New ONVIF Profile Q Aims To Change Discovery and Default Passwords

Author: John Honovich, Published on Jan 13, 2015

ONVIF is gearing up to release a new profile, called Q.

They market it as providing "quick configuration and installation, providing innate discoverability and reliable device monitoring and event management capabilities."

However,

  • How is Profile Q different than the current Profile S?
  • What are the big changes / additions in Profile Q?
  • How will requirements in discovery and default passwords impact manufacturers and systems?

Inside, we answer these questions based on a discussion with the engineers contributing to this upcoming Profile.

***** ** ******* ** ** ******* * *** *******, ****** Q.

**** ****** ** ***********"***** ************* *** ************, ********* ****** *************** *** ******** ****** monitoring *** ***** ********** ************."

*******,

  • *** ** ******* * ********* **** *** ******* ******* *?
  • **** *** *** *** ******* / ********* ** ******* *?
  • *** **** ************ ** ********* *** ******* ********* ****** ************* and *******?

******, ** ****** ***** ********* ***** ** * ********** **** the ********* ************ ** **** ******** *******.

[***************]

Profile * ** ******* * *** *

******* * ** *** *** *********** ** ******* * (*********) and * (*********). *** ***** ************* **** ******* * *** we ***** ****** **** ***** ****** **** ******** * ** also ******* *.

* ** ******** ******* ** *** *********, ************ *** **********. It **** *** ******* *********, ****** *************, ****** *********, ***, i/o, ***. *** ** **** ******* ** ******* *. ** that ***, ******* * ** ****** ******* ** ** ** enhancement ** ******* *.

*** ***** *** **** ** **** *** ****** ****, ********** * ******* ********* *.* ************* ** ********* ****. ** **** ******* *** *** ******** *****.

Requires ********

*****, ** ****** ************* ****** **** * **** ******* ** ways ** ** **********, **** ********* ********* ********* *** **** some **** *** * ***** ** *******. ******* ** ****, it *** ** ********* ** ********* **** ********* ******* ***, at *****, ******** *** *** ** ********* / **** *** each ************ **** ***** ***** ********** ** ******* *******.

******* * **** *** ******* ********** ******* ** ******* **********, aka**** ************* **********, ***** ** **** ***** *** ********* * ***.*.*.* ******* if * ******* ******* *** *** ** ******** ** * DHCP ******.

** **** ************* ***** ******* *, *** *** ******* *** the **** ********* ********, ** ****** ******** *** ******** *** probability ** ******* *** ** ******* / ******* ** * local *******. *******, ** ************* ********* *** * ********* ********, it ***** ******* **** ** ****** ** ** ****** **** Profile *.

Requires ** ******* ********

**** ** ******* ***** **** ****-***** ******* ** *********, *.*., admin/admin ** *****/****, ***. (*** ***** ****** ******* ******** *********).

******* * ******** *********** ****. **** ******* *, * ****** will *** **** *** ******* ******** *** **** *** ***** connects, ** * ******* *****, *** *** **** ******** ** setup * ********. *** ***** ******** **** ****, **** ** how **** ** ** (***: ** ****** ********* - ****, *****, *******).

***** **** ************* ***** **** * ******* ********, **** ***** require **** ** ****** ***** *********** ******** ********.

***** ** **** ****** ***** ****** *********, ***** ***** **** this **** ******** ******** ***** ** ** ********* **** ******** in *** ******* ******** *** ******* **** ******.

Other ******* * ******* ************

*** ***** *** **** *** ******** ********* *******. ***** *** a *** ***** ************ / ******** ***** ******:

  • **** ***** ********** ************ **** ** ********* *****, **** ** last ***** *** **** ****** *** **** **** ***************.
  • ********** *********** ** **** *************** ***** *** ****** ************ ******.
  • **** *** ******** *** **** ***, ******* * **** ******* restricts **** **** ****** *** **** ******* ** ****** ******** / ********.

Impact ** ***** ******* *

*** *** *** ******** ** ******* * ***** ******* * notable **** ****** ** ***** ** *******. *******, **** **** require ************* ****** **** ******* * ***, ** ***** **, changing **** ** ***** ***** **********.

