Category Archives: Farm Security

Posts on Farm security

A Whole New Kind of AyrMesh Hub – the Hub2x2

The new AyrMesh Hub2x2

After extensive research, testing, and development, we are pleased to announce the all new AyrMesh Hub2x2.

The AyrMesh Hub2x2 is our first Hub to use MIMO to dramatically improve the upload and download speed, both between the Hub and your devices and between the meshed Hubs themselves. The Hub2x2 can deliver up to twice the data speed of the Hub2T, enabling our customers to do things like:

  • Use high-definition security cameras
  • Download manuals, diagrams, videos, etc. up to twice as fast
  • Make and Receive video calls
  • Stream HD movies – even out in the garden

MIMO is a technology that allows a WiFi access point (like the AyrMesh Hubs) to use multiple antennas that receive and transmit multiple “spatial streams” of data simultaneously. Multiple antennas also help make the signal more readily available in difficult places like in trees and around buildings.

The use of MIMO represents a new strategy for AyrMesh Hubs. Previous AyrMesh Hubs traded off bandwidth to achieve maximum range. The Hub2x2 combines outstanding bandwidth and excellent range to normal WIFI-enabled devices, with a small sacrifice in Hub-to-Hub range.

The reason for this tradeoff is that we have found that most of our customers have their Hubs within a mile of each other, and are primarily interested in ensuring good WiFi coverage with excellent speed around their home, pool, gardens, farm office, workshop, barns, chicken coops, and stables. The new Ayrmesh Hub2x2 is designed specifically for those needs while still enabling you to expand your AyrMesh network out into fields and across thousands of acres.

The Hub2x2 vs. the Hub2T

The AyrMesh Hub2x2 is a perfect Gateway Hub for almost any AyrMesh network, because it provides long range and high bandwidth. The Hub2x2 is also a great Remote Hub up to a mile away, making it an excellent product for providing high-bandwidth WiFi around a rural home, farm, or estate. By placing Hubs a mile or less apart, you can ensure a continuous “cloud” of WiFi for your devices.

For Remote Hub installations more than a mile away, we recommend using the Hub2T. Its single antenna “focuses” its signal much more for longer-range applications, which provides better bandwidth at those distances than the Hub2x2.

The only time we will recommend the Hub2T as a Gateway Hub is when a Remote Hub will be positioned over 2 miles away from the Gateway. In this case, the Hub2T will provide better bandwidth to the Remote Hub2T than the Hub2x2 would.

One other point: the Hub2T has MUCH lower power requirements than the Hub2x2, so it is more suitable for solar/wind powered installations.

The new AyrMesh Hub2x2 – a new kind of AyrMesh Hub

As always, please let us know what you think!

 

Quick link to video interview

Aaron Ault, who is the team lead for the Open Agriculture Data Alliance, was interviewed by Precision Farming Dealer. I think that data privacy and ownership is an extremely important issue (one of the benefits of the AyrMesh system is keeping data on the farm), and I though this was a terrific interview.

The video runs just under 6 minutes, and you can see it here: https://www.precisionfarmingdealer.com/articles/2650-deu

Security and the IoT

As you know, I think that the “Internet of Things” (IoT) has enormous potential for the farm. But we have all been recently reminded of the problems we are facing as BILLIONS of new devices come on to the Internet – Friday October 21, the IoT literally broke the Internet.

This event has been called the “Mirai botnet attack.” This is an extremely important event, because it used IoT devices to effectively bring the Internet to a stop for several hours on Friday, October 21. Even Ayrstone was affected: we use Zendesk for our customer support portal, and it was unavailable off and on on Friday.

This attack was innovative in two ways: first, it did not attack the affected sites directly, but rather attacked the Domain Name Servers (DNS, the servers that turn domain names like ayrstone.com into IP addresses like 104.24.21.15) of Dyn.com, making a huge number of websites, including Zendesk, Twitter, and others unreachable, even though they were working just fine.

But the most important innovation was the way the attack was done – using a Distributed Denial of Service (DDoS) attack from IoT devices. DDoS attacks work by sending a huge amount of data to a server from a large number of devices on the Internet, overwhelming the server and causing it to fail. Up until now, the “botnets,” as the devices sending the data are known, have mostly been personal computers infected with viruses that allow a remote user to control them and cause them to send out streams of data to the target server.

As I mentioned, however, this attack was different, because it used IoT devices – IP cameras, routers, wireless networking devices, and other little devices that people don’t see as being “computers.” But your router or IP camera has a lot more computing power than the powerful desktop computer you had just a few years ago.

Hackers were able to access these devices and install “botnet” software on them because – and this is THE IMPORTANT THING – the passwords were NEVER CHANGED from the defaults. For instance, many devices come with a default username of “admin” and a default password of “admin” or “password.” If those are not changed and they are exposed to the Internet, they are an open invitation to hackers.

Now, most of the devices on your network are NOT currently exposed to the Internet – they are safely hidden from the Internet by your router’s NAT firewall. But it is still important to change the default password on devices, and, if you have “port-forwarded” to any devices to make it accessible via the Internet, it is DOUBLY important to make sure it has a STRONG password to protect it.

Ayrstone products, of course, are protected because the username and password for each device is set from AyrMesh.com. The only way an AyrMesh device can have the default username and password is if you don’t have an AyrMesh.com account, and we regularly disable devices that are not checking into an active account. However, even at that, AyrMesh devices should always be used behind a router’s firewall and not exposed to the Internet.

These devices are incredibly useful when used properly, but you have to take some minimal precautions to keep them safe. More information about the Mirai botnet attack and security of IoT devices can be found in this article and elsewhere.

This attack is a good reminder of three things:

  1. Make sure you always use good passwords (long, not a quotation or word) on ALL devices and keep those passwords secret,
  2. Don’t expose devices to the Internet unless you have to, and
  3. Purchase networking/IoT products from reliable vendors who can update the firmware to close vulnerabilities, preferably automatically and over the network. If not, make they make new firmware available to close holes as they are discovered, and install it regularly.

AyrMesh devices have firmware that is updated over the network. We issue several updates per year, and you needn’t do a thing – they happen automatically.

If you have any questions, of course, just let us know – support@ayrstone.com.

 

IP Cameras on the Farm: Part 3 – Using IP cameras for security

QNAP NVR, courtesy of QNAP

Now you know how to select an IP Camera, set it up on your farm, and view it from wherever you are, on or off the farm, which may give you a greater sense of security by itself.

However, you can’t watch what’s going on 24×7, and, with most cameras, you can’t go back and see what happened a couple of minutes ago (or last week). If you want to incorporate cameras as part of a security system (which may also include things like driveway sensors, indoor motion sensors, window/door open sensors, and other devices), then you should, at a minimum have some sort of recording, and probably some sort of motion detection on the cameras. What I have found to be best is some sort of system that is continuously monitoring the cameras, and, when motion is detected, it records the previous several seconds of video and keeps recording until after the motion stops. That way, I find, I get a nice, clear video of the mailman coming up to the box every single day (and, if I choose, a text and/or email with a picture of the mailman within a few seconds of his arrival).

But, seriously, if you are having trouble with intruders (people breaking into your storage sheds or stealing Anhydrous), getting notification and pictures of them is a good idea. For that, you need a Network Video Recorder (NVR). An NVR is a device that plugs into your network and monitors your IP cameras, allowing you to view several cameras at once and go back to see what happened at a particular time. Most modern NVR systems also have motion detection and multiple alarm functions (including email and tripping a relay to set off an alarm).

Swann DVR with cameras, courtesy of Swann

An NVR is different from a Digital Video Recorder (DVR), although both can be useful tools for farm security. A DVR typically has a number of coaxial inputs for cameras, so you can attach 4, 8, or 16 cameras to the unit using coaxial cable and it will continuously record the video from those cameras. Most modern DVRs also have an Ethernet port so you can connect them to your network and monitor the cameras from wherever you are. A DVR can be very useful anywhere you want several cameras in a single physical location, like your home, workshop, or storage shed, where you don’t mind stringing wires. Most newer DVRs can also detect motion send you an email or other form of alarm when they do.

Foscam indoor camera with storage – the little microSD slot under the antenna – courtesy of Foscam

Some newer IP cameras even have the NVR capability built-in, usually via an SD card slot. They store either still images or video to the SD card continuously so you can just “back up” while you’re viewing the cameras.

Almost all IP cameras have some form of motion detection, but many of them are effectively useless. There are three types of motion detection:

  1. Overall picture motion detection – this just looks for the number of pixels changing in the frame and alerts if that number rises above a certain level. Unfortunately, this is almost entirely useless, because, if the sensitivity is high, it will “alarm” every time the lighting changes slightly, and if the sensitivity is set too low, it won’t alarm at all.
  2. Setting a “zone” so the camera will alarm when the door is opened – courtesy of networkwebcams.com

    “Zoning” motion detection – this allows you to put rectangles into the camera’s frame and only alarm if there are changes inside those rectangles. This works better, but you still get a lot of “false alarms.”

    Object detection, courtesy of Sitehound

  3. Object detection – this is an algorithm that can pick out moving objects in the video stream and distinguish them from changes in the background. This means that you only get an alarm when something moves, and you can set the size of the object that will set an alarm so you don’t get called every time a gnat flies by.

Most inexpensive cameras use the first type of motion detection, which means the on-camera detection is worthless. Almost all other cameras use the second type of detection, which is not useless but still not great. Some high-end cameras can do object detection, but they’re pretty expensive.

The better idea is to have your NVR software do the detection and alarming, rather than the camera. There are two ways to do this: using a dedicated NVR (a small computer running embedded NVR software) or running an NVR program on a desktop computer that’s on 24×7. There are advantages to either approach.

Using a dedicated NVR is simple: you set it up, add the cameras to it through the onboard user interface, and forward a port to it on your router so you can access it while you’re away. QNAP is a vendor that makes a large range of standalone NVRs that are compatible with a wide variety of cameras. In all honesty, I have never been able to evaluate one, but customers have reported good results with them. Synology has developed a pretty good reputations, also – both brands are generally available on Amazon.

The downside to the dedicated NVR is that only some cameras are supported (although the brands mentioned above support a huge number of brands) and that it is difficult to evaluate the software to tell how well it will work for you. The vendors don’t really provide much detail about how they detect motion, what options are available, and what the units can do.

Ubiquiti Cameras and NVR, courtesy of Ubiquiti Networks

Some camera vendors like VivotekGeoVision, and Ubiquiti sell both cameras and NVRs to work with their cameras in an integrated package. Going that way makes it easier to know your cameras will work the the NVR, but more difficult to evaluate whether you have the right cameras and NVR for your operation.

The other option for an NVR is to use an NVR program on a computer that’s running all the time. There are several of these programs, but the two most popular are BlueIris and SightHound.  BlueIris is less expensive and runs on any Windows PC; SightHound is more expensive, but has a number of important advantages:

  1. It runs on either Windows or Mac computers;
  2. it is very easy to install, configure, and use; and
  3. it features an advanced object-detection motion detection.

I’m an unabashed fan of SightHound – I have written about it before on this blog – although I have used BlueIris and it is also very good. I also like the Ubiquiti system (Note: Ubiquiti builds the hardware for the AyrMesh system), although I find their software to be a bit too complex for most users. It also integrates with their mFi sensors and switches for security and automation.

Dropcam – courtesy of Dropcam

There is actually a third option – a camera that automatically loads its video to a “cloud-based” NVR. Dropcam is a system that uses nice, small, relatively inexpensive indoor cameras, which automatically send their video stream to their cloud servers, without the need for port-forwarding. I have also written about Dropcam before on this blog. The big advantages with Dropcam is that they are VERY easy to set up and use, and the company is now part of Nest (maker of the Nest thermostat), which is part of Google – they have the resources to keep this going and expand those products to do a lot more in the future. The disadvantages are:

  1. They currently only make indoor cameras; there is no outdoor option, and the cameras are not designed for outdoor temperatures.
  2. They charge on a per-camera basis for the recording function. They charge $10 per month/ $99 per year for the first camera and $5 per month/ $50 per year for each additional camera (that’s for 7 days of recording; they charges for 30 days of recording are 3x higher)
  3. There is no way to directly view the camera – the only way to view it is through the Dropcam website. This is not a big problem practically, but it does bug me a little. Even without a subscription, you can view the camera through their website and get notices when motion is detected, which is nice.

Whatever cameras and NVRs you choose, you’ll need to connect the cameras to the network, connect the NVR to the network, and make sure the NVR is “talking” to the cameras. You can then port-forward to the NVR (remember about this from the router series?) in order to access it from the Internet; that way you don’t have to port-forward to each of the individual cameras. You’ll need to fine-tune the sensitivity of each camera in order to get appropriate “alarms” for movement. You’ll also need to set the alarms up so they contact you appropriately. Setting up an email alarm is relatively easy, and all the cellular phone providers give you an email address that goes through as an SMS text message – for instance, on Verizon, if the phone number is 555-123-4567, you can email “5551234567@vtext.com.” That way you can get a text message on your phone whenever motion is detected.

So, now you have cameras set up in the critical parts of your farm, which you can view through your NVR, and you are set up to get alerts any time something moves in the field of view of those cameras. All of this, of course, is made possible because of your AyrMesh Network, covering your farm with powerful IP connectivity.

And there’s still a lot more you can do with the network… stay tuned!

IP Cameras on the farm: Part 2 – different kinds of cameras

Sorry to use this picture again…

There are a wide variety of IP (network) cameras available, ranging from the very inexpensive to the very good. That’s not to suggest that inexpensive cameras are not useful; it just means that you want to know which camera to use where.

If you just want to be able to see what’s happening on part of your farm, a cheap 640×480 (VGA size) camera will do a nice job. You can bring it up on your phone or tablet from anywhere on the farm, or port-forward to it to see what’s going on when you’re away. These cameras can be VERY inexpensive – from about $35 on Ebay – and they can work well for some applications; some are very small for indoor use, and some are built for outdoor use. The build quality on the very inexpensive ones is generally not great: one very inexpensive outdoor camera I purchased had the IC board held in place inside the housing with dabs of hot glue. That said, I still have it and it still works.

One thing to be aware of is that some inexpensive IP cameras require Internet Explorer to view the image on the camera. While this works with your laptop, it may keep you from seeing the camera on your phone or tablet (or they may offer a reduced-quality video stream for your phone or tablet), and it may prevent the camera from being integrated with a Network Video Recorder into an overall security system. If Internet Explorer is one of the requirements for the camera, I generally recommend against its use.

There are three major factors contributing to the quality of an IP camera:

Camera sensor chip

1.) Image sensor – the size (1/4”, 1/3”, or larger) of the sensor and its resolution (640×480, 1024×720, 1280×960 or 1280×1024) – in general, the larger the better.

Camera lens

2.) Optics – good optics make a big difference. A full-HD (1280×1024) camera with a crummy lens is less useful than a VGA (640×480) camera with a sharp lens. Unfortunately, it is impossible to evaluate the quality of a lens from the specifications of the camera – the price of the camera is a reasonable, but not entirely reliable, proxy. Some cameras offer different “sizes” of lens – for instance, a 3.6 or even 2.8 mm wide-angle lens or a 6 or 8 mm telephoto lens. Obviously, what you are watching will determine what kind of lens you need.

Firmware

3.) Firmware – the software running on the camera itself determines how easy it is to use and the features available. For instance, inexpensive cameras may offer MJPEG video streams and motion detection based on the entire scene the camera is surveying, while better cameras will offer h.264 streaming (which uses less bandwidth and better framerates – frames of video per second), and the ability to detect motion in specific zones of the camera’s picture.

The internal electronics and build quality of the camera make a difference, of course, but that is generally only an issue with the lowest-cost cameras – my own experience is that any name-brand camera costing more than $100 has adequate hardware and good build quality.

Here are three examples of IP cameras that I have purchased and evaluated, with specific comments on each.

Cheap Ebay Camera

View through the cheap camera

1.) No-name $35 Outdoor WiFi Camera from Ebay (China). This little camera is actually one of my favorites. It has an adequate lens, a good, strong case, 640×480 resolution, and uses MJPEG for video. It sends about 4-5 frames per second, which is adequate for most purposes. It also has infrared (IR) LEDs in front for nighttime illumination. The biggest advantage this camera brings is that I can use it as a “scout” camera to see if I want to put a better camera in a particular place, and, if it gets kicked or dropped or destroyed, I won’t cry over it – I typically buy then 3 or 4 at a time and, if they have problems, I just throw them away.

 

Agasio camera

View through Agasio Camera

2.) Agasio outdoor WiFi Camera. The specs on this camera are identical to the “no-name” camera above (WiFi, 640×480, MJPEG), but with more IR LEDs for better nighttime performance and a mechanical IR filter for better color in low light conditions. I am not actually sure the IR filter is that useful (and Foscam sells an identical camera without the IR filter), because it can fail in cold weather and make the picture look very odd as the filter clicks continuously in and out). I consider this (and the similar Foscam camera) the “workhorse” – it’s inexpensive and it works well, and Agasio/Foscam (they’re the same company) has an office in Houston you can call if you have trouble. I use these at my house to keep an eye on the yard, but I don’t use the motion detection capabilities because it’s very difficult to use effectively: if you turn the sensitivity down, you won’t capture motion when it happens, but, if you turn it up, you’ll be getting alarms every sunrise, sundown, and every time a cloud crosses the sun.

Axis indoor camera

View from Axis camera

3.) Axis indoor WiFi camera M1031-W. Axis is generally acknowledged to be the highest-quality IP camera vendor, and appropriately priced. This is their lowest-cost unit, but it clearly shows the difference between their quality standards and those of the lower-cost cameras. Even though this camera has only a 640×480 sensor and a tiny lens, the picture is excellent and the firmware is very easy to use yet feature-filled. It offers several different kinds of streaming (MJPEG, h.264) and the ability to detect motion in “zones” you can select with a little Java applet on the camera. I use these cameras to protect my house, although I do get false alarms from it.

That’s a quick overview of the “cheap and the good” of the IP camera world. If you are just looking to have a camera on your farm that will allow you to see some critical item when you need to, I generally recommend one of the Foscam WiFi or Ethernet cameras. For more critical tasks, such as keeping an eye on a foaling mare, I generally recommend an appropriate Axis camera.

Outdoor Point-Tilt-Zoom (PTZ) camera

One handy thing you can do is have a camera way up on a pole or tower that you can swivel around and zoom in in any part of the farm. The Axis outdoor Point-Tilt-Zoom cameras can give you an amazing view of your property, but you’ll need to connect them to your network with an Ethernet cable (or an AyrMesh Hub, Receiver, or Bridge), because they don’t have WiFi. You’ll also need to mount them to something secure, because movement in the camera will make the quality of the picture moot.

Next, we’ll look at putting together a system of cameras for home and farm security, including cameras and Network Video Recorders – see part 3 here.

IP Cameras on the Farm: Part 1

Many people start building an AyrMesh network on their property to provide Internet access across their acreage. However, having an Internet Protocol (IP) network across your property gives you the opportunity to connect devices on the property to help you be more productive, more efficient, safer, and happier.

When I ask people what else they’d like to do with their AyrMesh Network, the first thing that usually comes up is cameras – the ability to see their property remotely.

There are two distinct reasons for putting cameras on your property: the first is what I call “situational awareness” – being able to bring up a view of some part of your farm any time you want. The second is for security – automatically monitoring some view of your property and alerting you when something happens.

If you have animals on the farm, you probably worry about them – especially if your livelihood is tied up in them. One of the most common uses for cameras on the farm is to be able to check on the animals, whether it’s just so the kids can see the horses when you’re away or if you need to check on farrowing sows, calving cows, or foaling mares to protect your investment.

A lot of people also just want to be able to view some part of the property, like the driveway or the kid’s play area, so they can know what’s going on any time. Sometimes these cameras may be dual-purpose, serving both a security function and for situational awareness.

Putting a camera on your property gives you a “view” – you get the IP address of the camera from your router and you can bring up that view from anywhere on your property. Then you can do what’s called a “port forward” on your router to make your camera viewable from the Internet, wherever you may be. For instance, I always forward port 9001 to a camera in my living room. I can look at my public IP address on AyrMesh.com and find that it’s 99.100.101.102 (it’s not, but let’s pretend…), so I just need to point a browser to http://99.100.101.102:9001 and log into my camera (note: you HAVE to have a good, strong password on your camera).

Next we’ll talk a little about the different kinds of IP cameras and the tradeoffs and compromises you can make – see part 2 here.