Remote access software, VNC, Pc Anywhere RAS Admin etc.
I have a client who needs to conect to three seperate challener panels from his office PC, I plan to install ethernet cards to all panels what else do I or the client need to provide for this solution.
Static ip address and routers at each challenger?
What is the best set up procedure?
Assistance required.
Thanks.
Look Here -> |
Remote access software, VNC, Pc Anywhere RAS Admin etc.
The 3 remote panels dont have workstations, would remote access software connect to the panels? Or is their a requirement for routers, static ip and port forwarding, or am i not making sense?
Thanks
You need to setup the IP address in the tecom panel, the gateway address (router w static IP) setup your ports and port forward the router.
Remote location configure TCP/IP settings in Titan with router IP address.
Make sure security passwords match and computer numbers match etc.
That's the way I'd do it if there were no local machines onsite with Titan installed.
arniedog (22-05-10)
Does the system control doors? If so, you want to be REAL careful, as you are now exposing the site to cybercriminals who can literally open doors.
At a minimum, I would establish a secure VPN and make sure he is only accessing it via a trusted computer (i.e one which has been solidly built, not a busted up old home computer that the kids use).
Whilst George's suggestion will achieve what you are attempting from a functionality standpoint, I caution that many remote access tools, e.g. VNC do not provide any level of encryption themselves.
This is compounded as most 'alarm software' packages have virtually no good software security built-in.
I would be getting someone in to set up a secure way of doing what you are trying. Getting remote access should be trivial. Doing it properly in a way that doesn't drastically affect your physical security, is another matter. Be careful...
Last edited by downunderdan; 23-05-10 at 12:53 PM.
arniedog (23-05-10)
Alarm installers are not network security engineers and this is who you need to employ for this type of job. You really need to have each site behind a secure firewall like a Cisco PIX for example so the customer can VPN in securely. But this not cheap. Opening ports exposes those sites to the internet. But I suppose it also depends what type of client. The level of security for one client prob isn't as important as another for example Bob's Fruit shop is probably not as important to protect as Bob's Insurance Corp.
Leroy
XCRUISER HDSR600HD twin sat and terrestrial receiver $OOS *
XCRUISER HDSR385 Avant - sold out$OOS UltraPlus DVB-T and DVB-S2 tuners $49 Remotes $OOS
arniedog (23-05-10)
I agree, network security is paramount. However, my response was just basic as I do not know the network architecture available.
arniedog (24-05-10)
Downunder, George & Leroy,
This is something that I have been concerned about but have not giving it as much attention as it really deserves. One site controls a single door the other 2 only control the alarm.
The client wants to be able to remotely arm or reset the alarms if required. I agree with the network security level but wouldn't any hacker require the appropriate software and then the password to disarm a building? or do they just find a way into the clients PC?
But maybe thats just a challenge for the hackers?
Thanks for the thoughts, it certainly has me thinking.
A Simple setup of VPN's will do the trick very nicely, no open ports (Well Limited, you still need ports open for your choosen method of VPN Transport) and encrypted traffic to boot.
One thing to keep in the back of your head, perhaps automating the process's a little, or even puttin in a modem to do dialups? If the remote sites dont have adsl, dialling in will save some money.
And yes, I know, dialling in is a security risk, and I know that while your online pulling the logs and doing whatever you want to the panel, someone could be breaking in... etc etc etc... But its just a thought
ReD
arniedog (24-05-10)
I use Cisco 1800 series routers, mainly in medium sized businesses for CCTV. I find these units to be secure and cost effective for the application. It has all the features you need to set up a secure connection. IPsec VPN, IOS firewall and hardware encryption (DES, 3DES, AES etc). These units will set you back approx $500ea.
I would be pointing this out to your customer and make sure they sign something if they wish to go the "unsecure" route.
arniedog (24-05-10)
There's a low-rent alterantive. Get the (presumably) Windows server to have remote access services and a dial-in modem. Whereas 'war dialling' was a big deal in the eighties and early nineties, these days it's a relic and probably not a threat which concerns you. This, together with a robust password and even call-back should be much less exposed than an 'always on' Internet connection. Yes, it's a little slow, but by no means unbearable if you reduce the graphics (colours etc.) and only use it once in a while.
Alternatively, a local copy of Titan on his home computer, and dialling into the panel itself. Bear in mind you are then running multiple databases, so pain may ensue...
If it's just for remote arm and disarm, you can also do this via a controllable relay output from many IP monitoring systems which are quite secure as well (though you may need a control room to do the signalling on your behalf). Ditto SMS control etc.
However remote arm and particularly disarm often turns into a finger pointing exercise when things go pear-shaped, so make sure you have the political discussion first.
Last edited by downunderdan; 23-05-10 at 11:37 PM.
arniedog (24-05-10)
You can use software like Hamachi to set up a secure faux-static ip - the software does the encryption (128 bit) and you can change whatever port you are using from the common ones to improve security - and then use VNC. We have done that with PC's all over the place and it works very well (although not always faultless and can take some time tweaking!). Secure passwords are a must - you can generate your own or read about them and securing your ports at
HTH
Cheers
Hop
arniedog (26-05-10)
You don't need a VPN or any fancy firewalls for that matter to prevent access to the Challenger. When programming the TS0099 module, you're asked to enter the IP address of the management PC which means you can't connect from any other machine. You've also got a 10 digit password and computer address to worry about on top of that. Unless someone gains access to and control of the specific machine the challenger's been told to accept Titan connections from, then there really is nothing to be concerned about. Secondly, all active connections between the Challenger and Titan use Twofish encryption.
If you're that paranoid, go with Forcefield instead.
Last edited by Drift; 26-05-10 at 06:17 PM.
arniedog (26-05-10)
I'm just about to set this up and need to understand the titan and challenger and router programing.
The static IP address would be for the router the challenger network card will have its own IP address.
The Titan software would have a similar IP address as the challenger (within the same range)
Titan gateway parameters would be the static IP that has been assigned to the router
The IP address of the challenger would be port forwarded programed into the port forwarding of the router.
The port programing selection would have to match on both the Challenger and titan.
This is how i understand the programing requirements.
Can anyone confirm this.
Thanks
Arniedog
Would it work with a dynamic IP address
arniedog (02-07-10)
Bookmarks