** ****** ******* * ** ** ******** ****** *** *** of **** *** ** **** * *** ***** *** ******** to ******.

 

Comments (15)

**** ******* *, * ****** **** *** **** *** ******* password *** **** *** ***** ********, ** * ******* *****, you *** **** ******** ** ***** * ********.

****.*'** **** **** ** ******** ** ****.

** ****,

**** * ******** *** * *** *****:

********: "********** *********** ** **** *************** ***** *** ****** ************ issues." - *** *** ******* ***** *********** ** ****** ** have *** **, ** *********** ** *** ****-****** (**** ** not ** ******* ** **** **************), ** ********* ****?

*****: **** ***** *****-******* **** *** ***** * ***** ********** period, *** ******* ** **** (*) ***** ****-**** ****** ** releases ******/****** *** (*) ***** ******** ** ****** ********* *********** by *** ******* ****** ********* ******, ***** ** * **** probability **** ***** **** ** ******* **** ******** ******* * conformance ** *** *** ** **** ******.

*****: *****-***** ********* ** **** ** ********** **** ** ******* S, *** ******* * ******** ** ** ** ****** ** by ******* *** ***** **-****** "**** ******* *****". ** ********** with ****/********, ***** ****** *** ******** ******** *** *** ******* and ***** ** ** **** *** ****** ** **********

*****: *** ******* ******** **** ************ **** **** ** *** VMS - **** ** *** **** *** *********** ******* (** all ******** ** ******* * ****** ** ******* **-*****). ****** that *** *** ************ *** **** *** ***** ******* ******, but ***** **************/*********.

* **** * ********, ** ***** ************ ******? ** ****, for *******, ******* *** ********? * **** **** * *** but ** **** **** ** ** **** **** ** ***** already ** ***** *** *******. ** ***** ** **** **** you ****** ** * **** ***** ***** *** ******* ********* manufacturers ******* *********** ** **** **** *** ******* ******* *** configuration, ******** *******, ******* ** ****, ***. ** **** **** profile **** * *** *******.

** ***** ************ ******?

*** ***** ****** ** ***.

**** ******: ** ** ****** ** * ***** ***** ** active ******* (***** ** ********* - ** *** **** **** most ** ***** *****, *** **** **** *** **** *****), and ********* ******* ** *** **** *** ************ ******* (***** 50 *********). ******* *** ** ***** ** ***** ****, ** rules ** ********** *** ** ************** *********.

********* ******** *** *** "***.***.***.***" ********** *****. **** ********* **** *****. *** "***.***.***.***" ** ****** "****-*****" *** ** the ****-******** ******* *** *** **** ** **** ****** ** availablea *** *** ***'* **** * ****** ******.

******** ** * *** ** ******** ***/** ******** **** ******* you******, ******* **'* ****, ******, ** ****-*****, ***** ********* *** (mDNS). *******, ****** ********, ****-***** ********* ****, ** ** *******, not ******, ******* **** **** *** ****** * ****** *** an ******* ** *** ***** ******* ** *** ******'* **** out **** ** ***.

**** ** ******* ******** ** ******* ** *******? - ***** yes.

*** ****** *** ******* ** ** ******* **** ********* *********? - ***** **.

*** ***** ****** *** ***** **-********* ** ******** ***** ******* devices, *** ** **** ******* ***** ** ******* ******.

** **** ***** *********** - ******** ** **** *********, ******** their ***** ********* ***** ** ** ********* ******* ** ********.

* ** **** *** **** **** ******* **** *** ******** zeroconf ************* **** **** ******.

******** **, ** *** ****, ******* ******* ************* *** ********* using *********-***.

****-***** ********** ******** ******** ********* ** ****** * ******. ******* has ********* ** ***** ******* **. * ***** *** **** most ******'* ***** ******** ** ** *** **** ***** ******* machines ******'* ******* ** *** *******, **** ******* ***** ******** and *** ** ******* ******** **** ***.***. * **** * did, * *** *** **** **** *** *** ***** ***** years *****. ****-***** ** ***** ******* ** ** **** ** Zeroconf, ******* ****'** ***** **** ********. ****, *** ****-***** ********* are ******* ****** ***** ** **** ********* ****** ** ***, so * ***** ****'* *** **** *** ***** ********.

