Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2017

By: John Honovich, Published on Mar 30, 2017

Cyber security concerns are escalating, even in the video surveillance industry which has historically lagged in its attention here.

A key element of cyber security is what remote access technologies is used. In particular, DDNS has come into particular attention given Hikvision's discontinuing of its insecure DDNS service and Dahua's backdoor discovery, as DDNS exposing devices to the public Internet increases risk to cyber attacks.

160 integrators told IPVM what remote access technologies they most commonly used and the big three were VPNs, DDNS and P2P. Inside this note, we break down the statistics and share detailed commentary from integrators.

***** ******** ******** *** escalating, **** ** *** video ************ ******** ***** has ************ ****** ** its ********* ****.

* *** ******* ** cyber ******** ** **** remote ****** ************ ** used. ** **********, **** has **** **** ********** attention **************'* ************* ** *** insecure **** ***************'* ******** *********, ** **** ******** devices ** *** ****** Internet ********* **** ** cyber *******.

*** *********** **** **** what ****** ****** ************ they **** ******** **** and *** *** ***** were ****, **** *** P2P. ****** **** ****, we ***** **** *** statistics *** ***** ******** commentary **** ***********.

[***************]

Key ********

***** *** *** *** most ******** ***** ****** access ********** **** (**** ~50% ** *********), **** was ***** *******, ****** in ** ~**% ** the ***** ***** *****:

***

**** **** ********* *** their ********* ******** **** DDNS *** ******* ** larger ************:

  • "*** *** *** ************ prefer."
  • "***... **** ****** *** reliable"
  • "***, **** ******... *** more ******."
  • "*** ******* - **** has **** **** ******. We've *** ********** ***** DDNS."
  • "*** - ******** *** ability ** ****** ***** resources ** *** *******."
  • "***. ***** *** ******** control ** *** ****** on ***** *** ** they ***** *** ** connect *** ****** ** our *******. *** ****** also *** * ******** ON/OFF ***** **** ****** the ******** ** ********** disable *** ******."
  • "********* ** *** ** access *** ***, ** this ** * **** that **** ******* *** for ***** *******. ** are ****** ********* ** existing **************."
  • "** ******* ******** ***** VPNs ********* *** *** Networks ********. **** *** easy ** *** **, and ***** ****** ****** management ***** *** **** cost *** *** ******** well ***** ** (**** service **** ****** *** VPN)."
  • "** **** **** *** for ********* *** ***'* have ******* **** ******* VPN. ******** *** ****."
  • "***. **** ****** ****** and **** ****** *** remote ****** ** ***** work *********. **** ********* who **** ** **** cameras ******** **** ********** having ****** ****** ** work *********, ** **** justifies *** ******** ****** expense *** ********** ** a *** ******."
  • "*** ** ******** (************ Tosibox, *******). ******, **** solution."
  • "*** ** ******. *** customer *** ******** *** end *** *******. ***** liability *** ** **."
  • "***. **** ** ** customers *** ****** ***** business **** ***** **** may *** **** ********* IT *****, **** *** at ***** ******** ** staff."
  • "*** **** ****** *** customer ** ******* *** aware ** *** ***** otherwise. ******** ****** *** not ***** *** **** app."

****

** ********, **** **** widely ****** ******* **** were **** ** *** and *** *** ******* much ***** ** ******* client **** ********:

