Subscriber Discussion

Security Camera With A Direct Fiber Optic Connection?

RL
Ronen Luzon
Aug 25, 2016

Hi,

i have a demand from a customer for a camera that has a fibre optic connection instead of the traditional ethernet connection.

does any one knows a vendor that has such cameras?

Thanks,

Ronen

 

Avatar
John Scanlan
Aug 25, 2016
IPVM • IPVMU Certified

Have you considered using media converters?

(1)
RL
Ronen Luzon
Aug 26, 2016

i cant use a media converter for a security reason, the customer does not want to have an ethernet connection on the cameras installed out side of his perimeter.

a direct fiber connection is needed.

UM
Undisclosed Manufacturer #1
Aug 25, 2016

Here are two Hanwha models that have fiber connections.

SBP-300HF - For SNP-6320H/5430H - Replacement cap for PTZ cameras to add fiber.

http://security.hanwhatechwin.com/product/product_view.asp?pagesize=8&sort=&dscYN=N&cid=191&clvl=1&page=1&idx=7320

SBP-301HF For SNP-6321H/5321H - Replacement cap for PTZ cameras to add fiber.

http://security.hanwhatechwin.com/product/product_view.asp?pagesize=8&sort=&dscYN=N&cid=191&clvl=1&page=1&idx=7321

Aluminum

LC SFP port type

• 1000/100Mbps Ethernet speed

(Default speed : 1000Mbps)

IEEE 802.3u, IEEE 802.3z support

Audio input/output, 3.5mm type

24V AC, IP66, IK10, -50°C to +55°C

SNB-6004F - 2 Megapixel Box camera (not available in every country)

http://security.hanwhatechwin.com/product/product_view.asp?idx=7348&cid=83&clvl=0

• SFP LC type, 1000Mbps default speed

(1)
U
Undisclosed #2
Aug 25, 2016
IPVMU Certified

That PTZ cap is interesting. Does it cost less than the camera?

Minor errata, (in case you are the manufacturer); the min temp in Faranheit seems way too high.

AS
Ashley Schofield
Aug 25, 2016

Hi Ronen,

Uniview have full body cameras that have an SFP.

http://sg.uniview.com/Products/Cameras/Box/2/IPC542E-DUG/

http://sg.uniview.com/Products/Cameras/Box/2/IPC562E-DUG/

Cheers,

Ash

* Disclaimer - I work for a Uniview distributor *

(1)
RL
Ronen Luzon
Aug 26, 2016

i cant use a media converter for a security reason, the customer does not want to have an ethernet connection on the cameras installed out side of his perimeter.

a direct fiber connection is needed.

U
Undisclosed #2
Aug 27, 2016
IPVMU Certified

So when you say "instead of an Ethernet connection", you mean it can't just have optical in addition, it can't even have a unused jack, right?

TS
Tariq Saleh
Aug 26, 2016

Bosch has security cameras with native fiber connection.

ma
matar alneyadi
Aug 26, 2016

Axis they do with q6045-c

JR
Joel Rieger
Aug 27, 2016

Try Eclipse Signature Series. They have some models with fiber.

(1)
Avatar
Amir Pirani
Aug 28, 2016

Hi Ronen,

Please see below links for Uniview cameras. Please email me on apirani@crknz.co.nz if you need more information and details for them.

http://en.uniview.com/Products/Cameras/Box/2/IPC562E-DUG/

http://en.uniview.com/Products/Cameras/Box/4K/

Thank you

Kind Regards

Amir P

TA
Toni Alvarez
Aug 29, 2016

hi Ronen,

Siqura has also a line with Fo connection.

regards,

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

You do understand that fiber optic cable still carries Ethernet packets, right? The media used doesn't change your network packet technology. All one would need is a media converter in hand to take your fiber and convert it to copper based Ethernet. It isn't really any more secure.

