DDNS vs P2P vs VPN Usage Statistics

By: John Honovich, Published on Mar 30, 2017

Cyber security concerns are escalating, even in the video surveillance industry which has historically lagged in its attention here.

A key element of cyber security is what remote access technologies is used. In particular, DDNS has come into particular attention given Hikvision's discontinuing of its insecure DDNS service and Dahua's backdoor discovery, as DDNS exposing devices to the public Internet increases risk to cyber attacks.

160 integrators told IPVM what remote access technologies they most commonly used and the big three were VPNs, DDNS and P2P. Inside this note, we break down the statistics and share detailed commentary from integrators.

***** ******** ******** *** escalating, **** ** *** video ************ ******** ***** has ************ ****** ** its ********* ****.

* *** ******* ** cyber ******** ** **** remote ****** ************ ** ****. In **********, **** *** come **** ********** ********* given*********'* ************* ** *** insecure **** ***************'* ******** *********, ** **** ******** devices ** *** ****** Internet ********* **** ** cyber *******.

*** *********** **** **** what ****** ****** ************ they **** ******** **** and *** *** ***** were ****, **** *** P2P. ****** **** ****, we ***** **** *** statistics *** ***** ******** commentary **** ***********.

[***************]

Key ********

***** *** *** *** most ******** ***** ****** access ********** **** (**** ~50% ** *********), **** was ***** *******, ****** in ** ~**% ** the ***** ***** *****:

***

**** **** ********* *** their ********* ******** **** DDNS *** ******* ** larger ************:

  • "*** *** *** ************ prefer."
  • "***... **** ****** *** reliable"
  • "***, **** ******... *** more ******."
  • "*** ******* - **** has **** **** ******. We've *** ********** ***** DDNS."
  • "*** - ******** *** ability ** ****** ***** resources ** *** *******."
  • "***. ***** *** ******** control ** *** ****** on ***** *** ** they ***** *** ** connect *** ****** ** our *******. *** ****** also *** * ******** ON/OFF ***** **** ****** the ******** ** ********** disable *** ******."
  • "********* ** *** ** access *** ***, ** this ** * **** that **** ******* *** for ***** *******. ** are ****** ********* ** existing **************."
  • "** ******* ******** ***** VPNs ********* *** *** Networks ********. **** *** easy ** *** **, and ***** ****** ****** management ***** *** **** cost *** *** ******** well ***** ** (**** service **** ****** *** VPN)."
  • "** **** **** *** for ********* *** ***'* have ******* **** ******* VPN. ******** *** ****."
  • "***. **** ****** ****** and **** ****** *** remote ****** ** ***** work *********. **** ********* who **** ** **** cameras ******** **** ********** having ****** ****** ** work *********, ** **** justifies *** ******** ****** expense *** ********** ** a *** ******."
  • "*** ** ******** (************ Tosibox, *******). ******, **** solution."
  • "*** ** ******. *** customer *** ******** *** end *** *******. ***** liability *** ** **."
  • "***. **** ** ** customers *** ****** ***** business **** ***** **** may *** **** ********* IT *****, **** *** at ***** ******** ** staff."
  • "*** **** ****** *** customer ** ******* *** aware ** *** ***** otherwise. ******** ****** *** not ***** *** **** app." 

****

** ********, **** **** widely ****** ******* **** were **** ** *** and *** *** ******* much ***** ** ******* client **** ********:

