IPconfigure New Release Claims 'Most Secure' VMS

By: Brian Karas, Published on Mar 09, 2016

The latest release of IPConfigure's Orchid VMS server makes bold claims about being the "most secure" VMS.

In this brief update we take a look at what IPConfigure has added and how it will impact a typical user.

*** ****** ******* ** IPConfigure's ****** *** ****** makes **** ****** ***** being *** "**** ******" VMS.

** **** ***** ****** we **** * **** at **** *********** *** added *** *** ** will ****** * ******* user.

[***************]

Overview ** *********** ****** ***

****** ** * ******* ***** VMS ******** **** ** Windows ****** **********, ** there ** **** **** *****. Orchid **** ****** ** "mobile *****" ** *******, not ********* ********** ******** or ********.  ****** **** is ******** ** ******* installations (** ******* ** less). ************, *********** ****** Orchid ****** ***** ** a *****-******, ****** *******.

"Most ******" ******

***********'**.* **************** **** ******* *** Orchid, ***** ***** **** other ******* **** **** makes ****** "*** **** ****** *** efficient *** ******** *********."

What ** ****?

****** ******* ** *** in **** ** ** a ***** ********* ********, but **** ** ***** security **************/********** ********* (*** S ** ****).  **** is ********** ******* ** for ** *******, *** it *** **** ******** heavily *** **** *** other *********.  

SRTP ** *****

*** **** ****** *** to ****** ******* ** video ************ ******* *** been ********* **** ***** (see ********** ***** ** ********* RTSP/RTP ****** *****).

**** ** ******* ** HTTPS ** **** ** can ******* * ************** stream ******* * *******, but ** *** ***** benefit *** ****-********* ******* (such ** ***** ** video) ** ********* ***** lower ******* *** **** overhead **** *****, ****** it ** *** ***** how *********** **** ***** be ** ******** *** could *********** ******** *** gains.

SRTP **** ** ** ****

**** ******* ** ** cameras ********* ***** ** rare ** ****. ** know ** ** ********, IPConfigure **** **** **** Cisco ******* ***** *** a *** ********* ******* list ** ** ***** specification ******. ******* ** this **** ** ****** support, *********** ** *** supporting **** **** ****** to ******.

Server ** ****** ****

***********'* "**** ******" ****** only ***** ** *** ServerClient **************.  ***** ** no ******* ** ******** around *** ******->****** **** stream, *** ************* *** camera ***** **** ** an ****** ****** **** the *** ** ****** to ******* ******* ** replaced ****** ******* *** Orchid ******** ************ ** this ******* ********* *** notification.

Secure ********* **** *********

**** **** ******** ****** ********* and *********** ** ********** to ******* ********* ********* from ***** ******* ** clients. **** ** *** available **** *****. *******, multicast ** ****** ******** ** smaller *********** *** ** not ******* **** ** ****** ones, ****** **** **** limited *************.

Certificate ******* *** ** *******

******* ** *** ****** security *** *****/**** ******** certificate **********, ******* *** installation.  *** ********* *** perform ***** ***** ** their ***, ** *********** can ******* **** ** a ****-*** ******* *** $500/server. 

Impact ****** ** ** *******

************** ******** ** (***) slowly ******* ********* ** the ******** ******, *** while ***** *** ****** to **** ***** ********, it ***** ***** ** rank ******** *** ** the ******** *****. ********* most ****** ** ***** security ****** *** ** organizations **** **** ********* feature / ******** *****, outside ** ******'* ************.  We ** *** ********** ***** security ************ ** **** a ***** ****** ****** overall *** ***** **** IPConfigure *** **** **** end, ******** ********* *****. 

Comments (7)

Setting up web server security for HTTPS/SRTP requires certificate generation, signing and installation. The installer can perform these steps on their own, or IPConfigure can provide this as a turn-key service for $500/server.

I'm not sure how that reconciles with this answer given here:

As a design decision, Orchid does not support self-signed certificates without a CA.

I was trying to not get bogged down in minor details on this post.

I didn't mean to imply that you could self-sign your cert, just that you can create a cert/signing request on your own, get it signed, and install the cert all without having to pay IPConfigure $500.

I was trying to not get bogged down in minor details on this post.

I appreciate that. No worries:)

The thing is that since this is aimed at small installations, the added cost of someone having to register and renew a yearly CA is non-trivial.

