Static V Dynamic Ip Using Adpro

[monkeyb]

Hello,

Does anyone know of a solution for connecting to an Adpro fast trace with a site using a dynamic ip.

Current ISP contact does not run out for a long time and client does not want to upgrade adsl of pay for new line.

I know DYNDNS points a host name to a dynamic ip, but VCentral does not allow you to enter hostnames, only ip.

Much appreciated

Monkey

[DannyTheTech]

Hello,

Does anyone know of a solution for connecting to an Adpro fast trace with a site using a dynamic ip.

Current ISP contact does not run out for a long time and client does not want to upgrade adsl of pay for new line.

I know DYNDNS points a host name to a dynamic ip, but VCentral does not allow you to enter hostnames, only ip.

Much appreciated

Monkey

Hi Monkey,

Currently there is no "workable" solution to Dynamic IP addressing a Fastrace. The usual method (this is for monitoring only) would be to set up a VPN and connect to a local PC which has Access to the Fastrace on site, However this isnt the "cleanest" way of doing things but would provide a soloution for your customer. But bare in mind that this will not work for Alarm reporting (as the system will still need to dial out to a static IP address).

,

Danny

[monkeyb]

Hi Monkey,

Currently there is no "workable" solution to Dynamic IP addressing a Fastrace. The usual method (this is for monitoring only) would be to set up a VPN and connect to a local PC which has Access to the Fastrace on site, However this isnt the "cleanest" way of doing things but would provide a soloution for your customer. But bare in mind that this will not work for Alarm reporting (as the system will still need to dial out to a static IP address).

,

Danny

Thanks Danny,

Is there anything in the pipe line from you guys to get around this problem? It must crop up alot !

Surely VCentral could have the abilty to enter a host adrress so that programs like Dyndyns could work.

I would only use VPN's as a last resort ie more than one FT onsite or other network issues. VPN's tend to be slower than an external ip connect and have a tendacey to drop quite a bit. And then you relying on the IT dept to up the VPN(possible at borth ends) and most of the time its left to the cs operator!(if the relize its down) But at time it is the only solution.

Regards

Monkey

[DannyTheTech]

Thanks Danny,

Is there anything in the pipe line from you guys to get around this problem? It must crop up alot !

Surely VCentral could have the abilty to enter a host adrress so that programs like Dyndyns could work.

I would only use VPN's as a last resort ie more than one FT onsite or other network issues. VPN's tend to be slower than an external ip connect and have a tendacey to drop quite a bit. And then you relying on the IT dept to up the VPN(possible at borth ends) and most of the time its left to the cs operator!(if the relize its down) But at time it is the only solution.

Regards

Monkey

No worries,

Ill be honest that while its been mentioned (by both us in UK support to the development team in OZ and by customers) it doesnt really come up that much as we specify that the we require at least one static IP address and preferbly a dedicated ADSL connection as part of out operating requirements, as after all this is your main link for your building security (i wont get started on this rant as we may be here some time).

Unfortunately altering VC not straight forward as it may seem, as the VC architecture is based around Static IP addressing and therefore would require an entire re-write of the software. However saying that there are a lot of developments in the pipeline currently so keep an eye on it

I agree with the VPN side of things as its: a. Not the most stable of access b. you are in the hands of the IT guys of the company c. only suitable for monitoring not alarm receiving. However it does offer a solution for these rarer cases.

.

AT1

[james.wilson]

You could setup a linux box or a proper router to port forward from x.x.x.x to a url if really needed, but it would be cheaper to have a static ip. Also using ddns or urls, require the relevant name server to be up, if it isnt you wont get any comms. Not ideal, anyone then could reprogram the router and redirect the adpro away from the arc.

James

[DannyTheTech]

You could setup a linux box or a proper router to port forward from x.x.x.x to a url if really needed, but it would be cheaper to have a static ip. Also using ddns or urls, require the relevant name server to be up, if it isnt you wont get any comms. Not ideal, anyone then could reprogram the router and redirect the adpro away from the arc.

James

Hi James,

You could do this but this is getting into the grey area of system security, as a standard the weakest point of any transmission system is the communications to the outside world (the area that you cant control). So therefore the use of PSTN, ISDN and leased lines were/are the securest options (baring physical attack). With the advent of ADSL communications you are affectively transmitting your data over a unsecured public space (i know about firewalls and encryption etc). So to trust this data to an "open" network would be very inadvisable and you would in no way get any High security sites (MOD, Prisons, infrastructures etc.) to agree with such comms methods. Bottom line is that we are installing security systems and the entire system from point to point should be as secure as possible.

*Rant Over*

,

AT1

[james.wilson]

agreed and for those you would need a leased line, but i was refereing to a way around static addressing for normal sites.

[DannyTheTech]

agreed and for those you would need a leased line, but i was refereing to a way around static addressing for normal sites.

The only current way would be the use of a VPN. (however we (ADPRO) wouldn't advise it as an alarm solution as it wouldn't work correctly.

The point i was making above is the fact the as an industry we are promoting security, therefore why should there be any difference between the high end sites and "normal" sites when i comes to system security? I of course understand the cost implications regarding high end kit. But the the Attitude that somehow the system security/reliability isn't as important because its not a "high end" system baffles me. Its almost as if equipment is being installed and half expecting that it might fail when its needed.

(redbull, im not having a pop at you or anyone but this is the stuff that i come up against everyday and it currently one of my pet peeves).

AT1

[james.wilson]

AT1 not taking it as a pop mate dont worry.

But leased line are private ip links from point to point. More secure than isdn.

I see what your saying about vpn but if you had a fallover (even pstn) then hardware vpn routers would be just as stable as normal routers.

I do see there is a difference as it depends on the site. A prison, child care centre etc would need more care over the hacking of images (ie from the internet) than say an industrial estate. But wth correcnt encrption then i dont see why it cant go over the internet. Modern 256 bit encrption is more secure than most none ssl based vpn's and come are more secure than https. Thats good enough for the worlds banks etc and credit card info, yet your saying its not good enough for images?

James

[DannyTheTech]

AT1 not taking it as a pop mate dont worry.

But leased line are private ip links from point to point. More secure than isdn.

I see what your saying about vpn but if you had a fallover (even pstn) then hardware vpn routers would be just as stable as normal routers.

I do see there is a difference as it depends on the site. A prison, child care centre etc would need more care over the hacking of images (ie from the internet) than say an industrial estate. But wth correcnt encrption then i dont see why it cant go over the internet. Modern 256 bit encryption is more secure than most none ssl based vpn's and come are more secure than https. Thats good enough for the worlds banks etc and credit card info, yet your saying its not good enough for images?

James

My only points with VPN is that they are "usually" in the IT domain and therefore maintained by the IT department, i can honestly say that we get 2-3 calls a week from customers who say they have lost connectivity, only to find that the IT department has disabled the connection. This is ok if its just the manager who wants to have a dial in as look around as its not going to be end of the world. But if its being used as a security measure then this could potentially be a major problem. Therefore if you install a system and you are responsible for the operation and upkeep why would you leave something that is critical to the systems operation with someone who doesn't understand the product. Of course is you are installing the PC's and network and are responsible for it then there shouldn't a problem.

With ADSL, i Agree that with current IP encryption and also the fact that most systems run with there own encryption algorithms that the chance of actually obtaining viewable images from a hacked source is very unlikely, ADPRO of course promotes the use of ADSL transmission, but my concern is the attitude of quite a few installers out there that IP based system are "plug and Play" and the implementation of IP security is non existent. Unfortunately these installers are getting more and more "normal" jobs (i get more and more calls from guys who have won jobs on price alone, but wouldn't know a router if walked up and introduced itself to them!) and in now seems to be the norm that systems are being installed in an "it works now so it should be ok" fashion. I know that these guys have existed for years (as they do in any industry) but when system were entirely "closed circuit" problems were quickly discovered. I think what im really getting at is that while there isn't a standard that entirely covers the IP monitoring of cctv (allot touch on it) systems should be installed in the same manor of a High end job no matter who the customer.

.

AT1