(1)
(2)
(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

All one would need is a media converter in hand to take your fiber and convert it to copper based Ethernet. It isn't really any more secure.

Do you consider pin-in Torx bolts no more secure than Phillips?

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

Of course not. Every $5 dime store tool kit has those tips included. If the tip style isn't patented, then access to the tip cannot be restricted. I could find any non-patented style tip you can think of at Harbor Freight (or most other hardware big box stores) in minutes. This all assumes you don't already have 10 assorted kits already floating around in your work van.

(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

Anyone one that ever used a PC would know how to plug the camera's Ethernet cable into a laptop and get on the network.

99% of the same people wouldn't know a fiber connection when they saw it, let alone be able to connect and configure a media converter.multi-mode, single-mode, SFP, LC etc.

Even someone who might be familiar might not have the correct part floating around in his van, multi-mode, single-mode, wavelength etc. Because you wouldn't know until you're up the ladder.

So does that make it less likely that your network will be tapped via fiber vs copper, say over a ten-year period?

IMHO, yes less likely.

Isn't that more secure then in a practical sense?

Also, remember good security is made of layers, add in 802.1x, encryption etc, so even if only stops half the bad guys, it helps no?

Finally, it sounds like an outdoor camera at some distance from the head-end, so fiber is an easy choice anyway.

(1)
Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

IMO, it's not the 99% that you are trying to protect against. The bottom 99% would never even think to remove a camera to plug in a laptop to get their emails or surf the web. You can stop 99% with conduit to a secure enclosure.

But, it is the 1% that you are worried about. Further yet, the 0.1% is where this topic is aimed. Those are the ones who wouldn't be slowed by your fiber connection, "obscure" bit tips, or other silly physical games.

Security by obscurity is not the answer. Your "layers of security" would maybe slow someone down a few minutes, if they planned well enough. It surely isn't stopping them.

(2)
(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

You can stop 99% with conduit to a secure enclosure.

Then you can stop 99.9% with a conduit AND fiber.

If they're going for the network, they likely won't even go near the camera anyway, they'll cut the conduit somewhere downstream and splice in a tap. Remember they don't know it's fiber.

I can crimp on a Ethernet tap on a cut cat5 cable in under 2 minutes, by flashlight, using tools in that fit in my jacket.

How long would it take you with cut fiber?

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

If I had a fusion spliced and some ends, I could splice your fiber almost as fast as a 8P8C connection. Both require parts, tools, and knowledge. All of which the 0.1% will have.

Just because you aren't aware of how to fusion splice, doesn't mean that others don't.

Again, you aren't protecting yourself using obscurity. That always assumes that your subject isn't knowledgable. You worst case scenario WILL have the knowledge to bypass these futile efforts.

That said, fiber will always have its place and time. However, the necessity of fiber isn't born from the need for obscurity. It is due to performance.

(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

Somedays I lock my storm door with the thumb latch as well as my deadbolted door, I assume you wouldn't bother?

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

Again, that gives you the perception of security. The single storm door lock would prevent 99% of issues. But that's not the point here. The 1% would break a window.

(1)
Avatar
Ethan Ace
Aug 30, 2016

But if locking the storm door would prevent 99% of issues...wouldn't you want to lock the storm door?

Not protecting against the 99% or 99.9% because 1% or .1% will still get through is crazy.

AW
Alex Wasilesku
Aug 30, 2016
IPVMU Certified

I have to agree with Jon.

Reality is if someone is trying to break into your network please, as an ex ethical hacker myself, I would never go to a site and just assume. To say the person trying to break into your network will not know what fiber is and how to use it is ludicrous. If that person didn't, they also wouldn't have the knowledge or mindset to break into your network in the first place. Network connections are ground zero.

I will say 99% not 1% of the people trying to break into a network are going to know what a media converter is and how to use it so I will have to disagree with Undisclosed. Fiber is no more secure than Ethernet. Even if you had fiber conduit etc etc and lets just the person was not prepared.. what will stop the hacker from coming back tomorrow night with the correct items necessary, absolutely nothing.

