Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2017

By: John Honovich, Published on Mar 30, 2017

Cyber security concerns are escalating, even in the video surveillance industry which has historically lagged in its attention here.

A key element of cyber security is what remote access technologies is used. In particular, DDNS has come into particular attention given Hikvision's discontinuing of its insecure DDNS service and Dahua's backdoor discovery, as DDNS exposing devices to the public Internet increases risk to cyber attacks.

160 integrators told IPVM what remote access technologies they most commonly used and the big three were VPNs, DDNS and P2P. Inside this note, we break down the statistics and share detailed commentary from integrators.

***** ******** ******** *** escalating, **** ** *** video ************ ******** ***** has ************ ****** ** its ********* ****.

* *** ******* ** cyber ******** ** **** remote ****** ************ ** used. ** **********, **** has **** **** ********** attention **************'* ************* ** *** insecure **** ***************'* ******** *********, ** **** ******** devices ** *** ****** Internet ********* **** ** cyber *******.

*** *********** **** **** what ****** ****** ************ they **** ******** **** and *** *** ***** were ****, **** *** P2P. ****** **** ****, we ***** **** *** statistics *** ***** ******** commentary **** ***********.

[***************]

Key ********

***** *** *** *** most ******** ***** ****** access ********** **** (**** ~50% ** *********), **** was ***** *******, ****** in ** ~**% ** the ***** ***** *****:

***

**** **** ********* *** their ********* ******** **** DDNS *** ******* ** larger ************:

  • "*** *** *** ************ prefer."
  • "***... **** ****** *** reliable"
  • "***, **** ******... *** more ******."
  • "*** ******* - **** has **** **** ******. We've *** ********** ***** DDNS."
  • "*** - ******** *** ability ** ****** ***** resources ** *** *******."
  • "***. ***** *** ******** control ** *** ****** on ***** *** ** they ***** *** ** connect *** ****** ** our *******. *** ****** also *** * ******** ON/OFF ***** **** ****** the ******** ** ********** disable *** ******."
  • "********* ** *** ** access *** ***, ** this ** * **** that **** ******* *** for ***** *******. ** are ****** ********* ** existing **************."
  • "** ******* ******** ***** VPNs ********* *** *** Networks ********. **** *** easy ** *** **, and ***** ****** ****** management ***** *** **** cost *** *** ******** well ***** ** (**** service **** ****** *** VPN)."
  • "** **** **** *** for ********* *** ***'* have ******* **** ******* VPN. ******** *** ****."
  • "***. **** ****** ****** and **** ****** *** remote ****** ** ***** work *********. **** ********* who **** ** **** cameras ******** **** ********** having ****** ****** ** work *********, ** **** justifies *** ******** ****** expense *** ********** ** a *** ******."
  • "*** ** ******** (************ Tosibox, *******). ******, **** solution."
  • "*** ** ******. *** customer *** ******** *** end *** *******. ***** liability *** ** **."
  • "***. **** ** ** customers *** ****** ***** business **** ***** **** may *** **** ********* IT *****, **** *** at ***** ******** ** staff."
  • "*** **** ****** *** customer ** ******* *** aware ** *** ***** otherwise. ******** ****** *** not ***** *** **** app."

****

** ********, **** **** widely ****** ******* **** were **** ** *** and *** *** ******* much ***** ** ******* client **** ********:

