Nmap spread on all greater computer at work(predicate) systems, and official double star packages are available for Linux, Windows, and Mac OS X. The perimeter is therefore one of the most momentous areas of your network to careless against vulnerabilities, misconfiguration and other security threatening that could arrangement surety or availableness of cobweb benefit. Nmap uses inexperienced IP bundle in modern ways to determine what element are valid on the cobweb, what benefit (application name and version) those element are proffering, what operating systems (and OS versions) they are running, what type of bundle strainer/firewalls are in habit, and dozens of other characteristics. Acunetix Online foresee you with a perspective of your network’s perimeter just like an centre forward would see it. In appendage to the classic command-flax Nmap executable, the Nmap suite inclose an advanced GUI and issue on-looker (Zenmap), a inconstant data transfer, redirection, and diagnose puppet (Ncat), a service for comparing scan results (Ndiff), and a packet age and answer analysis tool (Nping).
GFI LanGuard is a cobweb assurance and vulnerableness scanner indicate to help with tract management, network and software audits, and vulnerability assessments. This allows you to do analyze of your topic meshwork. Use it to: Discover open harbor and cursorial office. Acunetix has intermingled the popular OpenVAS scanner within Acunetix Online to afford a thorough perimeter network safety scrutinize that integrates seamlessly with your cobweb application shelter testing, all from an unconstrained to utility frank cloud-supported office. Test for over 50,000 assumed fret vulnerabilities and misconfigurations.
For more than a decennary, the Nmap Project has been cataloguing the network security community’s favorite tools. Read 6 reviews.
Nmap (“Network Mapper”) is a guiltless and unreserved ascent (permission) value for fret revelation and carelessness hearing. It was plan to post analyze huge net, but manufacture nice against single sacrifice. Many systems and network administrators also find it utilitarian for tasks such as cobweb schedule, contrive avail upgrade timeline, and track host or service uptime.
Though you first see just an online tool that appears to exact do scrutinize via the Internet, if you attain a territorial IP or scan, it will agile you to copy a energizing scanner via a VMware or VirtualBox image. This situation allows open source and mercurial weapon on any landing, except those tools that we sustain (such as the Nmap Security Scanner, Ncat net connector, and Nping book manipulator).
Nmap (“Network Mapper”) is a free and open spring (license) utility for network discovery and security hearing. Many systems and network administrators also find it useful for employment such as netting catalogue, govern service upgrade timeline, and monitoring throng or avail uptime. Acunetix Online afford you with a optical of your mesh’s circumference just like an striker would see it. In 2011 this situation became much more moving, proffering ratings, retrace, scrutinous, rank, and a modern bowl suggestion elegance. The price is supported on the amount of IP addresses you desire to consider. Scan Perimeter Network Services Insecure circumference networks are still the object of most data breaches. Test for over 50,000 given network vulnerabilities and misconfigurations.
Scan Perimeter Network Services Insecure perimeter networks are still the cause of most data misunderstanding. Once a examine is finished you can view interactive echo by threat or by piece. The perimeter is therefore one of the most serious areas of your mesh to safe against vulnerabilities, misconfiguration and other security lour that could compromise certainty or availability of netting office. Comprehensive confidence audits require detailed investigation of the perimeter of your general-facing mesh property. A communicative trial version (up to 5 IP dress) is profitable. Use it to: Discover unreserved ports and flowing benefit.
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA operates the most popular cloud security provider certification program, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance program of self assessment, 3rd party audit and continuous monitoring. CSA launched the industry’s first cloud security user certification in 2010, the Certificate of Cloud Security Knowledge (CCSK), the benchmark for professional competency in cloud computing security. CSA’s comprehensive research program works in collaboration with industry, higher education and government on a global basis. CSA research prides itself on vendor neutrality, agility and integrity of results. CSA has a presence in every continent except Antarctica. With our own offices, partnerships, member organizations and chapters, there are always CSA experts near you. CSA holds dozens of high quality educational events around the world and online. Please check out our events page for more information.
As more businesses move to the cloud and as cloud services continue to grow, organizations must establish a unified set of cloud security and governance controls for business-critical SaaS applications and IaaS resources. In most cases, cloud providers will have stronger security than any individual company can maintain and manage on-premise. However, each new service comes with it’s own security capabilities, which can increase risks because of feature gaps or human error during configuration. Adding additional encryption and policy controls independently of the vendor, is a proven way for organizations to fully entrust their data to a cloud provider without giving up complete control over who can access it while also making sure employees are compliant when using SaaS applications. These controls allow businesses to move at the speed of the cloud without placing their data at risk.
In addition to traditional privilege management, the cloud also introduces a unique challenge when it comes to cloud service providers. Since they can access your cloud instance, it’s important to factor into your cloud risk assessment that your cloud provider also has access to your data. If you’re concerned about insider threats or government data requests served directly to the cloud provider, evaluating options to segregate data from your cloud provider is recommended.
The Cloud Security Alliance today has announced the availability of version 1.0 of the CSA Cloud Controls Matrix, a catalog of cloud security controls aligned with key information security regulations, standards and frameworks.