  • "**** - ******* *** faster *** ** *******."
  • "**** - ******* ** configure."
  • "**-** **** **** **** forwarding."
  • "****, ******* ** ** the ******* ****** *** totally *********** ** *** user. **** ** ********** software ** ******** ** added *****."
  • "****. ** *** *** No-IP *** ******* ** as * ***** *** for *** *********. ** also *** *** ****** name ** ***** **** they *** ** ***** is * ***** *** noticeable ******** **** ** are *** **** *** know ***** ******."
  • "****. ****** ** ** a ********** ******** ** regulated ******** (*******, **********, utilities, ***.) **** ****** consumers ****** ****** ** work ** ** *** or *******. *** ** sort ** **** ** this *****."
  • "**** ** ****** **. I ***** *** *** built ** **** ** any ** *** ***** "Easy" ***** ** *******. I **** ** ******* who ** **** ** see ****** ** *** network."
  • "******* *** *******. * usually *** *** ** mine *** ****** *** customer."
  • "****, ******* * **** trust ** ******* ***** servers. * ***** **** can ****** ** ***** devices. * ****** ******** for ***** *** ***** in * ******* ***** with ******* ******."
  • "****, ******* **** ****** are **** ****** & can ***** ******* ****** access."
  • "**** ******* *** *** easiest *** ******** ***."
  • "********* ** *** *********** ports *** **** **** through *** ********."
  • "**** - **** ** our ********* **** ** contract ** (** **** even **** ** *******) and **** ************* *** not ******** ********."

Mix - *** *** ****

* ****** ********** ******** was **** **** **** a ******* ** **** for ****** ********* *** DDNS *** ******* *********:

  • "****** **** *** ***. We *** **** *** small ****** *** *** for ****** *******. *** we ***'* ***** **."
  • "*** ** ********. **** if ****** ******** *** option."
  • "*** ***** ********* ********* schools, ********, ***., ** insist **** **** *** their ******** *** **************, or ** *** *** up *** ****. *** smaller *************, *****, ** will ******* *****. *'** suggested **** ** **** a ****** **** ********* sign ** **** *********, but **** ***** ****'* happened. *** **** *****."
  • "** ****** ******* ** the ******** *** ****** use. ** ** ** a *********** *********** ******* it *** **** ****. Commercial ** ********* ******** by *** ** **********. I ***** *** * VPN ** *** ****** setup *** **********."
  • "**** *** ***...**** ** our ************ *** ** secure ******** ******** *** they **** * ****** need *** ******** ** their ******** *** **** are *** ****** ** our **********...** *** **** for ****** ****** ***** of **** *** ***** commercial *******..."
  • "**** ********* *** ********* over ***. ********* ********** more ******. ***** ********* only **** ****** ** a ****** ***, *** at * ****, *** DDNS ** **** *** supports ***** ********-********* *********."
  • "****** **** ***** ** has **** ***, *** usually **** ** *** customer's ** *****. *** smaller *********, ****** *********** using **** ********** *** worked ****."

***

*** *** * *** third ******, **** **** ~10% ** *********** ****** it:

  • "*** ** **** **** a ****** ****** ** address."
  • "***. * ** ***** business"
  • "* *** *** ******** in *** ***** *************. It ** ** ****** that * *** ** it **** *** ***** with *** ********."
  • "******* ******* ** *** P2P *** **** ** access *** ******* ** involvement."
  • "**** ** *** ********* are *********** ** ***, as **** **** ** the **** * *** up ****** ****** *** P2P"

*******, *** *** ** growing **

  • "**** ********* ** ***"
  • "**** ************, *** ************* towards *** ** *** providers **** ********* ***********."
  • "*** *** ******** ** releasing * *** *** their *** ** *** next ******* **** **** not ******* **** ********** and ***** **** ****, we **** ******* ****** it. ** **** **** be *** ****** *** us."

******* ** ********* *** allowing *** **** **** on ***** ******* *** their ******* ***** ** remove ******* **** ***** DDNS, **** **** **** push *********** ** ***, which ********* ** *** advocating (*** ******* / Ezviz). ************, ** ****** Dahua ** ********* ******** P2P ** **** *** to ******* **** *** backdoor.

** *** ***** ****, P2P ******** ***** *** the ******** ** *** P2P ********, ***** **** be * ******** *** all *** ********* *** especially ** *** ***** and ********* ***** ***** track ******.

Cloud / ******

** *** *********, **** cited ***** / ****** video. ***** ********* ** some ***** / ****** video ***** **** *** it ******* ******* * niche *********** (*.*., **** use ** **** / residential **** ****, *****.***, etc.) *** *** ***** quite ******** ** *** commercial / ********** ******.

Comments (12)

Of 161 responses, none cited cloud / hosted video. There certainly is some cloud / hosted video being used but it clearly remains a niche application (e.g., some use in home / residential with Nest, Alarm.com, etc.) but not still quite uncommon in the commercial / enterprise market.

What I see the cloud being used for the most in the near future is for remote connections rather than storing video. You connect to the cloud, the cloud connects you to your system (P2P). The cloud should create a secure VPN from your device to your system. No port forwarding and no VPN appliance on-site. While small systems might store video in the cloud, I think we're still pretty far from being able to do that reliably. Some cities that have Google Fiber could probably do it. However, the rest of the world is stuck on minimal bandwidth.

Agreed. That's why we differentiated 'P2P' from 'Cloud'. While 'P2P uses the 'cloud', its an add on rather than the main function of the system (by contrast, Eagle Eye cloud managed video or Nest cloud hosted video).

FD I'm CEO of Camio. This hybrid approach came from the same observation that you describe @John Bazyk. We noticed that 91% of user sessions were happy with search result thumbnail summaries without even playing the video:

91% happy with search results alone

So rather than continuously streaming to cloud storage, the best-of-both-worlds combo is locally stored hi-res video and cloud-indexed metadata. And per your point, rather than relying on VPN, DDNS, or P2P, the cloud can orchestrate the connections via SSL.

I think P2P is fantastic. We just need full control of all the settings just as if we did port forwarding. As of right now, its somewhat limited as to what you can control through P2P.

The advantages of P2P are:
- incredibly easy to setup, most end users can do it on their own. Can all be done from a cell phone.
- No need to worry about dynamic IP addresses changing, so no need for DDNS
- If your router resets or if you change your router, you dont have to worry about re-configuring the clients router again. (Less Call Backs)

Disadvantages:
- Security Concerns
- Less Control over Unit settings as compared to traditional port forwarding
- Performance is based on cloud server. I will say that performance was slow when P2P first arrived, but lately, i see no issues at all.

Most users only care about live view and simple playback when it comes to remote viewing, for this reason, we have switched to primarily using P2P on tech support calls, which results in less call backs and issues.

Sean, good comparison.

On security concerns, it can be segmented into 2 fundamental categories:

(1) The security of the P2P from external threats. These P2P infrastructure will become very appealing targets for hackers since they will eventually have hundred of thousands or millions of devices connected to them.

(2) The security of the P2P from internal misuse. These P2Ps enable the provider to have direct access inside of customer's networks (both in terms of video and as well network connectivity to other local computers / devices). The provider will need to be trusted not to take advantage of this.

Another thing, and this speaks in regards to Hikvision specifically, is the web interface of the P2P site needs to be more professional looking. Right now it looks more like a "fun happy" site than a professional security platform. Go to ezvizlife or guardingvision.com and it looks like a website made by a really cheap CCTV manufacturer. It lacks the professional looking user interface that the rest of the HIkvision software interfaces have. Hoping they get this resolved as P2P becomes more widely used.

Sean- Take a look at the Hik-Central Platform, I know this is unlike Ezviz but they have greatly improved the professional appearance from iVMS-4200 as well

Marty -  Just downloaded the App. Agree, better looking than ezviz app, but I still prefer the ivms4500 cell phone app.

My complaint was on the cheezy ezviz web interface. Is their a web interface for hik-central?

Maybe I'm missing something, but VPN and DDNS aren't really interchangeable. Some sites can use VPN as they would probably have a fixed IP endpoint (hence no need for Dynamic DNS) and required VPN ports already forwarded (443/500/1723 etc).

All DDNS does is update an internet name (e.g. Client001.thruhere.net) with an IP address that changes intermittently. Even with VPN, you still need a fixed endpoint, whether IP or DNS name, to connect to. If you don't have that fixed IP, then you need DDNS, whether or not you use VPN.

