Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2017

By: John Honovich, Published on Mar 30, 2017

Cyber security concerns are escalating, even in the video surveillance industry which has historically lagged in its attention here.

A key element of cyber security is what remote access technologies is used. In particular, DDNS has come into particular attention given Hikvision's discontinuing of its insecure DDNS service and Dahua's backdoor discovery, as DDNS exposing devices to the public Internet increases risk to cyber attacks.

160 integrators told IPVM what remote access technologies they most commonly used and the big three were VPNs, DDNS and P2P. Inside this note, we break down the statistics and share detailed commentary from integrators.

Key ********

***** *** *** *** most ******** ***** ****** access ********** **** (**** ~50% ** *********), **** was ***** *******, ****** in ** ~**% ** the ***** ***** *****:

***

**** **** ********* *** their ********* ******** **** DDNS *** ******* ** larger ************:

  • "*** *** *** ************ prefer."
  • "***... **** ****** *** reliable"
  • "***, **** ******... *** more ******."
  • "*** ******* - **** has **** **** ******. We've *** ********** ***** DDNS."
  • "*** - ******** *** ability ** ****** ***** resources ** *** *******."
  • "***. ***** *** ******** control ** *** ****** on ***** *** ** they ***** *** ** connect *** ****** ** our *******. *** ****** also *** * ******** ON/OFF ***** **** ****** the ******** ** ********** disable *** ******."
  • "********* ** *** ** access *** ***, ** this ** * **** that **** ******* *** for ***** *******. ** are ****** ********* ** existing **************."
  • "** ******* ******** ***** VPNs ********* *** *** Networks ********. **** *** easy ** *** **, and ***** ****** ****** management ***** *** **** cost *** *** ******** well ***** ** (**** service **** ****** *** VPN)."
  • "** **** **** *** for ********* *** ***'* have ******* **** ******* VPN. ******** *** ****."
  • "***. **** ****** ****** and **** ****** *** remote ****** ** ***** work *********. **** ********* who **** ** **** cameras ******** **** ********** having ****** ****** ** work *********, ** **** justifies *** ******** ****** expense *** ********** ** a *** ******."
  • "*** ** ******** (************ Tosibox, *******). ******, **** solution."
  • "*** ** ******. *** customer *** ******** *** end *** *******. ***** liability *** ** **."
  • "***. **** ** ** customers *** ****** ***** business **** ***** **** may *** **** ********* IT *****, **** *** at ***** ******** ** staff."
  • "*** **** ****** *** customer ** ******* *** aware ** *** ***** otherwise. ******** ****** *** not ***** *** **** app."

****

** ********, **** **** widely ****** ******* **** were **** ** *** and *** *** ******* much ***** ** ******* client **** ********:

  • "**** - ******* *** faster *** ** *******."
  • "**** - ******* ** configure."
  • "**-** **** **** **** forwarding."
  • "****, ******* ** ** the ******* ****** *** totally *********** ** *** user. **** ** ********** software ** ******** ** added *****."
  • "****. ** *** *** No-IP *** ******* ** as * ***** *** for *** *********. ** also *** *** ****** name ** ***** **** they *** ** ***** is * ***** *** noticeable ******** **** ** are *** **** *** know ***** ******."
  • "****. ****** ** ** a ********** ******** ** regulated ******** (*******, **********, utilities, ***.) **** ****** consumers ****** ****** ** work ** ** *** or *******. *** ** sort ** **** ** this *****."
  • "**** ** ****** **. I ***** *** *** built ** **** ** any ** *** ***** "Easy" ***** ** *******. I **** ** ******* who ** **** ** see ****** ** *** network."
  • "******* *** *******. * usually *** *** ** mine *** ****** *** customer."
  • "****, ******* * **** trust ** ******* ***** servers. * ***** **** can ****** ** ***** devices. * ****** ******** for ***** *** ***** in * ******* ***** with ******* ******."
  • "****, ******* **** ****** are **** ****** & can ***** ******* ****** access."
  • "**** ******* *** *** easiest *** ******** ***."
  • "********* ** *** *********** ports *** **** **** through *** ********."
  • "**** - **** ** our ********* **** ** contract ** (** **** even **** ** *******) and **** ************* *** not ******** ********."