With the growth in cloud computing, businesses rely on the network to access information about operational assets being stored away from the local server. Decoupling information assets from other operational assets could result in poor operational resiliency if the cloud is compromised. Therefore, to keep the operational resiliency unaffected, it is essential to bolster information asset resiliency in the cloud. To study the resiliency of cloud computing, the CSA formed a research team consisting of members from both private and public sectors within the Incident Management and Forensics Working Group and the Cloud Cyber Incident Sharing Center. To measure cyber resiliency, the team leveraged a model developed to measure the resiliency of a community after an earthquake. Expanding this model to cybersecurity introduced two new variables that could be used to improve cyber resiliency. Elapsed Time to Identify Failure (ETIF) Elapsed Time to Identify Threat (ETIT) Measuring these and developing processes to lower the values of ETIF and ETIT can improve the resiliency of an information system. The study also looked at recent cyberattacks and measured ETIF for each of the attacks. The result showed that the forensic analysis process is not standard across all industries and, as such, the data in the public domain are not comparable. Therefore, to improve cyber resiliency, the team recommends that the calculation and publication of ETIF be transferred to an independent body (such as companies in IDS space) from the companies that experienced cyberattacks. A technical framework and appropriate regulatory framework need to be created to enable the measurement and reporting of ETIF and ETIT. Download the full study.
Another day, another data breach because of poorly configured cloud-based systems. The latest incident, in which up to 6 million customer details for Verizon’s United States customers was exposed, is yet another reminder both the cloud provider and the organization share the responsibility for cloud security.There is a misconception that the cloud service provider is in charge of securing the cloud environment. That is only half the story. Cloud security providers such as Amazon, Microsoft and Google take care of security for their physical data centers and the server hardware the virtual machines run on, but leave the individual customer in charge of protecting the virtual machines and applications. Cloud providers offer an array of security services and tools to secure customer workloads, but the administrator has to actually implement the necessary defenses. It doesn’t matter what kind of security defenses the cloud provider has in place if the customers don’t protect their own networks, users and applications.A third-party service provider handled Verizon’s back-office and call center operations and stored all customer call data, which included names, addresses, phone numbers, and account PIN codes of every Verizon customer that called the call center over the past six months, in an Amazon Web Service (AWS) Simple Storage Service (S3) data store. The data collection was meant to help improve customer service experience, but because the S3 bucket was incorrectly configured to allow external access, anyone patient enough to work out the web address would have been able to download the information. Scammers who got their hands on the data would be able to pose as an any Verizon customer on a call and gain access to customer accounts.This kind of mistake is distressingly common. Recent research by cloud security company RedLock’s Cloud Infrastructure Security team found that 40 percent of organizations have inadvertently exposed at least one public cloud service due to misconfiguration. Misconfiguration is a serious problemVerizon is just one of many organizations whose data was exposed on public clouds by mistake. Just a few weeks ago, personal data of over three million wrestling fans were exposed online because the World Wrestling Entertainment (WWE) had an unencrypted database on an AWS S3 instance with no access control or password protection enabled. In June, the Republican National Committee confirmed personal identifiable information of 198 million registered United States voters–accounting for approximately 60 percent of voters–had been stored in plaintext on an open Amazon S3 storage server owned by data analytics firm Deep Root Analytics. Defense contractor Booz Allen Hamilton exposed 60,000 files belonging to the Pentagon, including sensitive files tied to a U.S. military project and half a dozen unencrypted security credentials, by storing the files on a public S3 instance.“The problem is not that the cloud is insecure, but ultimately customers are responsible for securely configuring their networks, applications and data,” said Varun Badhwar, CEO and co-founder of cloud security startup RedLock. “Public cloud infrastructure such as AWS can be highly secure if configured correctly by organizations adopting such services.”Cloud security company Threat Stack analyzed 200 companies using AWS and found that 73 percent had at least one critical security misconfiguration, such as letting unauthorized parties directly access the data, use the misconfigured object as part of bigger attack, and control the entire environment by logging into the AWS console. These breaches were the result of basic security negligence and non-existent IT policies, not the work of malicious adversaries. Regardless of who is doing the provisioning–whether that is the IT administrator, developer, engineer or the security team– too many people do not fully understand how to configure their cloud environments. Organizations can no longer treat the public cloud as any old place to store information, but incorporate the following security measures to ensure their cloud environments, applications, and data protected from unauthorized access.1. Know what you are responsible forAll cloud services are not the same, and the level of responsibility varies. Software-as-a-service (SaaS) providers will make sure their applications are protected and that the data is being transmitted and stored securely, but that is typically not the case with cloud infrastructure. For example, the organization has complete responsibility over its AWS Elastic Compute Cloud (EC2), Amazon EBS and Amazon Virtual Private Cloud (VPC) instances, including configuring the operating system, managing applications, and protecting data.In contrast, Amazon maintains the operating system and applications for Simple Storage Service (S3), and the organization is responsible for managing the data, access control and identity policies. Amazon provides the tools for encrypting the data for S3, but it is up to the organization to enable the protection as it enters and leaves the server. Check with the provider to understand who is in charge of each cloud security control.2. Control who has accessRedLock’s CSI found that 31 percent of databases in the public cloud are open to the Internet. In fact, 93 percent of resources in public cloud environments did not restrict outbound traffic at all. Nine percent of cloud workloads that were not load balancers nor bastion hosts were accepting traffic from any IP address on any port, which is a terrible idea. Only load balancers and bastion hosts should be exposed to the Internet.The Verizon data breach happened because the S3 bucket was set to allow external access. This is unfortunately a common mistake. Threat Stack found that 37 percent of organizations in its research had S3 buckets that granted access to everyone. Many administrators mistakenly enable global permissions on its servers by using 0.0.0.0/0 in the public subnets. The connection is left wide open, giving every machine the ability to