Verisign is at least a couple hundred a year.

What does an 8-user Orchid Core license cost?

Unless, I'm misunderstand Dr. Tompkins, to use the secure VMS, you need to

  1. Already have a trusted cert
  2. Buy one from them for $500
  3. Get one from someone else $$ ?

Though I may be misunderstanding. What is your interpretation?

UD1,

You can use Orchid out of the box in its unencrypted mode. If you want to enable encrypted mode and you elect to configure this yourself, you need to:

  1. Generate a private key on your Orchid server.
  2. Buy a TLS/SSL certificate. Certificates signed by a "big name" root CA and accepted in all modern browsers can be had for less than $50/yr.
  3. Put your private key and certificate files in a directory, edit a text file, restart Orchid.

As long as an integrator or end-user is even passingly technical, this is an easy and well-documented process.

Our $500 service offering is designed for those who are willing to pay for a completely turn-key configuration solution.

With respect to cost, Orchid is licensed on a per-camera basis ($69 MSRP); there is no restriction on the number of users.

UD1,

Both of those points are consistent. In the first, I meant that an integrator/end-user could purchase a normal TLS certificate from the likes of Digicert, Thawte, Symantec, etc. and install that certificate themselves without paying the $500 for our turn-key certificate installation service.

In the second point, I meant that our SRTP client will reject all self-signed certificates unless you are acting as your own Certificate Authority and configure all of your clients to accept your own root CA.

Best,
Cort Tompkins
VP Engineering, IPConfigure

Legitimate TLS/SSL certificates recognized by all major browsers can now be had for free: https://letsencrypt.org/

Update: Genetec reports that their most recent 5.4 Security Center release supports SRTP from server to clients.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

No Genetec Major Releases In Over A Year on Feb 06, 2019
Annual VMS licenses are a controversial practice in the video surveillance industry, with many questioning their need or value. However, enterprise...
Exacq Raises VMS Software Pricing Twice in Less Than a Year on Feb 18, 2019
Most VMSes regularly release new features, but rarely increase their prices. For the 3rd time in 4 years, and 2nd time in 8 months, since being...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Bluecherry Open Sources Entire VMS on May 13, 2019
Bluecherry announced they have "released the entire Bluecherry software application open source with a GPL license". We spoke to Bluecherry's...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Vivotek Trend Micro Cyber Security Camera App Tested on Jul 22, 2019
Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras. This new...
Razberi Technologies Company Profile on Aug 06, 2019
Razberi says they have doubled their revenue in the first half of 2019, citing their proprietary camera hardening and cybersecurity capabilities...
CheckMySystems Company Profile on Aug 14, 2019
CheckMySystems says that too many users respond, "I get an email when something is wrong" when talking about their video system maintenance plan,...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...

Most Recent Industry Reports

IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...
ISC West 2020 Removes China Pavilion, No Plans To Cancel Or Postpone on Feb 17, 2020
ISC West plans to go on next month, amidst concerns over coronavirus. However, the Asia / China Pavilion has been removed, show organizers...
Hanwha Wisenet X Plus PTRZ Tested on Feb 14, 2020
Hanwha has released their PTRZ camera, the Wisenet X Plus XNV-6081Z, claiming the "modular design allows for easy installation". We bought and...
IPVM Conference 2020 on Feb 13, 2020
IPVM is excited to announce our 2020 conference. This is the first and only industry event that will be 100% sponsor-free. Like IPVM online, the...
Bosch Dropping Dahua on Feb 13, 2020
Bosch has confirmed to IPVM that it is in the process of dropping Dahua, over the next year, as both IP camera contract manufacturer and recorder...
BluB0X Alleges Lenel, S2, Software House Are Dinosaurs on Feb 13, 2020
BluB0X is running an ad campaign labeling Lenel, S2, Software House, Honeywell, AMAG and more as dinosaurs: In a follow-up email to IPVM,...
London Live Police Face Recognition Visited on Feb 13, 2020
London police have officially begun using live facial recognition in select areas of the UK capital, sparking significant controversy. IPVM...
Converged vs Dedicated Networks For Surveillance Tutorial on Feb 12, 2020
Use the existing network or deploy a new one? This is a critical choice in designing video surveillance systems. Though 'convergence' was a big...