  • "**** - ******* *** faster *** ** *******."
  • "**** - ******* ** configure."
  • "**-** **** **** **** forwarding."
  • "****, ******* ** ** the ******* ****** *** totally *********** ** *** user. **** ** ********** software ** ******** ** added *****."
  • "****. ** *** *** No-IP *** ******* ** as * ***** *** for *** *********. ** also *** *** ****** name ** ***** **** they *** ** ***** is * ***** *** noticeable ******** **** ** are *** **** *** know ***** ******."
  • "****. ****** ** ** a ********** ******** ** regulated ******** (*******, **********, utilities, ***.) **** ****** consumers ****** ****** ** work ** ** *** or *******. *** ** sort ** **** ** this *****."
  • "**** ** ****** **. I ***** *** *** built ** **** ** any ** *** ***** "Easy" ***** ** *******. I **** ** ******* who ** **** ** see ****** ** *** network."
  • "******* *** *******. * usually *** *** ** mine *** ****** *** customer."
  • "****, ******* * **** trust ** ******* ***** servers. * ***** **** can ****** ** ***** devices. * ****** ******** for ***** *** ***** in * ******* ***** with ******* ******."
  • "****, ******* **** ****** are **** ****** & can ***** ******* ****** access."
  • "**** ******* *** *** easiest *** ******** ***."
  • "********* ** *** *********** ports *** **** **** through *** ********."
  • "**** - **** ** our ********* **** ** contract ** (** **** even **** ** *******) and **** ************* *** not ******** ********."

Mix - *** *** ****

* ****** ********** ******** was **** **** **** a ******* ** **** for ****** ********* *** DDNS *** ******* *********:

  • "****** **** *** ***. We *** **** *** small ****** *** *** for ****** *******. *** we ***'* ***** **."
  • "*** ** ********. **** if ****** ******** *** option."
  • "*** ***** ********* ********* schools, ********, ***., ** insist **** **** *** their ******** *** **************, or ** *** *** up *** ****. *** smaller *************, *****, ** will ******* *****. *'** suggested **** ** **** a ****** **** ********* sign ** **** *********, but **** ***** ****'* happened. *** **** *****."
  • "** ****** ******* ** the ******** *** ****** use. ** ** ** a *********** *********** ******* it *** **** ****. Commercial ** ********* ******** by *** ** **********. I ***** *** * VPN ** *** ****** setup *** **********."
  • "**** *** ***...**** ** our ************ *** ** secure ******** ******** *** they **** * ****** need *** ******** ** their ******** *** **** are *** ****** ** our **********...** *** **** for ****** ****** ***** of **** *** ***** commercial *******..."
  • "**** ********* *** ********* over ***. ********* ********** more ******. ***** ********* only **** ****** ** a ****** ***, *** at * ****, *** DDNS ** **** *** supports ***** ********-********* *********."
  • "****** **** ***** ** has **** ***, *** usually **** ** *** customer's ** *****. *** smaller *********, ****** *********** using **** ********** *** worked ****."

***

*** *** * *** third ******, **** **** ~10% ** *********** ****** it:

  • "*** ** **** **** a ****** ****** ** address."
  • "***. * ** ***** business"
  • "* *** *** ******** in *** ***** *************. It ** ** ****** that * *** ** it **** *** ***** with *** ********."
  • "******* ******* ** *** P2P *** **** ** access *** ******* ** involvement."
  • "**** ** *** ********* are *********** ** ***, as **** **** ** the **** * *** up ****** ****** *** P2P"

*******, *** *** ** growing **

  • "**** ********* ** ***"
  • "**** ************, *** ************* towards *** ** *** providers **** ********* ***********."
  • "*** *** ******** ** releasing * *** *** their *** ** *** next ******* **** **** not ******* **** ********** and ***** **** ****, we **** ******* ****** it. ** **** **** be *** ****** *** us."

******* ** ********* *** allowing *** **** **** on ***** ******* *** their ******* ***** ** remove ******* **** ***** DDNS, **** **** **** push *********** ** ***, which ********* ** *** advocating (*** ******* / Ezviz). ************, ** ****** Dahua ** ********* ******** P2P ** **** *** to ******* **** *** backdoor.

** *** ***** ****, P2P ******** ***** *** the ******** ** *** P2P ********, ***** **** be * ******** *** all *** ********* *** especially ** *** ***** and ********* ***** ***** track ******.

Cloud / ******

** *** *********, **** cited ***** / ****** video. ***** ********* ** some ***** / ****** video ***** **** *** it ******* ******* * niche *********** (*.*., **** use ** **** / residential **** ****, *****.***, etc.) *** *** ***** quite ******** ** *** commercial / ********** ******.