connect.In the case of AWS, S3 buckets should never have a public access policy.Another common mistake is leaving SSH open, something that 73 percent of organizations did in Threat Stack’s analysis. Threat Stack also found that 13 percent allowed SSH connections directly from the Internet, which meant anyone who could figure out the server location could bypass the firewall and directly access the data.Major cloud providers all offer identity and access control tools; use them. Know who has access to what data and when. When creating identity and access control policies, grant the minimum set of privileges needed and temporarily grant additional permissions when needed. Configure security groups to have the narrowest focus possible, and use reference security group IDs where possible.Amazon VPC lets administrators create a logically isolated network within the AWS cloud to launch servers in virtual networks. This is one way to protect the production environment from the development and staging environments and keep data separate.3. Protect the dataAnother common mistake is to leave data unencrypted on the cloud. RedLock’s CSI found that 82 percent of databases in the public cloud are not encrypted. Voter information and sensitive Pentagon files were exposed because the data was not encrypted and the servers were accessible to unauthorized parties. Storing sensitive data in the cloud without putting in place appropriate controls to prevent access to server and protecting the data is irresponsible and dangerous.Where possible, maintain control of the encryption keys. While it is possible to give cloud service providers access to the keys, bottom line, the responsibility of the data lies with the organization.“It’s like trusting your home renovator with the keys to your home,” said. Mark Hickman, COO at WinMagic. “You expect all will be well, but you can never be 100 percent certain if they’re locking the door or the character of their subcontractors. So why take that risk in giving them access to your keys in the first place?”Even when cloud providers offer encryption tools and management services, too many companies don’t implement it. Encryption is a fail-safe—even if a security configuration fails and the data falls into the hands of an unauthorized party, the data cannot be used.4. Secure the credentialsAs the OneLogin breach showed, it’s not uncommon for AWS access keys to be exposed. They can be exposed on their public websites, source code repositories, unprotected Kubernetes dashboards, and other such forums. Treat AWS access keys as the most sensitive crown jewels, and educate developers to avoid leaking such keys in public forumsCreate unique keys for each external service, and restrict access following the principle of least privilege. Make sure the keys don’t have broad permissions, as in the wrong hands, they can be used to access sensitive resources and data. Create IAM roles to assign specific privileges, such as making API calls.Make sure to regularly rotate the keys. RedLock found 63 percent of access keys were not rotated in over 90 days. This gives attackers time to intercept compromised keys and infiltrate cloud environments as privileged users. Don’t use the root user account, not even for administrative tasks. Use the root user to create a new user with assigned privileges. Lock down the root account (perhaps by adding multi-factor authentication) and use it only for very specific account and service management tasks. For everything else, provision users with the appropriate permissions.Check user accounts to find those which are not being used and disable them. If no one is using those accounts, there is no reason to give attackers potential paths to compromise.5. Security hygiene still mattersDefense-in-depth is particularly important when securing cloud environments because it ensures that even if one control fails, there are other security features keeping the application, network, and data safe.Multi-factor authentication (MFA) provides an extra layer of protection on top of the username and password, making it harder for attackers to break in. MFA should be enabled to restrict access to the management consoles, dashboards, and privileged accounts. Redlock found that 58 percent of root accounts do not have multi-factor authentication enabled. Threat Stack found that 62 percent of organizations had at least one AWS user without multi-factor authentication enabled.6. Improve visibilityMajor cloud providers all offer some level of logging tools, so make sure to turn on security logging and monitoring to see unauthorized access attempts and other issues. Amazon provides CloudTrail for auditing AWS environments, but too many organizations wind up not turning on this service. When enabled, CloudTrail maintains a history of all AWS API calls, including the identity of the API caller, the time of the call, the caller’s source IP address, the request parameters, and the response elements returned by the AWS service. It can also be used for change tracking, resource management, security analysis, and compliance audits.Don’t let mistakes result in a breachData breaches aren’t always caused by outside attackers; sensitive data can be exposed but human error, too. Mistakes–forgetting to turn on something or thinking something was done but not verifying it–can leave the door wide open for attackers. Organizations need to regularly assess the security of their cloud environments, and also that of their vendors, suppliers, and partners. As the Verizon breach showed, the third-party vendor’s mistake becomes the organization’s headache.The shared security model exists for a reason–no matter who is responsible for the security of the cloud workloads, the organization is ultimately responsible for what happens to their data. Next read this: The 5 cyber attacks you’re most likely to face Cybersecurity headhunter shares 10 secrets from Black Hat 2017 Why SSL/TLS attacks are on the rise The 10 Windows group policy settings you need to get right Why the scanners on VirusTotal flagged Hello World as harmful
Bank Customers Notified Of Compromised Accounts
By Ariana Cohen |
Posted: Tue 4:47 PM, Jul 23, 2013 |
Updated: Tue 6:13 PM, Jul 23, 2013
TOPEKA, Kan. (WIBW)-Customers of several Topeka banks are getting word their bank cards may have been compromised.
The customers were told they made the list because their card was used at a certain Topeka business.
Area bank officials and the Topeka Police Department will not confirm which business is the source of the potentially compromised accounts, however local bank customers tell 13 news they were told they were notified because they’d used their card at Lazy Toad Restaurant Sports Bar And Lounge at some point in the past several months.
CoreFirst Bank and Trust, Fidelity State Bank and Denison State Bank are among those confirming their customers were affected.
CoreFirst President Kurt Kuta says he was notified internally.
“Our own security software system detected some unusual actions taken place with some of our customers and those transactions were analyzed and we determined something was amiss,” said Kuta.
Kuta says the CoreFirst team immediately took action to protect customers.
“First thing is we shut down the cards. As you could imagine, that could cause a lot of heartburn for some of our customers,” says Kuta.
Other banks took similar action notifying customers with emails and phone calls. While authorities would not comment on how exactly the breach might have happened, Kuta has some recommendations to protect yourself.
“If they’re not signed up for internet banking at their institution I would encourage them to do that and on a frequent basis take a look at their account to see if there is anything unusual on there,” says Kuta.
