Mind your Zones with ZoneMinder

A necessary component to any good cybersecurity program is physical security. Being able to monitor the physical footprint of your facility is important to the integrity of your network and hardware environment. However, some closed-source or otherwise proprietary camera monitoring programs are expensive, clunky, not user-friendly, and sometimes a mix of all three. Even worse, security camera monitoring systems might charge per camera, quickly getting out of hand in terms of cost for larger facilities or those which need a lot of camera coverage. To avoid the hassle we faced with our previous use of a closed-source, Windows-only monitoring system, we switched some time ago to ZoneMinder.

Why Zoneminder?

Being FOSS fanatics, Justin and I wanted a CCTV program that would run easily on Ubuntu Server. We were also switching away from a Windows-only program that charged us per camera, making it a financial hassle to cover additional sectors of our facility. With ZoneMinder, we can add as many cameras as we want without having to spend more money on top of buying a good camera. ZoneMinder also does not take a long time to set up, as long as you follow "The Easy Way" setup instructions.

We also tried Shinobi but had no shortage of issues with it--namely, the UI isn't as mature as ZoneMinder's, and we couldn't coax it into recording events properly. ZoneMinder is much easier to set up to record just how you want it to.

Desktop Support for Linux and Windows

Having good desktop support is also important for any CCTV program, and ZoneMinder has it in the form a project called zmNinja. It runs fine & dandy on Windows as well as Linux, and it's a good alternative to the montage view offered in ZoneMinder's web UI. Windows setup is nothing more than running the executable and plugging in your server info. In Linux desktop environments,  you'll first need to go into the AppImage properties (or chroot) and allow execution of the file as a program. After that, you'll plug in your server info. It does freeze up occasionally on most of the desktops I've run it on, but pressing Ctrl+R to reload does the trick. 

Tips & Tricks for Smooth Operation

I've set up ZoneMinder a few times over the years now and have documented a few things to make the setup easier and the operation more reliable. 

For easy setup and maintenance:

• Follow the easy way to set up ZoneMinder! This way, most of the setup will be done for you during the installation process. On one of the first setups I did, I used nginx instead of Apache, and it did nothing but complicate the setup process, and ultimately led to reliability/functionality issues. Just go with the recommended LAMP stack and save yourself future headaches and panics.
  
• If you set the timezone on the web UI, set it on the server as well to prevent timezone conflicts on the frontend. If Apache detects a different timezone than what is set on the server itself, it will break image previews and viewable feeds.
• Use authentication to prevent unauthorized access to your video feeds. This is common sense, but you probably don't want every Tom, Dick, Harry, and Sally accessing all of your camera feeds. ZoneMinder makes it easy to set up new users with different permissions, so you can grant as much or as little access to others depending on what they need.

For smooth and reliable operation:

• Make sure your server hardware is adequate. I would recommend one processor socket for every 10-12 cameras you plan to monitor at a medium resolution (1280x960). Memory is less crucial--we loaded our server with 64GB of RAM but it normally operates at around 5% utilization for 20 cameras.
  
• Set up and enforce https for secure access only. Digital Ocean has a guide on securing Apache with Let's Encrypt, but you'll want to be sure to edit /etc/apache2/sites-available/default-ssl.conf and /etc/apache2/sites-available/000-default.conf to include your server name and alias before running any certbot commands.
• Monitor storage in use via the web UI so you know when you might need to add more disk space or purge old recordings.
• Take time to get to know all of the features of the web UI and write your own documentation if you plan to grant access to multiple users.
  

ZoneMinder is our CCTV setup of choice for its ease of setup, user-friendly web UI for finding and viewing events, and for costing us nothing but our own time to setup and monitor. It's earned its spot in our environment for helping us easily track down and trace physical security events... plus its user-friendliness has allowed us to give access to others concerned with the physical security and safety of our facility so reviewing footage doesn't fall solely to us in IT. You can pretty much set it and forget it, and let ZoneMinder mind your zones so you can have some peace of mind and sleep at night knowing that ZoneMinder will be there watching your facility for you.