InspectorGadget Posted December 28, 2007 Share Posted December 28, 2007 HI, I would like to ask a question about Texecom and the comIP modules, this would also cover other panels and makes but primarily it is the Texecom comIP I am interested in.. If as I have read that the way forward for ARC's is to use this sort of technology( IP based ) opposed to GSM/Redcare etc, what security has been built into these devices to stop any tampering or unauthorised remote configuration.. If this is the way its going there would seem to be many more of these coming online in the future. If you have a house with a texecom XXX pannel, and a comIP board. this could suggest that there would be a port open on an internet/externally facing IP address for monitoring or configuration. It would not take much to locate ( at least ) the ones with a default port setting for speed (though all ports could be scanned in a matter of seconds), all you would need to do is look for the specific "default" port to fly in straight past any firewall and onto the pannel directly. Once there assuming that most people do not look at "I.T security" a copy of the software and default password could secure access to that pannel. Even with a UDL password this could be bruteforced in a period of time maybe seconds or minutes on the basis that it was entered or changed in the first place. To take this further there are methods of locating IP addresses through providers and in some cases to end user addresses. I would hope that this has not been overlooked by the manufacturers.. Can I have your comments/experiences please.. Thanks Link to comment Share on other sites More sharing options...
topalarms Posted December 28, 2007 Share Posted December 28, 2007 In a secure system IP signalling should form only 1 path of a dual or triple path signalling system and does not/should not of itself give access to any panel programming. Link to comment Share on other sites More sharing options...
morph Posted December 28, 2007 Share Posted December 28, 2007 This is not a topic that should be discussed in the public forums and would ask that any members consider what they post. If your in the trade then apply for trade membership and start your discussion there. Link to comment Share on other sites More sharing options...
amateurandy Posted December 28, 2007 Share Posted December 28, 2007 This is not a topic that should be discussed in the public forums Why not? Security on IP networks is a very public topic and the use of firewalls etc. is debated endlessly in public IT forums. IT generally does NOT depend on "security by obscurity". The principles and methods may be different to what you have been used to in the alarm business but IP security isn't going to change its fundamental ways of working. You should have nothing to fear by being open about this subject. Link to comment Share on other sites More sharing options...
topalarms Posted December 28, 2007 Share Posted December 28, 2007 Explaining why the technology, when properly used, doesn't lack security is hardly something that should be witheld from the public! Link to comment Share on other sites More sharing options...
Guest anguscanplay Posted December 28, 2007 Share Posted December 28, 2007 Explaining why the technology, when properly used, doesn't lack security is hardly something that should be witheld from the public! doesnt it? Link to comment Share on other sites More sharing options...
topalarms Posted December 28, 2007 Share Posted December 28, 2007 doesnt it? How often you used it? Link to comment Share on other sites More sharing options...
IPAlarms Posted December 28, 2007 Share Posted December 28, 2007 If you have a house with a texecom XXX pannel, and a comIP board. this could suggest that there would be a port open on an internet/externally facing IP address for monitoring or configuration. You are correct and this is a problem if an IP board requires port forwarding in order to work. It would not take much to locate ( at least ) the ones with a default port setting for speed (though all ports could be scanned in a matter of seconds), all you would need to do is look for the specific "default" port to fly in straight past any firewall and onto the pannel directly. Once there assuming that most people do not look at "I.T security" a copy of the software and default password could secure access to that pannel.Even with a UDL password this could be bruteforced in a period of time maybe seconds or minutes on the basis that it was entered or changed in the first place. This can also be done over PSTN if the attacker knows the telephone number that the panel is on, so there's no real difference between IP and PSTN if the installer sets up the panel in an unsecure manner. I would hope that this has not been overlooked by the manufacturers.. Can I have your comments/experiences please.. You will find that all except one manufacturer of IP boards use the UDP protocol and some may require port forwarding to work. No up/download - no risk. Up/download initiated from the panel - no risk. Up/download initiated from the office and you face the same security issues you face now over PSTN. Free Alarm Monitoring over the Internet from IP Alarms Link to comment Share on other sites More sharing options...
IPAlarms Posted December 28, 2007 Share Posted December 28, 2007 In a secure system IP signalling should form only 1 path of a dual or triple path signalling system and does not/should not of itself give access to any panel programming. Hi topalarms, I'm not saying that is right or wrong, but is that your personal view - or the general view of the industry/inspectorates ? What is your/their suggestion for providing remote panel programming on a "secure system"? Free Alarm Monitoring over the Internet from IP Alarms Link to comment Share on other sites More sharing options...
Guest anguscanplay Posted December 28, 2007 Share Posted December 28, 2007 How often you used it? none, as you know - thats why I`m asking Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.