Mix - *** *** ****

* ****** ********** ******** was **** **** **** a ******* ** **** for ****** ********* *** DDNS *** ******* *********:

  • "****** **** *** ***. We *** **** *** small ****** *** *** for ****** *******. *** we ***'* ***** **."
  • "*** ** ********. **** if ****** ******** *** option."
  • "*** ***** ********* ********* schools, ********, ***., ** insist **** **** *** their ******** *** **************, or ** *** *** up *** ****. *** smaller *************, *****, ** will ******* *****. *'** suggested **** ** **** a ****** **** ********* sign ** **** *********, but **** ***** ****'* happened. *** **** *****."
  • "** ****** ******* ** the ******** *** ****** use. ** ** ** a *********** *********** ******* it *** **** ****. Commercial ** ********* ******** by *** ** **********. I ***** *** * VPN ** *** ****** setup *** **********."
  • "**** *** ***...**** ** our ************ *** ** secure ******** ******** *** they **** * ****** need *** ******** ** their ******** *** **** are *** ****** ** our **********...** *** **** for ****** ****** ***** of **** *** ***** commercial *******..."
  • "**** ********* *** ********* over ***. ********* ********** more ******. ***** ********* only **** ****** ** a ****** ***, *** at * ****, *** DDNS ** **** *** supports ***** ********-********* *********."
  • "****** **** ***** ** has **** ***, *** usually **** ** *** customer's ** *****. *** smaller *********, ****** *********** using **** ********** *** worked ****."

***

*** *** * *** third ******, **** **** ~10% ** *********** ****** it:

  • "*** ** **** **** a ****** ****** ** address."
  • "***. * ** ***** business"
  • "* *** *** ******** in *** ***** *************. It ** ** ****** that * *** ** it **** *** ***** with *** ********."
  • "******* ******* ** *** P2P *** **** ** access *** ******* ** involvement."
  • "**** ** *** ********* are *********** ** ***, as **** **** ** the **** * *** up ****** ****** *** P2P"

*******, *** *** ** growing **

  • "**** ********* ** ***"
  • "**** ************, *** ************* towards *** ** *** providers **** ********* ***********."
  • "*** *** ******** ** releasing * *** *** their *** ** *** next ******* **** **** not ******* **** ********** and ***** **** ****, we **** ******* ****** it. ** **** **** be *** ****** *** us."

******* ** ********* *** allowing *** **** **** on ***** ******* *** their ******* ***** ** remove ******* **** ***** DDNS, **** **** **** push *********** ** ***, which ********* ** *** advocating (*** ******* / Ezviz). ************, ** ****** Dahua ** ********* ******** P2P ** **** *** to ******* **** *** backdoor.

** *** ***** ****, P2P ******** ***** *** the ******** ** *** P2P ********, ***** **** be * ******** *** all *** ********* *** especially ** *** ***** and ********* ***** ***** track ******.

Cloud / ******

** *** *********, **** cited ***** / ****** video. ***** ********* ** some ***** / ****** video ***** **** *** it ******* ******* * niche *********** (*.*., **** use ** **** / residential **** ****, *****.***, etc.) *** *** ***** quite ******** ** *** commercial / ********** ******.

Comments (12)

Of 161 responses, none cited cloud / hosted video. There certainly is some cloud / hosted video being used but it clearly remains a niche application (e.g., some use in home / residential with Nest, Alarm.com, etc.) but not still quite uncommon in the commercial / enterprise market.

What I see the cloud being used for the most in the near future is for remote connections rather than storing video. You connect to the cloud, the cloud connects you to your system (P2P). The cloud should create a secure VPN from your device to your system. No port forwarding and no VPN appliance on-site. While small systems might store video in the cloud, I think we're still pretty far from being able to do that reliably. Some cities that have Google Fiber could probably do it. However, the rest of the world is stuck on minimal bandwidth.

Agreed. That's why we differentiated 'P2P' from 'Cloud'. While 'P2P uses the 'cloud', its an add on rather than the main function of the system (by contrast, Eagle Eye cloud managed video or Nest cloud hosted video).

FD I'm CEO of Camio. This hybrid approach came from the same observation that you describe @John Bazyk. We noticed that 91% of user sessions were happy with search result thumbnail summaries without even playing the video:

91% happy with search results alone

So rather than continuously streaming to cloud storage, the best-of-both-worlds combo is locally stored hi-res video and cloud-indexed metadata. And per your point, rather than relying on VPN, DDNS, or P2P, the cloud can orchestrate the connections via SSL.

I think P2P is fantastic. We just need full control of all the settings just as if we did port forwarding. As of right now, its somewhat limited as to what you can control through P2P.