You want real security run the Cat5/6 back to a Switch and have Mac Address recognition per port. Problem solved. Absolutely nothing but the camera can use that port and if something else did go in it, it will immediately shut down the port.

(1)
(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

what will stop the hacker from coming back tomorrow night with the correct items necessary, absolutely nothing.

After you ripped apart a (well installed) dome camera or (more likely) cut a conduit and severed the fiber hoping to tap it, you would come back the next night?

Only an ethical hacker would. At least let them splice it first.

(1)
AW
Alex Wasilesku
Aug 30, 2016
IPVMU Certified

Oh please. Number one, you would never notice. Absolutely no one goes around and inspects their camera's and their dome housings. Also what do you mean ripped apart? You mean get a multi torque screw and take off the housing properly? Im dying dude, cutting and re-terminating fiber from a midway point in the conduit? What is this a movie? What do you think Hacking is still like the 90's Jim Carry Cable Guy methodologies? You really seem to be basing all your knowledge of hacking from movies you watched growing up. Number two wrong again as an Ethical Hacker I would never step foot onsite thus the term Hacker not Burglar.

(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

Number one, you would never notice. Absolutely no one goes around and inspects their camera's and their dome housings.

In the movies at least, these cameras are connected to screens and recorders (see "A Fish Called Wanda" - 1983 and "The Italian Job" - 2003), and therefore are often recorded and less often monitored.

I'm not saying Tony Montana himself will be watching the monitors, ("Scarface" - 1983), but I've heard that these cameras can be difficult to disassemble with blocking the video or getting in the shot ("Seems like Old Times" - 1980). If the subversive behavior is recorded and analyzed then unpleasant counter-measures may be prepared ("2001 - A Space Odyssey" - 1968)

Any unethical hacker worth his salt knows the maxim 'never return to the scene of the crime', ("Heat" - 1995), lest the curtain falls. ("Curtains" - 1983).

U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

Again, that gives you the perception of security.

Jon, by your own admission it would reduce and/or delay incidents, so in the real world it has real value.

Also, to be a good sport I've entertained this assumption of yours that the OP is primarily concerned about Oceans Eleven style, fiber splicing ninja spies, but he may just be hoping to make it somewhat harder for someone to attach to his external network. This it does.

And the OP is aware of media converters and their function, so would recognize that anyone bringing their own converter could circumvent the protection.

And it's not in lieu of other security, it's in addition to.

Related, I know you've have argued that you should not be concerned if the cameras you use have backdoors in them because you just secure the network: problem solved. But I think the monolithic approach is not the best.

Maybe just disagree to agree then?

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

Not so fast! If you want to offer a real way to make his network (truly) safer, let's dig deeper.

How about using Analog HD cameras in the most insecure, vulnerable areas? That way we aren't exposing the network at all, we can support longer wire runs, and the likely hood of an exploit via TDI/CVI/AHD protocols is almost non-existent. The only people with that ability would be a fraction of the engineers who developed the protocol themselves.

Let's stop telling him to lock his screen door. Let's offer him real protections.

(1)
(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

...and the likely hood of an exploit via TDI/CVI/AHD protocols is almost non-existent.

Take your multi-Analog/CVI/TVI/AHD/IP monitor tool, tee off the coax and record a clip to it, disconnect the camera, and play the clip in a loop. Steal the diamond. Reconnect the camera.

(2)
(2)
Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

My DVR has tampering and video signal loss alarming when you disconnect a camera. Game over. Thanks for playing.

Seriously though, his concern was network access, not stealing or inserting a video feed.

"the customer does not want to have an ethernet connection on the cameras installed out side of his perimeter."

(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

My DVR has tampering and video signal loss alarming when you disconnect a camera. Game over. Thanks for playing.

I think I can beat it. Anyway it sounds like fun: gentlemen's bet?