The benefit of VPN is that it gives tighter control over users using things like RADIUS authentication and it gives the user access to any number of devices on the secured network. To do this with DDNS (assuming a single public IP) you need many port forwards which increases your attack surface area. You're also relying on the devices resistance to attack (brute force or otherwise) which can vary greatly.

@#1 there's really interesting research published about Google's elimination of VPNs at BeyondCorp and described in their no-vpn-security approach. That commitment to eliminate VPNs is a pillar of Google's security.

Interesting indeed. And it makes sense as typically VPNs give access to any device on that LAN segment. It sounds like Google are creating a trusted link from the client device to the hosting device so sounds much more secure.

Perhaps all those VPN users like to be sure they are up to date with versions.

Open VPN is what's uses in DD-WRT routers, as it's open source.

https://www.exploit-db.com/exploits/41993/

Naturally vendor specific VPNs may not be effected.

Better safe than sorry.

Read this IPVM report for free.

This article is part of IPVM's 6,371 reports, 856 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Genetec CEO Warns Against Insider Threats on Sep 21, 2017
With Dahua and Hikvision cybersecurity issues becoming indisputable, a new counter has emerged. Just put them behind a firewall, buy cheap...
Hikvision VMD And Intrusion Analytics Tested on May 04, 2018
VMD worked poorly on Hikvision cameras, new IPVM testing found. However, Hikvision ships analytics on practically every IP camera, with intrusion...
Surveillance Systems Remote Access Usage Statistics on Oct 11, 2017
Remote access is a major benefit and risk for video surveillance. It is a benefit because it allows users to manage security or review...
Dahua Favorability Results 2019 on Apr 01, 2019
Dahua favorability declined, in IPVM's 2019 integrator favorability series, driven by their backdoors, resulting in mass hacking and US government...
Fortune 500 Company Bars Dahua and Hikvision on Aug 30, 2017
A Fortune 500 company has barred Dahua and Hikvision cameras from a large RFP due to cyber security concerns, IPVM has confirmed with the...
Broken Hikvision App Exposes Hypocrisy on Dec 06, 2017
While Hikvision talks about a commitment to cybersecurity, their broken app and their insecure 'solution' exposes not only their engineering...
Access Control Cabling Tutorial on Jan 15, 2019
Access Control is only as reliable as its cables. While this aspect lacks the sexiness of other components, it remains a vital part of every...
SNMP / Network Monitoring For Surveillance on Aug 21, 2018
Surveillance systems typically rely on the the VMS to report issues, but this most often just means knowing a camera is "down" with no warning or...
Hikvision Upgrade Breaks ONVIF VMS Integration on Oct 31, 2017
Hikvision IP cameras using ONVIF for VMS integration will break when upgrading to Hikvision new 5.5 firmware, IPVM testing has verified. This...
Hikvision Europe Warns Of "A Wave of Cyberattacks" on Sep 28, 2017
Hikvision Europe has issued a "Hikvision Security Advisory" press release [link no longer available] and emailed an e-newsletter with the advisory...

Most Recent Industry Reports

Startup Duranc Presents AI VSaaS on Jul 06, 2020
Duranc presented its system at the May 2020 IPVM Startups show. A 30-minute video from Duranc including IPVM Q&A Background on the...
Low Voltage Nation Wants to "Help You Carve Out A Fulfilling Career" Interviewed on Jul 06, 2020
It is difficult to make your way in this industry as there is little formal schooling. However, one person, Blake Urmos, the Founder of Low Voltage...
The Next Hot Fever Detection Trend - $100 Wall-Mounted Units on Jul 06, 2020
The first wave of the booming fever detecting market was $10,000+ cameras, now interest for ~$2,000 tablets is high and the next big thing may be...
Cisco Meraki Unlocks IP Cameras With RTSP Tested on Jul 06, 2020
Meraki opened up its cameras to 3rd party NVRs/VMSes by offering RTSP streaming because of "the need to solve a business problem". We tested...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...