Topeka Police Chief Ron Miller tells 13 news his agency continues to investigate. Banks declined to reveal how many customers were affected, though Kuta did say it was fewer than 500 at CoreFirst. 13 News reached out to representatives from Lazy Toad for a comment and calls were not returned.
EZVIZ Mini Trooper wireless indoor / outdoor security camera system review
Choosing from the vast selection of WiFi security cameras that are on the market can be daunting. We’re here to make your job harder by telling you about a brand that you may not be familiar with. The EZVIZ Mini Trooper is an affordable camera system that includes a completely wire-free camera. Let’s take a look.
What is it?
The EZVIZ Mini Trooper is a WiFi security camera that runs on batteries so it can be placed anywhere in or outside your home and does not need to be tethered to a power cable and does not require a cloud-based subscription service.
What’s in the box?
Mini Trooper Base StationMini Trooper Wire-Free indoor / outdoor cameraMagnetic baseHardwareEthernet cable4 CR123A BatteriesQuick start guide
Design and features
Mini Trooper camera
The EZVIZ Mini Trooper setup requires both a camera and the base station. Let’s check out the camera first.
The 720P camera reminds me of an egg in both shape and color. This camera can be used indoors or outdoors as it has an IP65 rating and can stand temps from as low as 14° F to as high as 131° F.
The front of the camera has the lens, a microphone, a photoresistor, LED indicator, and a PIR sensor which measures infrared light radiating from objects.
The bottom of the camera has a threaded socket in the battery cover which can be used to connect it to a tripod.
The cover opens to reveal the battery compartment which can hold 4 CR123A batteries. Interestingly enough, the camera can be used with just 2 batteries like you see above. Using all 4 batteries will result in the longest runtime of up to 9 months.
The Mini Trooper camera can sit on a flat surface or you can attach the included magnetic plate to mount it on a wall.
The Base Station
The Base Station is a hub that provides a dedicated connection for up to 6 EZVIZ cameras.
See also: Tend’s Minion Cam is a home security camera designed to do your bidding
If the EZVIZ Mini Trooper camera looks like an egg, I think the Mini Trooper Base Station looks like a bug.
The Base Station has built-in prongs so it can be plugged directly into an outlet. It also has an Ethernet port at the bottom and a reset switch on the side.
On the opposite side of the base station is a micro SD card slot which can be used to store video clips.
The Base Station’s “wings” are antennas that unfold to enhance the wireless signal between the cameras and the base station.
Setting up the EZVIZ system is pretty easy if you opt to plug the Base Station into your existing network router using the included Ethernet cable. You can also set up the system wirelessly, but it requires a little extra effort isn’t as straightforward.
All you really need to do is install the EZVIZ app on your iOS or Android device and follow the prompts that will tell you to plug the Base Station into the wall, load at least 2 batteries into the Mini Trooper camera, and place the camera within 300ft of the Base Station.
The EZVIZ application has a simple user interface that shows a live view of the camera with a battery indicator at the top and a timeline of detected activity at the bottom.
A messages screen shows thumbnails of events that were captured by the PIR sensor. Clicking a thumbnail will show the motion detection video if a micro SD card has been inserted into the slot in the Base Station.
Picture and video quality are decent given that the camera has 720P resolution with a 116 ° wide-angle lens and up to 25’ of night vision.
The EZVIZ Mini Trooper security camera system is really easy to use because it has a basic set of features. And that’s the problem with this system, it’s a bit too basic. It is missing some key features like the ability to manually turn off night vision, two-way audio communication, and the ability to set motion trigger areas.
See also: Epson Expression Home XP-430 Small-in-One review
At first, I noticed that the motion detection feature was very hit and miss. I could walk right past the camera waving my arms and it would not notify me of detecting motion. I finally realized it was because I was pointing the camera through a window and the camera’s PIR sensor will not work through glass. Placing the camera outside fixed that issue.
There are quite a few things to like about the EZVIZ Mini Trooper security camera system:
- Wireless camera that can be used indoors OR outdoors
- Does not require a cloud storage subscription
- Relatively easy to setup
But then there are things missing or lacking like:
- Motion trigger areas
- 24/7 recording to microSD card
- Night vision toggle
- Night vision is pretty weak
- Can’t detect motion through glass
If you’ve already used other security camera systems that have some of the features missing from the Mini Trooper, this system will leave you wanting more. However, the EZVIZ Mini Trooper security camera system does make a decent first-time security camera system because it’s relatively inexpensive, doesn’t require monthly payments, and is pretty easy to set up.
Source: The sample for this review was provided by EZVIZ. Please visit their site for more info and Amazon to order.
If you liked this story, be sure to read our other stories:
Product Information Price: $149.99 Manufacturer: EZVIZ Retailer: Amazon Pros:
- Easy to setup
- Completely wireless camera
- Does not require a cloud storage subscription
- Have to use a base station
- No motion trigger areas
- Can’t toggle night vision manually
- PIR sensor doesn’t detect motion through glass
Best home security camera: Keep an eye on the home front
Your message has been sent.
There was an error emailing this page.
By Michael Ansaldo
Freelance contributor, TechHive | Sep 27, 2017 7:47 AM PT
Table of Contents
Rent or own, you probably want to know the best security camera system for keeping an eye on your home while you’re gone. That used to entail signing on with a professional—and pricey—security service like ADT. But the boom in wireless and internet security is putting indoor and outdoor home surveillance into our own hands.
These close cousins of webcams require minimal installation and offer flexible setups and a range of security features. Indeed, the offers vary widely by camera, and navigating them all gets more daunting as this category grows ever more crowded. To help you find the best security camera for your needs, we outline the key features to consider and share the results of our testing. Whether you’re looking for an easy way to check on your kids and pets, or a full-service sentinel to monitor for intruders, we’ll help find the right product for your needs.
This roundup was updated on September 27, 2017 to add our review of the VTech VM5271 Expandable Digital Video Baby Monitor, which is our first recommendation in its category. We’ve also added our takes on the Ring Stick Up Cam, a companion to the Ring Video Doorbell line, and the much-improved Logitech Circle 2.
Best indoor security cam: Samsung SmartCam PT
Our favorite home security camera at this time is Samsung’s SmartCam PT. It’s a pan/tilt model with a 96-degree field of view—and that’s before you take into account the camera’s ability to pan its lens 350 degrees and tilt it on a 155-degree arc. This camera can also lock onto a moving body and track it across its field of view.
Samsung includes all the features you’d expect to find in a top-shelf security camera, including two-way audio, motion and sound alerts, and night vision. There’s also onboard storage in the form of a microSD card slot, so there are no subscription fees to deal with.
Runner-up indoor home security camera Reolink Keen
The Reolink Keen offers two features other security cameras don’t: First, it’s completely wireless—it operates on battery power—so you can place it virtually anywhere inside your home. Second, it comes with a discrete (as in not integrated into the camera) PIR (passive infrared) motion sensor that helps you better target the area you want to monitor.
Best outdoor home security camera
The outdoor security camera space is getting crowded quickly. Nest Labs brings its A game to the space with the Nest Cam Outdoor, a rugged yet stylish camera that doesn’t scream “you’re under surveillance!” like many of its competitors. It’s easy to install, with a magnetic mount that doesn’t need any screws to anchor it, and a USB power cable that can be detached from its AC power adapter, so you can thread it through a hole in your wall if you don’t have a weatherized power receptacle outside your house.
Runner-up outdoor home security camera
Netatmo’s outdoor home security camera costs more than most because it does double duty as a porch light (an outdoor LED floodlight, actually). It connects to your Wi-Fi network, but must be hardwired to your home’s electrical system. This is easy if you’ll be replacing an existing porch light (provided you don’t mind doing electrical work). The absence of subscription fees make the Presence less expensive in the long run, but it does cost quite a bit more up front than competing cameras.
Best all-in-one home monitor
All-in-one home monitors add a variety of environmental sensors, and often a local siren, to a home security camera. The best examples, like the LG Smart Security Wireless Camera, can also function as a smart home hub, thanks to the presence of a Z-Wave, ZigBee, or—one day—a Thread radio that can control other smart home products, such as your lights or thermostat. The LG system we picked as the best product in this class has a Z-Wave radio onboard, and you can add professional security monitoring from ADT to the package for $9.99 per month.
Runner-up all-in-one home monitor
The Canary Home Security System has a number of attractive features in addition to its high-quality camera. It can monitor your environment, like the LG model above, but it has weak hooks into broader smart home systems.
Best video baby monitor
Why waste your time with an audio-only baby monitor when you can put a camera in the nursery that lets you see as well as hear what’s happening with your little one. We’ve evaluated other products in this space, but the VTech VM5271 is the first one that warrants our recommendation.
What to look for when shopping
Most home security cameras perform the same basic functions—they detect an event, record the event, and send you an alert—but they don’t all perform them the same way. And some cameras have special features that go beyond those basics. Here are some common features you’ll encounter while shopping and why they’re important (we’ve listed them in alphabetical order). In each of the reviews that follow this buyers’ guide, we’ll discuss how each camera delivers on these features.
Alerts: Home security cameras push notifications to your smartphone when they detect events. Without watching the live feed all day, this is the only way to keep tabs on your home in relative real time. Depending on the camera, it may send text alerts when it detects motion, sound, a face (known or unrecognized), or all three. Some can send alerts to multiple people, usually anyone else in the household using that product’s app; others will send emails in addition to text messages as a failsafe in the event you can’t access your mobile device.
The Flir FX’s battery backup ensures the camera will continue to operate during a power outage.
Battery backup: Power outages happen, and clever burglars cut electricity before breaking into your home. When that happens, your camera goes dark and, if there’s a crime taking place, you lose all forensic evidence. For this reason, some cameras can also run for a short time on battery power. It’s a feature worth looking for.
Cloud recording: Many manufacturers offer cloud storage plans with their camera. With one of these, your recorded video is sent to a remote server and stored for a predetermined time— usually anywhere from 24 hours to a week—and then deleted to make space for new videos. Though sometimes free, these cloud plans usually require a monthly subscription, but are worth it both for their convenience and if you want a surveillance record during a vacation or other extended time away from home.
Environmental monitoring: This is the feature that sets all-in-one home monitors apart from strictly-security cameras. Though the home “vitals” that these units track vary by model—we’ve seen everything from motion to luminosity included in home health profiles—three tend to be ubiquitous:
- Temperature monitors for spikes and dips in indoor temperature and alerts you when it falls outside a range you define.
- Humidity tracks relative humidity inside your home. Humidity outside optimal levels—usually defined as between 30 and 50 percent—can contribute to problems such as static electricity, sinus irritation, and mold growth.
- Air quality tracks pollutants ranging from cooking odors to carbon monoxide. However, most monitors don’t identify the pollutant in their alerts, merely warning that the air quality is “abnormal.” Because of that, this feature should not be considered a substitute for potentially life-saving devices like smoke and carbon monoxide detectors.
The Netatmo Welcome supports facial recognition and can alert you when people it doesn’t recognize come within its field of view (our review).
Facial recognition: A few newer cameras are experimenting with facial recognition. This feature could more accurately be called “facial identification,” as in practice it’s much better at distinguishing a face from, say, a lamp, than it is at actually distinguishing between one person’s face from another’s. If you opt for a camera with this feature, know that it typically learns faces through increasing exposure to them, so be prepared to spend a lot of time in front of the lens.