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

Sure, if you can prove that you can connect through to the network via an Analog HD video cable that you splice or steal, you can name the prize.

(1)
U
Undisclosed #2
Aug 30, 2016
IPVMU Certified

Nah, I'm just talking about spoofing the video without setting off the video loss alarm...

Avatar
Jon Dillabaugh
Aug 30, 2016
Pro Focus LLC

That wasn't the OP's concern at all. I don't dare stray too far OT. Vampire tapping a COAX cable isn't that hard.

(1)
UM
Undisclosed Manufacturer #1
Aug 30, 2016

I have heard of some banks going this was as to not expose their network with perimeter cameras.

(3)
AW
Alex Wasilesku
Aug 30, 2016
IPVMU Certified

Banks also have a pocket deeper than all of our incomes combined. They also lock everything down as far as it can possibly go. The fiber addition was just another step towards staying secure, not whats causing the security. Guaranteed their runs are also individually protected to ensure absolutely nothing can happen to the fiber.

I most certainly am not disagreeing. Yes fiber will indeed be more secure but absolutely nothing that would stop a physically onsite hacker. The bank 100% guaranteed is still using MAC Authentication on top of their fiber runs as well as more Software Security instilled, DMZ packet routing, an intense firewall configuration, etc etc etc making it virtually impossible to get in.

In response to Undisclosed 2 so your saying a hacker will know how to tee off a coax line but will not know what a media converter is? It is just my opinion I know but you just disproved your own original comment being to smart for your own good lol. By all means that was a complement because that was a good rebuttal if it actually worked.

I feel like there is much confusion between a Hacker and a Burglar in this thread. The whole point of being a hacker is to commit crimes without physically being there. The entire point is to not expose yourself.

Either case my recommendation as well as Jon's (especially Jon's) are much more cost effective solutions than supporting the fiber run. There is no data transferred over coax and his method is by far the most cost effective and just as secure (if not more secure because of the no data transfer) as the fiber method.

But hey if the customer wants to drop 1000's on unnecessary solutions that does not affect any of us. Trust me I have run into more than enough customers myself, when trying to explain logically why option B or C is a better choice, their is just no convincing.

There will need to be a fiber switch put in place (remember no one gets fired for buying a cisco device) and depending on how many camera's are run back you will need to buy a SFP/Gbic for each individual input. I still HIGHLY recommend if this is for security reasons, since you have to buy a switch anyway, to put Mac Address Authentication in place.

(1)
(1)
AW
Alex Wasilesku
Aug 30, 2016
IPVMU Certified

It seems very strange that this request was made to me. Going off of what you stated that would mean the NVR itself would need X amount of fiber input ports which I have never heard of. The only thing I see being possible is installing a full fiber switch to take all the inputs which would be just beyond extreme over the top and unreal expensive. I do not see any camera having so much packet traffic that Fiber speeds would actually be utilized. Even 4k camera's don't breach Cat6 limitations for packet transfers.

The absolute largest issue I see here is fiber for camera runs period. Fiber is so fragile. You risk breaking the cable just running it alone as well as other contractors coming in and while they run cable or look into the ceiling breaking it as well.

If I missed it I apologize but what is the reasoning for this request? Just from this perspective I see absolutely no point, a much harder install than necessary, since your limited to no POE an extended install has to be done to run power to everything, most likely offsite pre-configurations, and a ton of money wasted for absolutely no reason.

U
Undisclosed #2
Aug 31, 2016
IPVMU Certified

If I missed it I apologize but what is the reasoning for this request? Just from this perspective I see absolutely no point, a much harder install than necessary, since your limited to no POE an extended install has to be done to run power to everything, most likely offsite pre-configurations, and a ton of money wasted for absolutely no reason.

Regardless of security considerations, running fiber is often specified outdoors when

1) needing lengths greater than 100m

2) to mitigate problems with lightning and power surges

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions