones, etc...
The hope is to intigrate this to function with ZM and the ablity to send captured images (say if you have a glass break detector and PIR both triggered and a camera had detected motion in the previous 10 minutes) directly to the monitoring company as well as provide them a feed upon programed zones. This would give them more information to provide the dispatcher and in turn the responding officers. other features like text msg your cell phone, and better interface to the computer, etc.. theres alot that could be done. ZM already has all the abilty to do this with just a little bit of tweaking and not much at that.

Posted: Tue Jun 21, 2005 1:50 am
by SifuDean
Hi,

We are looking at using two items that are IP enabled in a new platform for some special clients that need alot of ports and a cheap price.

The first part is a Internet enabled 4 port capture server that I don't info on other then on my desk. It is approximately the size of a cig packet (maybe a little smaller).

The other part is as you described and here is a link
http://www1.jaycar.com.au/productView.a ... &SUBCATID=

It is a 4 input general purpose card with IP allowing control monitoring applications.

We have several new ideas being worked on and I should post a link for our central monitoring S/W development system some time when it is live and accessable from the internet.

Regards,

Deano