Local storage: Some cameras include memory-card slots in lieu of, or in addition to, cloud storage, so you can store video right on the device. It’s an attractive feature as it can eliminate the cost of monthly storage fees. The downside (if there isn’t a cloud backup) is that if a crook steals your camera, he takes your forensic evidence with it.
Mobile app: Most of today’s home security camera’s are accessed primarily through a smartphone/tablet app. In addition to offering you a reliable way to view the camera’s live feed, it should offer plenty of options for customizing the way the camera performs. The ability to customize notifications, adjust motion and sound detection sensitivity, and set detection areas are some of the key features to look for. The app should also be intuitive and easy to master.
Any home security camera worth its salt will support motion detection.
Motion detection: Assuming you’re monitoring your home when it’s empty, motion detection is one of the most desirable features in a security camera. Built-in sensors pick up movement within the camera’s field of view and trigger video recording. Because these sensors are sensitive to any movement—event a shift in lighting or leaves blowing outside a window—it’s important the camera system also offer the ability to narrow the range of detection, adjust the sensor’s sensitivity, or otherwise customize this feature to cut down on false alerts.
Night vision: Most break-ins occur after dark, so this feature is nearly as important as motion detection. Technically, most home security cameras support infrared LED illumination, versus true night vision based on image intensification or thermal vision. Be that as it may, some camera’s will switch to night vision automatically in low-light conditions, while others allow you to customize when and how it should be activated.
Pan/Tilt/Swivel: Most security cameras—including all the ones in this guide—can be manually tilted and swiveled to focus on a certain viewing area, but this is a purely set-it-and-forget it feature. A true pan/tilt camera is equipped with a motor so that you can move its lens—or even follow a moving object if you’re watching a live feed—using its app or browser-based app.
The Nest Labs Nest Cam delivers higher-than-typical 1080p video resolution.
Resolution: No amount of security video will help you if it’s blurry, jittery, or otherwise distorted. Look for a camera that offers the highest possible resolution. Most currently offer 720p (often referred to as “high definition” or HD), but some newer cameras are coming out with 1080p (often referred to as “full HD”). Keep in mind higher-res cameras use more Internet and Wi-Fi bandwidth and battery life. Many cameras also offer a software zoom feature (which is not the same thing as having a physical zoom lens).
Scheduling: Scheduling features allow you to tell the camera to turn on and off, detect motion, and/or send alerts at specified times. This is useful when you, say, only want to be notified when your kids get home from school or just want to monitor your home when you’re away. It also reduces the amount of false alerts.
Security: There have been plenty of headlines about hackers compromising home cameras, baby monitors, and other Wi-Fi devices to spy on people, so be sure to check what steps has each manufacturer taken to eliminate this problem. Look for a camera that supports up-to-date wireless security protocols, such as WPA2, and make sure it encrypts Internet transmission of your your user name, your password, and the live feeds. Never install a security camera (or a router or any other device on your home network) without changing its default user ID and password.
Smart device integration: If you have a home full of smart devices, consider looking for a security camera or an all-in-one home monitor that includes a Z-Wave, ZigBee, or—eventually a Thread—radio that can connect them. Support for an automation service such as IFTTT or Stringify is also useful. This allows the camera or monitor to react to various scenarios, such as taking a picture when your Nest Protect detects smoke, or telling your Philips Hue smart bulb to turn on when unexpected sounds are detected.
Logitech’s Circle home-security camera features two-way audio.
Two-way audio: While the idea of a security camera implies eyes-on monitoring, the ability to also hear what’s going on gives you a more complete picture of what’s happening on the home front when you’re away. It can also alert you to something occurring out of the camera’s field of vision. This feature can also allow you to speak through the camera, a great tool for remotely commanding an unruly pet or startling an intruder in the act, but be aware that you might need to plug in a powered speaker for this feature to work.
Viewing angle: The camera’s field of view determines how much it can see. As you’re probably monitoring a single room, you want a wideviewing angle. Most current cameras fall in the 130-degree range. These wide angles can sometimes cause image distortion at the edges in the form of a fisheye effect, particularly when used in smaller rooms, but it’s not like you’re going to use a security to capture snapshots for your photo album.
Web client: Many cameras can be accessed through a web portal as well. This is useful for times when you don’t have access to your mobile device or a wireless connection. The web app should closely mirror its mobile counterpart, so you don’t need to learn a whole new set of controls.
Wireless range: One of the benefits wireless cameras offer is the ability to move them around your home. Ideally, your home security camera should be able to maintain a Wi-Fi connection no matter how far you move it from your router, even in a large home. Some cameras come with an ethernet port as well, so you have the option of hardwiring it to your local network. A camera that supports power-over-ethernet (PoE) eliminates the need for an AC adapter and relies on just one cable (but your router or switch will also need to support PoE. Another alternative would be to use a POE injector.)
Our home security camera reviews
You’ll find hands-on reviews of 10 of the latest home-security cameras attached to this buyers’ guide. We’ve improved our site navigation so that clicking on the product names below will take you directly to that review.
Alternatively, you can use the navigation menu at the top of the story, labeled ‘More Stories in this Series.’ If you’d like to read each review one after the other, use the arrows at the bottom of each page.
We will expand this collection of reviews over the coming months and will add new definitions and features to look for as they come up.
To comment on this article and other TechHive content, visit our Facebook page or our Twitter feed.
SmartCam PT is an excellent pan-and-tilt camera for monitoring pets and kids or keeping an eye on your home. Read the full review
- Motorized pan and tilt
- Auto tracking of people and objects
- Privacy mode
- Convoluted menus for recorded video
- More expensive than similar pan-and-tilt cameras
If you’re looking for a completely wireless security camera to cover a large area, the Reolink Keen is for you. Read the full review
- Batter power allows for more flexibility in placement
- Supports Full 1080p HD and motorized pan-and-tilt
- Separate motion sensor unit helps reduce false alerts
- Lack of cloud recording means an inturder can eliminate video evidence by taking your camera
- QR code scanning during setup can be problematic
- No audio detection
This is a great DIY outdoor security camera, particularly for homeowners who already have indoor Nest Cams. Read the full review
- Easy set up
- New advanced security features
- Magnetic mount requires no screws or drilling
- Pricey cloud subscription required to use advanced features
- No battery backup
- Magnetic mount might make it more attractive to thieves
The Netatmo Presence is an exceptionally good, easy to install outdoor security camera that can replace your porch light. Read the full review
- 1080p video resolution
- Powerful, dimmable floodlight
- No subscription fees
- IFTTT compatible
- Might not match your architectural aesthetic
- Operates only on 2.4GHz Wi-Fi networks
- Video is stored locally in the camera (there are back-up options)
Nest Cam doesn’t improve much on the Dropcam Pro, but it doesn’t need to. It’s an excellent camera if your serious about home security. Read the full review
- Sleek, sturdy construction
- Accurate motion detection
- Easy-to-use app
- Nest Aware subscription required to access most security features
- Sends alerts only once every 30 minutes
- Weak sound detection
The LG Smart Security camera is a great option for those who want affordable professional monitoring. Those interested in strictly DIY security should explore other options. Read the full review
- Great video quality
- Can connect with Z-Wave smart home products
- Can be used with ADT monitoring service (subscription plan)
- Can’t view or store recorded video without a paid subscription
- No free cloud storage option
This new and improved Full HD 180-Degree Wi-Fi Camera is among the best home security cameras available. Read the full review
- Wide-angle field of view
- Customizable motion and sound detection
- 1080p video
- No battery backup
- No cloud backup
The D-Link DCS-8200LH HD Pan & Tilt Wi-Fi Camera is a fantastic option for monitoring large spaces or tracking active kids and pets. Read the full review
The Honeywell Lyric C1 Wi-Fi Security Camera’s strong security features and intuitive apps will bring you maximum peace of mind with a minimum of fuss. Read the full review
- Can identify urgent sounds, such as smoke and carbon monoxide alarms
- Supports motion detection zones for more accurate alerts (two zones max)
- Stores surveillance video both locally and in the cloud
- Image quality is a little soft
- Video resolution limited to 720p
Don’t let the small size fool you. This camera delivers home security features on par with its bigger competitors. Read the full review
- 1080p video
- Can be connected to other smart home products via IFTTT
- Records video locally and to the cloud
- No audio detection
- Image has some fisheye distortion
The Logitech Circle 2 (wired) is an impressive upgrade of the original Circle camera. Read the full review
- Motion detection accurately recognizes humans
- Cutomizable motion zones allow for more accurate detection areas
- Event and alert fiters help you manage notifications
- Advanced features require premium cloud subscription
Canary is a strong home-security system with a few significant shortcomings. Read the full review
- Terrific price/performance ratio
- High-resolution camera
- Relatively sophisticated security features
- No battery backup or cellular failover
- Very limited integration with other connected-home systems
- No direct tie-in with other sensors in the home
- No cellular or battery backup
The Ring Stick Up Cam is a great companion to the Ring Video Doorbell. As a standalone outdoor camera, it may not be the best option for every user. Read the full review
- Customizable motion-detection zones
- Live stream includes intercom feature
- 720p video
- Narrow 80-degree field of view
- Can’t view surveillance video clips without cloud subscription
The VTech VM5271 Expandable Digital Video Baby Monitor is an easy-to-use extra set of eyes on your little one. Read the full review
- Allows you to monitor your baby and nursery environment
- Supports customizable alerts
- Includes a selection of lullabies and soothing sounds
- Image quality is noisy with a purprle color cast
Michael Ansaldo is a veteran consumer and small-business technology journalist. He contributes regularly to TechHive and writes the Max Productivity column for PCWorld.
Your message has been sent.
There was an error emailing this page.
Keep an eye on your home with the Annke 720p Wireless
Keep an eye on your home with the Annke 720p Wireless Security Camera for $40
Annke (98% positive customer feedback) via Amazon is offering its 720p Wireless Security Camera for $49.99, but if you checkout with code DCIM5QN8 the price drops to $39.99 shipped. That’s a $10 off the already low sale price and the lowest we’ve seen it offered at Amazon. Rated 3.8/5 stars by Amazon shoppers.
Annke 720p Wireless Security Camera features:
- Stunning 720P Video Resolution: The high performance camera brings great detail in everything it captures in 1280*720p.
- One-Touch Configuration: Get your camera connected to Wi-Fi or WPS via one touch and start video viewing in seconds.
- A Sweeping view with PT: With 0° – 355° pan and -20° – 90°, you’re free to get a sweeping view of your home and office.
- Clear Two-Way Audio: Build-in microphone and speakers allow you to talk to and hear from your loved ones remotely.
- Mobile Notification Alarm: Get instant alarm on your smartphone or tablet the moment unexpected movement is detected.
Wisconsin, Ohio, Minnesota among states targeted by Russian hackers in 2016 race
WASHINGTON (Reuters) – Wisconsin, Ohio, California and 10 other states said on Friday they were among 21 states that Russian government hackers targeted in an effort to sway the 2016 presidential election in favor of Donald Trump though no votes were changed.
The Department of Homeland Security confirmed it had notified the states of the activity but declined to identify them. Russia has denied election meddling, and President Trump has denied any collusion with Russia.
Alabama, Alaska, Colorado, Connecticut, Florida, Minnesota, Texas and Washington state also confirmed they were targeted by Russian hackers but said they were not successful. Arizona and Illinois confirmed last year that they were targets.
The Associated Press confirmed Iowa, Maryland, North Dakota, Pennsylvania, Delaware, Oregon, Oklahoma and Virginia were also targets, bringing the total states identified to 21. Those states did not immediately return messages seeking comment late Friday.
“There remains no evidence that the Russians altered one vote or changed one registration,” said Judd Choate, president of the U.S. National Association of State Election Directors.
Wisconsin Elections Commission Administrator Michael Haas said Homeland Security told the states that “Russian government cyber actors” targeted state voter registration systems.
Homeland Security officials have said that in most of the 21 states only preliminary activity was observed from hackers and a small number of networks were compromised. Some states had complained in June they had no idea if Russians had attempted to infiltrate their systems.
California Secretary of State Alex Padilla said Friday that hackers had scanned state election systems but not breached the system. “It is completely unacceptable that it has taken DHS over a year to inform our office of Russian scanning of our systems, despite our repeated requests for information,” he said.
Homeland Security spokesman Scott McConnell said in a statement the government believes “officials should be kept informed about cybersecurity risks to election infrastructure” but also wants to protect “the integrity of investigations and the confidentiality of system owners.”
U.S. intelligence agencies have concluded the Kremlin orchestrated an operation that included hacking and online propaganda intended to help Trump win, Reuters reported in August.
Senator Mark Warner, a Virginia Democrat who co-chairs the Senate Cybersecurity Caucus, said Friday in a statement it is “unacceptable that it took almost a year after the election to notify states that their elections systems were targeted.”
He said officials must inform states of attempts to enter election systems “just as any homeowner would expect the alarm company to inform them of all break-in attempts, even if the burglar doesn’t actually get inside the house.”
Colorado Secretary of State Wayne Williams said DHS told it that its systems were scanned in the weeks before the 2016 election. “A scan is similar to burglars jiggling the doors of a house and moving on when they realize the doors are locked,” the state said.
Washington state’s top election official, Kim Wyman, said the state learned in 2016 of attempted intrusions from Russian internet addresses and immediately alerted the Federal Bureau of Investigation.
The list of targets includes battleground states like Wisconsin, Ohio and Iowa, but other key states like Michigan said Friday they were told they were not targeted. It also included states that were not seriously contested like California and Texas.
Wisconsin was one of a handful of battleground Midwestern states that helped Trump win the presidency over Democratic rival Hillary Clinton. Trump carried the state by 22,748 votes, or about 0.8 of a percentage point. Many of the other states were not seriously in contention in the 2016 race.
Several congressional committees are investigating and special counsel Robert Mueller is leading a separate probe into the Russia matter, including whether Moscow colluded with the Trump campaign.
Election officials in 21 U.S. states were notified Friday by government officials that hackers had targeted their systems ahead of the 2016 presidential election.
The list includes Florida, Ohio, Pennsylvania, Virginia and Wisconsin, Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Illinois, Iowa, Maryland, Minnesota, North Dakota, Oklahoma, Oregon, Texas and Washington, according to The Associated Press.
Election officials were informed about a year after the U.S. Department of Homeland Security (DHS) first announced states were targets of hacking efforts possibly connected to Russia. However, election systems in only a handful of states, including Illinois, were actually breached.
“It is completely unacceptable that it has taken DHS over a year to inform our office of Russian scanning of our systems, despite our repeated requests for information,” California Secretary of State Alex Padilla, a Democrat, said in a statement to The Associated Press. “The practice of withholding critical information from elections officials is a detriment to the security of our elections and our democracy.”
Being a target of hacking attempts doesn’t mean sensitive voter data was manipulated or election results were changed. A hacker targeting a computer system without getting inside is akin to a burglar circling a home, checking for any unlocked doors and windows, according to the AP.
Federal officials said the targeting in most of the 21 states was just preliminary activity, such as voter registration systems. Officials said there were attempts to compromise networks in some states but most were not successful, the AP reported.
DHS acknowledged that state and local officials should be kept in the know about cybersecurity threats to election systems.
“We are working with them to refine our processes for sharing this information while protecting the integrity of investigations and the confidentiality of system owners,” the department said in a statement obtained by The Associated Press.
The government did not say who was behind the hacking efforts or provide details about what had been sought. But election officials in several states told the AP the attempts were linked to Russia.
For instance, the Wisconsin Election Commission said its systems were targeted by “Russian government cyber actors.” And Alaska Elections Division Director Josie Bahnke said computers in Russia were scanning the state’s election systems searching for vulnerabilities.
Sen. Mark Warner, D-Va., vice chairman of the Senate Select Committee on Intelligence, said in a statement Friday that it was “unacceptable” that DHS officials waited to notify states about the targeting.
“While I understand that DHS detects thousands of attempted cyberattacks daily, I expect the top election officials of each state to be made aware of all such attempted intrusions, successful or not, so that they can strengthen their defenses — just as any homeowner would expect the alarm company to inform them of all break-in attempts, even if the burglar doesn’t actually get inside the house,” he said.
This disclosure comes as a special counsel investigates whether associates of President Trump could have colluded with Russia during the 2016 presidential campaign.
Trump, a Republican who defeated Democratic rival Hillary Clinton in the Nov. 8 vote, has called the Russia story a “hoax.” He said Russian President Vladimir Putin “vehemently denied” the American intelligence community’s conclusion that Russia was behind the massive alleged hacking of political organizations and individuals during the U.S. presidential race.