The advantages of P2P are:
- incredibly easy to setup, most end users can do it on their own. Can all be done from a cell phone.
- No need to worry about dynamic IP addresses changing, so no need for DDNS
- If your router resets or if you change your router, you dont have to worry about re-configuring the clients router again. (Less Call Backs)

Disadvantages:
- Security Concerns
- Less Control over Unit settings as compared to traditional port forwarding
- Performance is based on cloud server. I will say that performance was slow when P2P first arrived, but lately, i see no issues at all.

Most users only care about live view and simple playback when it comes to remote viewing, for this reason, we have switched to primarily using P2P on tech support calls, which results in less call backs and issues.

Sean, good comparison.

On security concerns, it can be segmented into 2 fundamental categories:

(1) The security of the P2P from external threats. These P2P infrastructure will become very appealing targets for hackers since they will eventually have hundred of thousands or millions of devices connected to them.

(2) The security of the P2P from internal misuse. These P2Ps enable the provider to have direct access inside of customer's networks (both in terms of video and as well network connectivity to other local computers / devices). The provider will need to be trusted not to take advantage of this.

Another thing, and this speaks in regards to Hikvision specifically, is the web interface of the P2P site needs to be more professional looking. Right now it looks more like a "fun happy" site than a professional security platform. Go to ezvizlife or guardingvision.com and it looks like a website made by a really cheap CCTV manufacturer. It lacks the professional looking user interface that the rest of the HIkvision software interfaces have. Hoping they get this resolved as P2P becomes more widely used.

Sean- Take a look at the Hik-Central Platform, I know this is unlike Ezviz but they have greatly improved the professional appearance from iVMS-4200 as well

Marty -  Just downloaded the App. Agree, better looking than ezviz app, but I still prefer the ivms4500 cell phone app.

My complaint was on the cheezy ezviz web interface. Is their a web interface for hik-central?

Maybe I'm missing something, but VPN and DDNS aren't really interchangeable. Some sites can use VPN as they would probably have a fixed IP endpoint (hence no need for Dynamic DNS) and required VPN ports already forwarded (443/500/1723 etc).

All DDNS does is update an internet name (e.g. Client001.thruhere.net) with an IP address that changes intermittently. Even with VPN, you still need a fixed endpoint, whether IP or DNS name, to connect to. If you don't have that fixed IP, then you need DDNS, whether or not you use VPN.

The benefit of VPN is that it gives tighter control over users using things like RADIUS authentication and it gives the user access to any number of devices on the secured network. To do this with DDNS (assuming a single public IP) you need many port forwards which increases your attack surface area. You're also relying on the devices resistance to attack (brute force or otherwise) which can vary greatly.

@#1 there's really interesting research published about Google's elimination of VPNs at BeyondCorp and described in their no-vpn-security approach. That commitment to eliminate VPNs is a pillar of Google's security.

Interesting indeed. And it makes sense as typically VPNs give access to any device on that LAN segment. It sounds like Google are creating a trusted link from the client device to the hosting device so sounds much more secure.

Perhaps all those VPN users like to be sure they are up to date with versions.

Open VPN is what's uses in DD-WRT routers, as it's open source.

https://www.exploit-db.com/exploits/41993/

Naturally vendor specific VPNs may not be effected.

Better safe than sorry.

Read this IPVM report for free.

This article is part of IPVM's 6,537 reports, 881 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
Infinova, March Networks and Swann H1 2020 Financials Examined on Sep 02, 2020
While Dahua and Hikvision, helped by fever camera sales, are recovering from...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
Fever Camera Sales From Integrators Surveyed on Jun 01, 2020
Fever cameras are the hottest trend in video surveillance currently but how...
Facial Recognition: Weak Sales, Anti Regulation, No Favorite, Says Security Integrators on Jul 07, 2020
While facial recognition has gained greater prominence, a new IPVM study of...
Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Uniview H1 2020 Financials Examined on Sep 08, 2020
While Dahua and Hikvision, helped by fever camera sales, are recovering from...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Anyvision Raises $43 Million, Focusing on Access Control And Remote Authentication on Sep 04, 2020
While Anyvision has had a tumultuous 2020 with significant layoffs, the...
Dedicated Vs Converged Access Control Networks Statistics 2020 on Sep 10, 2020
Access control is a crucial system where the network used can impact life...
Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2019 on Oct 25, 2019
Remote access can make systems more usable but also more vulnerable. How are...
Favorite Access Control Credentials 2020 on Sep 15, 2020
Credential choice is more debated than ever, with hacking risk for 125kHz and...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...

Recent Reports

Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...