this post was submitted on 22 Jun 2023
7 points (100.0% liked)

Selfhosted

39435 readers
2 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm planning to set up a CCTV system to watch around a building. Anybody running Shinobi or something? And if so, what hardware are you using? I bought some cheapo v380s but the ones I got are honestly hot garbage.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

I've tried motioneye, zoneminder, shinobi cctv, blue iris, and frigate NVR.

I couldn't get motioneye to work, but I'll blame on me being a noob (especially at the time).

Zoneminder was stable but the UI is a bit weak and it doesn't have person detection to my knowledge. You can get around the UI by using homeassistant as a front end.

Shinobi cctv has the best UI, but I found it to be a buggy mess, person detection was difficult to implement, and it didn't play nice with homeassistant.

Blue iris is solid, but requires a license and windows. I have the least experience with it, but it seemed decent.

Ultimately, I landed on frigate NVR and it's my favorite so far. Its very solid/stable, has built in object/person detection with simple support for hardware acceleration, and UI is simple but passable. Personally, I use homeassistant as a front end for WAF, but the built in UI isn't bad and shows all your person detection events. Also, compared to all the above, configuration is done through a text file. While this may seem daunting at first, the manuals are very good and it becomes copy paste after the first camera (makes backups easy too).

For hardware, frigate has recommendations on their site. A cheap PC will do the job with ideally an Intel processor for hardware acceleration. For cameras, I've had the best luck with amcrest. Just make sure you throw whatever cameras you get on their own restricted vlan with no internet access. Feel free to reach out if you have any other questions.

[–] [email protected] 0 points 1 year ago (2 children)

was looking to setup frigate, what hardware are you using? trying to avoid hikvision or anything with known backdoors

[–] [email protected] 2 points 1 year ago

I'm running an unraid server with a frigate docker. For cameras, I use amcrest. Either way, back doors shouldn't be a concern if you have them on an isolated VLAN with no connection to the internet or other vlans. Frigate will just need access to the cameras.

[–] [email protected] 2 points 1 year ago (1 children)

Backdoors don't really matter since the cameras are isolated to local only, and can only talk to the NVR.

[–] [email protected] 1 points 1 year ago (1 children)

any vulnerability is a risk i want to avoid, hikvision as a security camera company doesn't care about security.

https://packetstormsecurity.com/files/166334/Hikvision-IP-Camera-Backdoor.html

[–] [email protected] 1 points 1 year ago (1 children)

But if they don't have access to Internet, as others have said, there's nothing a backdoor can do.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

chances are you don't have NAC setup on your home network, and even if you do that can be bypassed. mitigating risk means you accept the least amount of it. a company that's comfortable with built-in backdoors is unacceptable.

https://learningnetwork.cisco.com/s/blogs/a0D3i000002SKPREA4/vlan1-and-vlan-hopping-attack

https://resources.infosecinstitute.com/topic/vlan-hacking/

[–] [email protected] 0 points 1 year ago

First of all, I'm no cyber security expert. If the devices don't have access to Internet, how can they do a VLAN hopping? They're not "intelligent" devices that can act by their own.

About the first link, just avoiding Cisco switches seems to solve the problem (please correct me if I'm wrong). About the second link, I've got a question, is VLAN hopping a real threat, can it really happens nowadays?