  • "**** - ******* *** faster *** ** *******."
  • "**** - ******* ** configure."
  • "**-** **** **** **** forwarding."
  • "****, ******* ** ** the ******* ****** *** totally *********** ** *** user. **** ** ********** software ** ******** ** added *****."
  • "****. ** *** *** No-IP *** ******* ** as * ***** *** for *** *********. ** also *** *** ****** name ** ***** **** they *** ** ***** is * ***** *** noticeable ******** **** ** are *** **** *** know ***** ******."
  • "****. ****** ** ** a ********** ******** ** regulated ******** (*******, **********, utilities, ***.) **** ****** consumers ****** ****** ** work ** ** *** or *******. *** ** sort ** **** ** this *****."
  • "**** ** ****** **. I ***** *** *** built ** **** ** any ** *** ***** "Easy" ***** ** *******. I **** ** ******* who ** **** ** see ****** ** *** network."
  • "******* *** *******. * usually *** *** ** mine *** ****** *** customer."
  • "****, ******* * **** trust ** ******* ***** servers. * ***** **** can ****** ** ***** devices. * ****** ******** for ***** *** ***** in * ******* ***** with ******* ******."
  • "****, ******* **** ****** are **** ****** & can ***** ******* ****** access."
  • "**** ******* *** *** ******* and ******** ***."
  • "********* ** *** *********** ports *** **** **** through *** ********."
  • "**** - **** ** our ********* **** ** contract ** (** **** even **** ** *******) and **** ************* *** not ******** ********."

Mix - *** *** **** 

* ****** ********** ******** *** that **** **** * mixture ** **** *** larger ********* *** **** for ******* *********:

  • "****** **** *** ***. We *** **** *** small ****** *** *** for ****** *******. *** we ***'* ***** **."
  • "*** ** ********. **** if ****** ******** *** option."
  • "*** ***** ********* ********* schools, ********, ***., ** insist **** **** *** their ******** *** **************, or ** *** *** up *** ****. *** smaller *************, *****, ** will ******* *****. *'** suggested **** ** **** a ****** **** ********* sign ** **** *********, but **** ***** ****'* happened. *** **** *****."
  • "** ****** ******* ** the ******** *** ****** use. ** ** ** a *********** *********** ******* it *** **** ****. Commercial ** ********* ******** by *** ** **********. I ***** *** * VPN ** *** ****** setup *** **********."
  • "**** *** ***...**** ** our ************ *** ** secure ******** ******** *** they **** * ****** need *** ******** ** their ******** *** **** are *** ****** ** our **********...** *** **** for ****** ****** ***** of **** *** ***** ********** clients..."
  • "**** ********* *** ********* over ***. ********* ********** more ******. ***** ********* only **** ****** ** a ****** ***, *** at * ****, *** DDNS ** **** *** supports ***** ********-********* *********."
  • "****** **** ***** ** has **** ***, *** usually **** ** *** customer's ** *****. *** smaller *********, ****** *********** using **** ********** *** worked ****."

***

*** *** * *** third ******, **** **** ~10% ** *********** ****** it:

  • "*** ** **** **** a ****** ****** ** address."
  • "***. * ** ***** business"
  • "* *** *** ******** in *** ***** *************. It ** ** ****** that * *** ** it **** *** ***** with *** ********."
  • "******* ******* ** *** P2P *** **** ** access *** ******* ** involvement."
  • "**** ** *** ********* are *********** ** ***, as **** **** ** the **** * *** up ****** ****** *** P2P"

*******, *** *** ** growing ** 

  • "**** ********* ** ***"
  • "**** ************, *** ************* towards *** ** *** providers **** ********* ***********."
  • "*** *** ******** ** releasing * *** *** their *** ** *** next ******* **** **** not ******* **** ********** and ***** **** ****, we **** ******* ****** it. ** **** **** be *** ****** *** us."

******* ** ********* *** allowing *** **** **** on ***** ******* *** their ******* ***** ** remove ******* **** ***** DDNS, **** **** **** push *********** ** ***, which ********* ** *** advocating (*** ******* / Ezviz). ************, ** ****** Dahua ** ********* ******** P2P ** **** *** to ******* **** *** backdoor.

** *** ***** ****, P2P ******** ***** *** the ******** ** *** P2P ********, ***** **** be * ******** *** all *** ********* *** especially ** *** ***** and ********* ***** ***** track ******.

Cloud / ******

** *** *********, **** cited ***** / ****** video. ***** ********* ** some ***** / ****** video ***** **** *** it ******* ******* * niche *********** (*.*., **** use ** **** / residential **** ****, *****.***, etc.) *** *** ***** quite ******** ** *** commercial / ********** ******.