* *** ***** ****, * *********** ******** ** *******'* ****** control ******. * ***** ** **** ********** ** *** ***** devices *********** **. **** **** ******* ****, * ****** ****** not ** ******** ******** *******.

*********** *** **** *** **. ***** ***** ***** ** ***** now, ***** **** ***... ***** **********.

*** *** ** ****** - ***** ** ***** **-********* ***** is ** *** ** ***** *** **** ***** ***** ********* but **** *** *******. *** ** ** *** ***** ******** but ** ***** ******* ***, ***** ** ****** (********* ***-*****). Which ******* *** ***** ******* * ***** - ******* **** from *** *****.

* **** ** *** ****** *** * *** ******* **** different ******* - ** ******** * **** ***** **** *** mdns *******.

*'* ********* **** *****'* ** ******* ** *** ******* ***** Profile *'* ******* *** ********* ***** ******** **** ****** ************* via ***********/*** ************** ******* ******/******.

*** ****** *** **** ********? * *** ***** *** ********** that ****** ***** *** * *** **** ** ******* *.

**** ******* *** ** ******** *** **** *******. ***********, ******* q ** ******** ** ****** ***** * ******* ***** ***** out-of-the-shelf ***** **. ** ** ****** ******* ***, ******* * dictate ***** ********/****** ****.

** *** **** *** - ****** **** *** ******* *, that ** ******** ** ****** ****** **************.

***** ********:

******* * ******** *** ************ ** ****** *** ** *** device ******** **. ** ** ***** ** * *********** ***********. We ****** *** ****** ******** **** **** ** **** ** also ******** ******* * ********** ** ***** *** ***** ******* elements *** *** ******** ******** ******** **** *** ********* *****.

**, **** ***** **** *****. ****** *** *** ****.

******** ***** ********:

*: **** ** ******* ******** ** ******* ** *******?

*: **** ** ***. ******* ** ******* *.*.*. **, ***.

*: *** ****** *** ******* ** ** ******* **** ********* hostnames? - ***** **.

*: ********** ** *** * ****** ** *******, ******** -> IP ******* ** ********* ** ** ********* ******* ** *** records.

**** *********** **** ******* **** *** ******** *** ** *****-****** (e.g. *****-******).

*: ***** ******* *** ***** **-********* ** ******** ***** ******* devices, *** ** **** ******* ***** ** ******* ******. *** does ******* * ****?

***** ******* ********* * **-********* ***** ******* **** *********. ******* respond **** ***** ******.

**** * **-********* ****** ***** *** ******* (****, **** **********, etc.), ** ********** * **-********* ***** **** *********. ******* *** listen *** ***** *******, *** *********** **** * ***** ** the ******** ****** ** ********* ** **’* ** ********.

*: ** **** ** ***** *********** - ******** ** **** linklocal, ******** ***** ***** ********* ***** ** ** ********* ******* of ********. ***** *** **********?

*: ***************** *** **** ********* *** **** ***************, ******** *********** IPv4 ********* ** **** * ****** ** *****************. *** ******** spec ******* *** ***************** ** ** ******* ** **** ********* (from ******* *: “… **** **** ***** ******* (******* ** ZeroConfiguration **********) …”).

*: ** ******* **** *** ******** ******** ************* **** **** inside?

***************** ******** *** ******* ** ********* ***. **** ********* **** not. ******* * ******* *** ******.

*** ** **** ** *** **** *** **** *********!

***** *** * *** ******** *************. * *** *** ****** that ** ******** ********* ***** **** ********** **** **** * such ****** ********.

***, ** *** *** ************ ************ *** *** *** ***********: may *** *** *** ***** ** *** **** **** ***** of ********* ******** ******* ** ******* *? *** ** ****/**** for ***? ** ***** *** *** *** ****** **** ******* at ***?