Comments (12)

Avatar

John Bazyk

Command Corporation | IPVMU Certified | 03/30/17 01:20pm

Of 161 responses, none cited cloud / hosted video. There certainly is some cloud / hosted video being used but it clearly remains a niche application (e.g., some use in home / residential with Nest, Alarm.com, etc.) but not still quite uncommon in the commercial / enterprise market.

What I see the cloud being used for the most in the near future is for remote connections rather than storing video. You connect to the cloud, the cloud connects you to your system (P2P). The cloud should create a secure VPN from your device to your system. No port forwarding and no VPN appliance on-site. While small systems might store video in the cloud, I think we're still pretty far from being able to do that reliably. Some cities that have Google Fiber could probably do it. However, the rest of the world is stuck on minimal bandwidth.

John Honovich

IPVM | In reply to John Bazyk | 03/30/17 01:22pm

Agreed. That's why we differentiated 'P2P' from 'Cloud'. While 'P2P uses the 'cloud', its an add on rather than the main function of the system (by contrast, Eagle Eye cloud managed video or Nest cloud hosted video).

Avatar

Carter Maslan

Camio | In reply to John Bazyk | 03/30/17 02:51pm

FD I'm CEO of Camio. This hybrid approach came from the same observation that you describe @John Bazyk. We noticed that 91% of user sessions were happy with search result thumbnail summaries without even playing the video:

91% happy with search results alone

So rather than continuously streaming to cloud storage, the best-of-both-worlds combo is locally stored hi-res video and cloud-indexed metadata. And per your point, rather than relying on VPN, DDNS, or P2P, the cloud can orchestrate the connections via SSL.

Avatar

Sean Nelson

Nelly's Security | 03/30/17 01:28pm

I think P2P is fantastic. We just need full control of all the settings just as if we did port forwarding. As of right now, its somewhat limited as to what you can control through P2P.

The advantages of P2P are:
- incredibly easy to setup, most end users can do it on their own. Can all be done from a cell phone.
- No need to worry about dynamic IP addresses changing, so no need for DDNS
- If your router resets or if you change your router, you dont have to worry about re-configuring the clients router again. (Less Call Backs)

Disadvantages:
- Security Concerns
- Less Control over Unit settings as compared to traditional port forwarding
- Performance is based on cloud server. I will say that performance was slow when P2P first arrived, but lately, i see no issues at all.

Most users only care about live view and simple playback when it comes to remote viewing, for this reason, we have switched to primarily using P2P on tech support calls, which results in less call backs and issues.

John Honovich

IPVM | In reply to Sean Nelson | 03/30/17 01:36pm

Sean, good comparison.

On security concerns, it can be segmented into 2 fundamental categories:

(1) The security of the P2P from external threats. These P2P infrastructure will become very appealing targets for hackers since they will eventually have hundred of thousands or millions of devices connected to them.

(2) The security of the P2P from internal misuse. These P2Ps enable the provider to have direct access inside of customer's networks (both in terms of video and as well network connectivity to other local computers / devices). The provider will need to be trusted not to take advantage of this.

Avatar

Sean Nelson

Nelly's Security | In reply to Sean Nelson | 03/30/17 01:49pm

Another thing, and this speaks in regards to Hikvision specifically, is the web interface of the P2P site needs to be more professional looking. Right now it looks more like a "fun happy" site than a professional security platform. Go to ezvizlife or guardingvision.com and it looks like a website made by a really cheap CCTV manufacturer. It lacks the professional looking user interface that the rest of the HIkvision software interfaces have. Hoping they get this resolved as P2P becomes more widely used.

Marty Calhoun

IPVMU Certified | In reply to Sean Nelson | 03/31/17 10:03am
Sean- Take a look at the Hik-Central Platform, I know this is unlike Ezviz but they have greatly improved the professional appearance from iVMS-4200 as well
Avatar

Sean Nelson

Nelly's Security | In reply to Marty Calhoun | 04/03/17 03:44pm

Marty -  Just downloaded the App. Agree, better looking than ezviz app, but I still prefer the ivms4500 cell phone app.

My complaint was on the cheezy ezviz web interface. Is their a web interface for hik-central?

Undisclosed Integrator #1

03/30/17 02:57pm

Maybe I'm missing something, but VPN and DDNS aren't really interchangeable. Some sites can use VPN as they would probably have a fixed IP endpoint (hence no need for Dynamic DNS) and required VPN ports already forwarded (443/500/1723 etc).

All DDNS does is update an internet name (e.g. Client001.thruhere.net) with an IP address that changes intermittently. Even with VPN, you still need a fixed endpoint, whether IP or DNS name, to connect to. If you don't have that fixed IP, then you need DDNS, whether or not you use VPN.

The benefit of VPN is that it gives tighter control over users using things like RADIUS authentication and it gives the user access to any number of devices on the secured network. To do this with DDNS (assuming a single public IP) you need many port forwards which increases your attack surface area. You're also relying on the devices resistance to attack (brute force or otherwise) which can vary greatly.

Avatar

Carter Maslan

Camio | In reply to Undisclosed Integrator #1 | 03/30/17 03:08pm

@#1 there's really interesting research published about Google's elimination of VPNs at BeyondCorp and described in their no-vpn-security approach. That commitment to eliminate VPNs is a pillar of Google's security.

Undisclosed Integrator #1

In reply to Carter Maslan | 03/30/17 03:50pm

Interesting indeed. And it makes sense as typically VPNs give access to any device on that LAN segment. It sounds like Google are creating a trusted link from the client device to the hosting device so sounds much more secure.

Avatar

Michael Archer

06/19/17 06:07am

Perhaps all those VPN users like to be sure they are up to date with versions.

Open VPN is what's uses in DD-WRT routers, as it's open source.

https://www.exploit-db.com/exploits/41993/

Naturally vendor specific VPNs may not be effected.

Better safe than sorry.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2019 on Oct 25, 2019
Remote access can make systems more usable but also more vulnerable. How are integrators delivring remote access in 2019? How many are using...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
HTTPS / SSL Video Surveillance Usage Statistics on Apr 01, 2019
HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying...

Most Recent Industry Reports

Dahua Faked Coronavirus Camera Marketing on Apr 01, 2020
Dahua has conducted a coronavirus camera global marketing campaign centered around a faked detection. Now, Dahua has expanded this to the USA,...
Video Surveillance Trends 101 on Apr 01, 2020
This report examines major industry factors and how they could impact video surveillance in the next 5 - 10 years. This is part of our Video...
USA's Seek Scan Thermal Temperature System Examined on Apr 01, 2020
This US company, Seek, located down the road from FLIR and founded by former FLIR employees is offering a thermal temperature system for the...
Terrible Convergint Coronavirus Thermal Camera Recommendation on Apr 01, 2020
A week after Convergint disclosed falling revenue, pay and job cuts, Convergint is touting 'extensive research' that is either grossly incompetent...
The IPVM New Products Online Show April 2020 Opens With 40+ Manufacturers on Mar 31, 2020
IPVM is excited to announce the first New Products Online show, with 40+ manufacturers, to be held April 14 to the 16th, free to IPVM members,...
USA's Feevr Thermal Temperature System Examined on Mar 31, 2020
This US company has burst on to the scene, brashly naming itself 'feevr' and branding itself as a "COVID 19 - AI BASED NON CONTACT THERMAL...
JCI Coronavirus Cuts on Mar 31, 2020
JCI has made coronavirus cuts, the company told employees in an email that IPVM has reviewed. Inside this note, we examine the cuts made, the...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door operators to fight the spread of coronavirus. This delivers...
Video Surveillance Business 101 on Mar 30, 2020
This report explains the fundamental elements of the video surveillance business for those new to the industry. This is part of our Video...
FDA Gives Guidance on 'Coronavirus' Thermal Fever Detection Systems on Mar 30, 2020
The US FDA has given IPVM guidance on the use of thermal fever detection systems being marketed for coronavirus, as an explosion of such devices...