Comments (12)

Of 161 responses, none cited cloud / hosted video. There certainly is some cloud / hosted video being used but it clearly remains a niche application (e.g., some use in home / residential with Nest, Alarm.com, etc.) but not still quite uncommon in the commercial / enterprise market.

What I see the cloud being used for the most in the near future is for remote connections rather than storing video. You connect to the cloud, the cloud connects you to your system (P2P). The cloud should create a secure VPN from your device to your system. No port forwarding and no VPN appliance on-site. While small systems might store video in the cloud, I think we're still pretty far from being able to do that reliably. Some cities that have Google Fiber could probably do it. However, the rest of the world is stuck on minimal bandwidth.

Agreed. That's why we differentiated 'P2P' from 'Cloud'. While 'P2P uses the 'cloud', its an add on rather than the main function of the system (by contrast, Eagle Eye cloud managed video or Nest cloud hosted video).

FD I'm CEO of Camio. This hybrid approach came from the same observation that you describe @John Bazyk. We noticed that 91% of user sessions were happy with search result thumbnail summaries without even playing the video:

91% happy with search results alone

So rather than continuously streaming to cloud storage, the best-of-both-worlds combo is locally stored hi-res video and cloud-indexed metadata. And per your point, rather than relying on VPN, DDNS, or P2P, the cloud can orchestrate the connections via SSL.

I think P2P is fantastic. We just need full control of all the settings just as if we did port forwarding. As of right now, its somewhat limited as to what you can control through P2P.

The advantages of P2P are:
- incredibly easy to setup, most end users can do it on their own. Can all be done from a cell phone.
- No need to worry about dynamic IP addresses changing, so no need for DDNS
- If your router resets or if you change your router, you dont have to worry about re-configuring the clients router again. (Less Call Backs)

Disadvantages:
- Security Concerns
- Less Control over Unit settings as compared to traditional port forwarding
- Performance is based on cloud server. I will say that performance was slow when P2P first arrived, but lately, i see no issues at all.

Most users only care about live view and simple playback when it comes to remote viewing, for this reason, we have switched to primarily using P2P on tech support calls, which results in less call backs and issues.

Sean, good comparison.

On security concerns, it can be segmented into 2 fundamental categories:

(1) The security of the P2P from external threats. These P2P infrastructure will become very appealing targets for hackers since they will eventually have hundred of thousands or millions of devices connected to them.

(2) The security of the P2P from internal misuse. These P2Ps enable the provider to have direct access inside of customer's networks (both in terms of video and as well network connectivity to other local computers / devices). The provider will need to be trusted not to take advantage of this.

Another thing, and this speaks in regards to Hikvision specifically, is the web interface of the P2P site needs to be more professional looking. Right now it looks more like a "fun happy" site than a professional security platform. Go to ezvizlife or guardingvision.com and it looks like a website made by a really cheap CCTV manufacturer. It lacks the professional looking user interface that the rest of the HIkvision software interfaces have. Hoping they get this resolved as P2P becomes more widely used.

Sean- Take a look at the Hik-Central Platform, I know this is unlike Ezviz but they have greatly improved the professional appearance from iVMS-4200 as well

Marty -  Just downloaded the App. Agree, better looking than ezviz app, but I still prefer the ivms4500 cell phone app.

My complaint was on the cheezy ezviz web interface. Is their a web interface for hik-central?

Maybe I'm missing something, but VPN and DDNS aren't really interchangeable. Some sites can use VPN as they would probably have a fixed IP endpoint (hence no need for Dynamic DNS) and required VPN ports already forwarded (443/500/1723 etc).

All DDNS does is update an internet name (e.g. Client001.thruhere.net) with an IP address that changes intermittently. Even with VPN, you still need a fixed endpoint, whether IP or DNS name, to connect to. If you don't have that fixed IP, then you need DDNS, whether or not you use VPN.