***** ********:

************* *** **** * **** ***** ******* *, * ** C ************** ******* *** **** ******* * * **** *********** addition ** ***** *******'* ************. ** ***** ***** **** *** very **** ** ********** *** ******** ** ********* ********* *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Hikvision H.265+ Bullet Tested (2035) on Jul 24, 2017
Continuing our tests of Hikvision's new low cost Value Plus line, we bought and tested the 3MP DS-2CD2035FWD-I, now including H.265+. We shot the...
PR Campaign Exploiting Manufacturer Cybersecurity on Jul 20, 2017
Manufacturers increasingly have a bulls-eye on their back. As cyber security solutions providers grow, they realize a great way to get publicity...
Alarm.com Tested on Jul 13, 2017
Alarm.com has become the dominant force in smart home / remote service platform, with ~70% market share, combining their own traditional offering...
Genetec Mission Control Tested on Jul 13, 2017
Genetec continues to move up market with their Mission Control, "Decision Support System", bringing PSIM-like procedures and incident management to...
ONVIF Chairman Criticizes Low Cost Cameras (Also, He Works At Axis) on Jul 12, 2017
ONVIF Chairman Per Björkdahl has taken a strong public stance against low cost cameras that are 'much more vulnerable to attack' as he explains in...
ONVIF Widely Used Toolkit gSOAP Vulnerability Discovered on Jul 10, 2017
A vulnerability has been discovered in a toolkit that video surveillance manufacturers widely use for implementing ONVIF. In this report, we...
Universal HD Analog Encoder Tested (DW Compressor) on Jul 06, 2017
Digital Watchdog has released the Compressor HD, a "universal" HD analog encoder, with support for AHD, CVI, TVI and SD analog cameras. We tested...
Smoke Detectors Guide on Jul 06, 2017
Smoke detectors and carbon monoxide detectors add a life-safety component to burglar alarm systems. As intrusion detection sensors are used to...
H.265 / HEVC Codec Tutorial 2017 on Jun 30, 2017
For years, video surveillance professionals have talked about the potential for H.265. Now, in 2017, H.265 is starting to gain mainstream...
Hikvision H.265+ Tested on Jun 27, 2017
Hikvision, which in the past few years released H.264+ (see test results) has now released H.265+, that claims even greater bandwidth savings. We...

Most Recent Industry Reports

$28M Drone Detection Startup Examined (Dedrone) on Jul 25, 2017
Dedrone has received ~$28M in funding to build what they call an "automatic anti-drone solution", a system to detect drones, and then automatically...
Dahua Suffers Second Major Vulnerability, Silent on Jul 25, 2017
Less than 3 months ago, Dahua received DHS ICS-CERT's worst score of 10.0 for their backdoor. Now, Dahua has received another 10.0 score for a new...
Hikvision H.265+ Bullet Tested (2035) on Jul 24, 2017
Continuing our tests of Hikvision's new low cost Value Plus line, we bought and tested the 3MP DS-2CD2035FWD-I, now including H.265+. We shot the...
Sports Stadium Security Design Recommendations on Jul 24, 2017
Sports stadiums pose many challenges for designing security systems. The facilities vary from being mostly vacant, to packed with tens of thousands...
Competing Against Convergint on Jul 24, 2017
No integrator is more aggressively expanding than Convergint Technologies. Owned and funded by private equity firm KRG, Convergint has acquired...
Security Robots Are Just Entertainment on Jul 21, 2017
Great entertainment, no real security value.  That is the happy (or sad) state of security robots in 2017. Knightscope robot's drowning, the...
Wireless Burglar Alarm Sensors Guide on Jul 21, 2017
Wireless sensors for burglar alarm sensors are an increasingly common option for the historical labor intensive wired alarm systems. However,...
Competing Against ADT on Jul 20, 2017
ADT is one of the biggest players in the security industry, with ~$4 billion revenue. In 2017, they were acquired / merged with Protection...
Hikvision Launching Deep Learning Recorders on Jul 20, 2017
Hikvision has become a common choice for super low cost NVRs. Now, Hikvision is aiming to move up market, with deep learning NVRs that claim far...
PR Campaign Exploiting Manufacturer Cybersecurity on Jul 20, 2017
Manufacturers increasingly have a bulls-eye on their back. As cyber security solutions providers grow, they realize a great way to get publicity...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact