IPC-T5442T-ZE IPC-T5442TM-AS IPC-T5842T-ZE SMD 3.0 Smart IR Latest New Firmware From EmpireTech

Ollie

Young grasshopper
Joined
Aug 17, 2022
Messages
70
Reaction score
15
Location
Israel
The "ban" means nothing unless you are purchasing and installing in a government facility...

And the ban doesn't address the real issue and that is the issue of allowing IoTs like cameras touch the internet.

It is common knowledge that EVERY camera manufacturer firmware has been hacked, including high-end Axis.

Even NDAA compliant Verkada was hacked and 150,000 cameras in private companies, along with prisons and public school systems were part of it, which would be government funded..



It is why we recommend DO NOT LET YOUR CAMERAS OR NVR TOUCH THE INTERNET. You isolate them via VLAN or dual NIC. Do not set the system up with P2P or UPnP or scan some QR code.

I repeat, do not let your cameras touch the internet and you are fine.

In reality, since police departments have partnered with Ring to gain access to Ring video that is cloud based under the name of public safety, there is probably a much more risk of the enemy gaining access to stuff than thru the Dahua and Hikvision products that can be isolated from the internet....

Or any manufacturer that has cloud based services that require that internet connection or their device doesn't work.
So, i need to use a switch layer 3 (in additional to the router-modem, in order to connect my nvr/xvr/cameras to a different vlan?
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,377
Reaction score
2,738
Location
USA
So, i need to use a switch layer 3 (in additional to the router-modem, in order to connect my nvr/xvr/cameras to a different vlan?
That is certainly one way, but many users here will put a second NIC in their BI machine and hang all of their cameras off that NIC. When set up correctly, that will also isolate your cameras from the rest of the network and doesn't require a managed switch.

Personally I use a managed switch (it doesn't have to be layer 3). You can pick up used enterprise quality 24-48 port POE managed switches off EBay for about the same or even less money than buying a new consumer grade switch (speaking in general terms here - I'm sure someone can find a cheap new switch :cool: ). I run that along with a pfSense firewall (again these systems can many times be set up for less money than many consumer grade routers).
 

Ollie

Young grasshopper
Joined
Aug 17, 2022
Messages
70
Reaction score
15
Location
Israel
That is certainly one way, but many users here will put a second NIC in their BI machine and hang all of their cameras off that NIC. When set up correctly, that will also isolate your cameras from the rest of the network and doesn't require a managed switch.

Personally I use a managed switch (it doesn't have to be layer 3). You can pick up used enterprise quality 24-48 port POE managed switches off EBay for about the same or even less money than buying a new consumer grade switch (speaking in general terms here - I'm sure someone can find a cheap new switch :cool: ). I run that along with a pfSense firewall (again these systems can many times be set up for less money than many consumer grade routers).
Well, i only need 3 ip ports (i believe this is not going to change).
I have no other devices in this network (apart from my xvr and two ip cams).
Do i still need a vlan setup?
If so, any suggestions of a cheap poe which can suit my needs (i guess one with 4 ports is enough)? - i mean any brands which are consider to be of good quality and reliability.

By the way what is BI refer to? (I believe you are not refer to business intelligence)
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,448
Reaction score
47,588
Location
USA
So your device will not be connected to a router and will not be able to touch the internet? If that is the case it is all a moot point.

BI is Blue Iris, another VMS system.
 

Ollie

Young grasshopper
Joined
Aug 17, 2022
Messages
70
Reaction score
15
Location
Israel
So your device will not be connected to a router and will not be able to touch the internet? If that is the case it is all a moot point.

BI is Blue Iris, another VMS system.
No, ofcourse it will be connected to the internet.
I need to be able to control the xvr-recorder remotely.
I believe that my setup should have a router which gets an input (downlink) from the ISP. The router will be connected to the poe switch as well as my ip cameras and xvr - is it correct?

Another thing - I wonder if vlan is required even there is no other devices in the network (besides the cctv devices)? - *required to strengthen the security.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,448
Reaction score
47,588
Location
USA
So nothing else is connected to this router - not a computer, phone, tablet, etc?

But even if not, you run the risk of vulnerabilities and backdoors to the XVR and then using your internet for DDoS bot attacks and you should secure your network as mentioned in post #658

These types of devices are always finding vulnerabilities.

 

Ollie

Young grasshopper
Joined
Aug 17, 2022
Messages
70
Reaction score
15
Location
Israel
So nothing else is connected to this router - not a computer, phone, tablet, etc?

But even if not, you run the risk of vulnerabilities and backdoors to the XVR and then using your internet for DDoS bot attacks and you should secure your network as mentioned in post #658

These types of devices are always finding vulnerabilities.

Yes, no other devices are connected (and it is probably not going to change).
 

105437

BIT Beta Team
Joined
Jun 8, 2015
Messages
1,998
Reaction score
884
I have a firewall rule that drops all egress traffic from my cameras to the internet. Probably could/should do more, but at least the cameras can't communicate out.

1673121909184.png
 

Ollie

Young grasshopper
Joined
Aug 17, 2022
Messages
70
Reaction score
15
Location
Israel
I have a firewall rule that drops all egress traffic from my cameras to the internet. Probably could/should do more, but at least the cameras can't communicate out.

View attachment 150238
Where is this firewall located in the recorder itself or in the router?
What about the recorder itself?
So, you don't use a vpn?
 

105437

BIT Beta Team
Joined
Jun 8, 2015
Messages
1,998
Reaction score
884
Where is this firewall located in the recorder itself or in the router?
What about the recorder itself?
So, you don't use a vpn?
I don't use an NVR. This firewall is part of my Ubiquiti Unifi network. I do not use VPN. I don't have any need to connect to my cameras from outside my LAN.
 

Nunofya

Getting comfortable
Joined
Nov 8, 2021
Messages
356
Reaction score
274
Location
USA
 

cybernetics1d

Getting the hang of it
Joined
Nov 1, 2018
Messages
73
Reaction score
41
Location
North America
My 5442-ZE is still on 2021 original firmware when I bought it last year. I think it has Smart IR in this version. It works fine for me. I’d check yours to see if it has it before upgrade. Unless you’re see many false positives with this 2021 firmware version, I’d advise to stick with it until you’re having an issue with it.
 

carteriii

Pulling my weight
Joined
Jan 8, 2016
Messages
146
Reaction score
156
Location
USA
I have numerous IPC-T5442T-ZE cameras, all running the firmware 2022-02-18. I believe the primary benefit of that version was some security improvements, which shouldn't matter so much if your cameras are locked down within your own network, but I upgraded one camera and found a small benefit in the low-light clarity with manual settings so I updated all of mine. Otherwise I do agree with the standard advice of leaving things alone unless you need or at least expect something. Given that you just received the cameras, and ideally don't even have them mounted yet, it's as good a time for you to update the firmware as you'll ever have. After mounting your cameras, you'll want to be more cautious.
 

mephisto_uk

Getting the hang of it
Joined
Dec 13, 2020
Messages
141
Reaction score
85
Location
London
Was the first post updated with the latest version available? It has the file "EmpireTech IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.840.15OG00D.0.R.220818.bin" which may be an older one already by now?

Just checking as for some reason I can't get ONVIF to send alerts to BI at the moment, I'm just wondering if it could be a firmware bug.
 

slidermike

Getting the hang of it
Joined
Aug 4, 2022
Messages
45
Reaction score
54
Location
USA
Was the first post updated with the latest version available? It has the file "EmpireTech IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.840.15OG00D.0.R.220818.bin" which may be an older one already by now?

Just checking as for some reason I can't get ONVIF to send alerts to BI at the moment, I'm just wondering if it could be a firmware bug.
The file looks to be the older Aug '22 in the first post.
 

edirol

n3wb
Joined
Jul 20, 2020
Messages
7
Reaction score
3
Location
Canada
I'm coming from firmware 2020-12-03 and this new firmware 2022-08-18 spams the log with NTP Set Time entries whereas the old one didn't. Is there any way to disable the logging of NTP updates?
 
Top