The benefit of VPN is that it gives tighter control over users using things like RADIUS authentication and it gives the user access to any number of devices on the secured network. To do this with DDNS (assuming a single public IP) you need many port forwards which increases your attack surface area. You're also relying on the devices resistance to attack (brute force or otherwise) which can vary greatly.

@#1 there's really interesting research published about Google's elimination of VPNs at BeyondCorp and described in their no-vpn-security approach. That commitment to eliminate VPNs is a pillar of Google's security.

Interesting indeed. And it makes sense as typically VPNs give access to any device on that LAN segment. It sounds like Google are creating a trusted link from the client device to the hosting device so sounds much more secure.

Perhaps all those VPN users like to be sure they are up to date with versions.

Open VPN is what's uses in DD-WRT routers, as it's open source.

https://www.exploit-db.com/exploits/41993/

Naturally vendor specific VPNs may not be effected.

Better safe than sorry.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Installation Course - Last Chance - Register Now on Sep 12, 2019
Last Chance - Register Now - September 2019 Video Surveillance Install Course. Thursday, September 12th is your last chance to register for the...
Top Ways Security Integrators Improve Their Careers on Sep 03, 2019
With DIY products expanding and the future of integration debated, how do integrators stay sharp so they are not left behind? 180+ integrators...
Register Now - October 2019 IP Networking Course on Aug 28, 2019
Register now for the Fall 2019 IP Networking Course. This is the only networking course designed specifically for video surveillance...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Security Integrators Outlook On Remaining Integrators In 2025 on Aug 22, 2019
The industry has changed substantially in the last decade, with the rise of IP cameras and the race to the bottom. Indeed, more changes may be...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
US Government Ban of Dahua, Hikvision, Huawei Takes Effect Now on Aug 13, 2019
The 'prohibition on use or procurement' of Dahua, Hikvision and Huawei products and 'essential components' take effect today, August 13, 2019, one...
Proactive CCTV "Only Affordable Video Archiving Solution" Profile on Aug 12, 2019
Proactive CCTV is claiming to offer "the only affordable video archiving solution on the market", reducing the storage typically required for H.265...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
Mobile Access Usage Statistics 2019 on Jul 18, 2019
The ability to use mobile phones as access credentials is one of the biggest trends in a market that historically has been slow in adopting new...

Most Recent Industry Reports

How Cobalt Robotics May Disrupt Security on Sep 13, 2019
While security robots have largely become a joke over the last few years, one organization, Cobalt Robotics, has raised $50+ million from top US...
Panasonic 4K Camera Tested (WV-S2570L) on Sep 13, 2019
Panasonic has released their latest generation 4K dome, the WV-S2570L, claiming "Extreme image quality allows evidence to be captured even under...
ASIS GSX 2019 Show Report Final on Sep 12, 2019
IPVM went to Chicago for ASIS GSX 2019, with many exhibitors disappointed about traffic and the exhibitor schedule changing next year. Inside we...
Installation Course - Last Chance - Register Now on Sep 12, 2019
Last Chance - Register Now - September 2019 Video Surveillance Install Course. Thursday, September 12th is your last chance to register for the...
Commend ID5 Intercom Tested on Sep 12, 2019
Commend touts the new ID5 intercom as 'timelessly elegant' and the slim body, glass front touchscreen indeed looks better than common, but ugly,...
US State Department: "Chinese Tech Giants" "Tools of the Chinese Communist Party" on Sep 12, 2019
The US State Department has called out "Chinese tech giants" for being "tools of the Chinese Communist Party" in a blunt new speech that makes...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Yi Home Camera 3 AI Analytics Tested on Sep 10, 2019
Yi Technology is claiming "new AI features" in its $50 Home Camera 3 "eliminates 'false positives' caused by flying insects, small pets, or light...
Hanwha Announces 32MP Camera + AI Line on Sep 10, 2019
In the first rise in maximum megapixel resolution in 5 years, Hanwha has announced a 32MP / 8K camera directly competing with Avigilon's H4 30MP /...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact