Closed Circuit Television (CCTV) typically works on the basis that conventional analog video cameras can be deployed for security and surveillance purposes via point to point analog connections, forming a closed, secure network of the deployed cameras. Transmission of video over TCP/IP networks can be facilitated, however, using IP cameras. The use of TCP/IP networks can facilitate high-resolution transmission, thereby improving quality of the transmitted images, and provide the ability to deploy cameras over a wide geographical area. TCP/IP networks can also be used to create closed circuit (CC) systems that interconnect other IP-enabled end-point devices. Examples of such devices include access-control readers that can permit access to a building at various entrances, and alarms that may monitor a certain condition (e.g., presence of gases) and alert a receiving station connected via a TCP/IP network. In the following discussion, references are made to CCTV systems for the ease of discussion. It should be understood, however, that TCP/IP and IP-CC systems are not limited to TV systems, and can be configured to include various end-point devices (e.g., access-control readers, alarms, etc.).
The use of TCP/IP networks, however can present challenges to the management and operation of CCTV networks, because the transmitted video data can be easily intercepted by known IP hacking techniques. The possibility of hacking makes CCTV-IP networks insecure. The identification and configuration of multiple devices, such as video servers and IP cameras, which are to be used as part of a CCTV surveillance system/video monitoring system, can also be difficult when deployed on a TCP/IP network. This is because some approaches require an installer to manually identify, one-by-one, each of the devices connected on the network through the understanding of the Media Access Control (MAC) address of the device when it appears on the Dynamic Host Configuration Protocol (DHCP) server. The DHCP server would then allocate an IP address to the device, or the IP address must be allocated manually. Only after such identification of a device and allocation of an IP address, the device can be located and controlled.
Moreover, an IP cabling endpoint, where a camera can be connected to a cable, may be outside a protected zone. A protected zone can be a region to which it may be difficult for an intruder to gain access, making it difficult for the intruder to tamper with a camera. Outside a protected zone (e.g., housing at a distance in the back of a building), however, a intruder can gain access to the IP cabling endpoint and may install a different, unauthorized device. The unauthorized device can send fake video data to a monitoring station in the TCP/IP network, making the network vulnerable. Also, as the elements of the system are often installed in difficult to service locations, such as on roofs/tall buildings or CCTV camera poles, it may be advantageous to the installer if the devices can be identified and IP configured without the need to hire platforms/cherry pickers in order to access the devices.
Some methods (e.g., DHCP Option 82) can allocate IP addresses to devices such as IP cameras, and may be configured such that one port is associated with one allocated IP address. Thus, using DHCP Option 82, by permitting communication among devices corresponding to only a subset of the allocated IP addresses a secured network can be created. Under DHCP Option 82, however, configuring each port to only a single IP address can be cumbersome. Moreover, the DHCP Option 82 does not provide authorization of IP addresses prior to permitting communication between two devices. Therefore, the step of authorizing IP addresses and thus providing a secured network must implemented in addition to using the DHCP Option 82. Operating a secured network according to these methods presents yet another problem. For example, a device in the network is not uniquely identifiable by its own identifier such as a Media Access Control (MAC) address. If an unauthorized device replaces an authorized device connected to the network, the unauthorized device would simply use the IP address allocated to the authorized device, and thus would appear to be authorized to the other network components.
Additionally, configuring a secured network using these methods may require a specific IP address allocation method that may not be compatible with other allocation methods employed by the network. Finally, configuring the ports of a network switch to access the IP addresses and the associated identifiers, so as to route the received data frames based on the identifiers can be cumbersome for a large number of ports.