sixwheeledbeast

If there all fitted to the same standard and specification, surely this would only need doing once for each model/firmware? Again I would expect the manufacturer to have had this done externally. I also agree with PJ about 1 and 2 being hard to implement on some networks. Point 3 should be done as standard for anyone with knowledge of setting up firewalls, however, someone with a network background would understand this in more depth than an alarm monkey.

What alternative solutions would you recommend?

That's fair comment. From and installer POV we expect the DVR to be secure. I can understand why many are not, look at shellshock for example, These CVE's will never be updated in older DVR units. I wouldn't be surprised if most DVR's sold today are running outdated linux kernels or suffer from known exploits. The issue is as you say, the run of the mill engineer is bearly capable of punching some holes in the firewall and installing the client. This is where the manufacturers should step up IMO. After all you say about layers, you can put the DVR on a VLAN to protect the site but what about the private images stored on the DVR? Ultimately the installer would be responsible if anything did happen.

This also interests me from an installer POV too. I wanted to split this out to keep the other thread on topic. Do you find a large number of DVR's provide an attack route on to the network? Basic or Enterprise kit? Any models you can use as an example? Do you feel it's up to the manufactures to design them better or the installers to have them VLAN'd? etc...

If it's not been serviced then it's not on contract. Therefore, you will be at the bottom of there todo list for today.

Texecom Registered installer.

I am not trying to put you off but when flashing it's critical that it goes well or you will brick your panel. If you save a few quid but you brick a panel it's not a good cost saving exercise. Also the flasher has been the same for years, even the older less powerful panels had the same flasher separate. I can only speculate the reasons for this, maybe security or cost are some of the factors.

I second that. The programming port is for flashing only.

Pete I have reported it. Will have to wait for an Admin to appear, Mods only make Tea and sweep up...

Would facilitate more cowboy jobs IMO.

A now blunt 4.5mm HSS bit makes a tidy job of that if I need to.

Yep. No but it's new. Really? Was that the side by side catastrophic failure test?

If it works? Plenty of Racal's, pad's and foil knocking about on maintenance here. Talking of blast from the past check out this playlist...

3.77 It still not clear, but they seem to be all the same hardware. You can buy spare units and program them to be whatever grade you need. Completely agree.

I guess it depends on what your calling CS2300-R. Take your ebay example this shows a "CS2300-R" but the product part number is CS2412. It doesn't seem easy to tell which products your vulnerabilities relate to from these CS numbers.

They are powered from a common supply and fuse anyway.

Err, well unless on engineer reset, no.

Have you reset the system? It's possible the battery charging circuit is faulty or has a blown fuse.

The negative posts are obviously from individual experience. To each there own, not one panel will suit all installers for one reason or another. Some of the positives you mention are negatives for others.

I assumed standard practice for CR's. After a number of 18-23 month failures you realise it's not worth testing them.

It's 20 years old and most likely never been serviced in years get the system decommissioned or upgraded.

A shed full of servers will do then?

This is a fair point who wires plug tops to there new goods any more. The difference I suppose is isolation and competence, plugged in equipment can be isolated easily and without being competent. Arguments aside did you not get your answers to your three questions in post 2?

0.75mm flex is rated to 6A.

So you reading PM's now or not