Understanding IP Event Reporting. Ted Nesse November 17, 2016 North Latitude Technology, LLC

Transcription

1 Understanding IP Event Reporting Ted Nesse November 17, 2016 North Latitude Technology, LLC 2 1

2 Goals Distinguish Internet Protocol reporting, cloud reporting and other types of reporting. Recognize three key types of IP access available at protected premises Define some buzzwords and acronyms used for discussing IP reporting Understand factors for successful cellular IP reporting Learn key considerations for IP traffic security Anticipate gotchas for remote programming Establish ideal work-life balance (time permitting)

3 Questions Time for questions at the end Write them down so you don t forget! Or just shout them out

4 Attack! Critical data vault you re invited to attack from your phone Can you guess my secure password? (Actually just a demo of lousy passwords)

5 IP Now Widely Used What IP-reporting products do you use now?

6 Is It Really IP? ? Sure, is sent and received using IP Text Messages? (SMS = Short Message Service) Technically not IP reporting, but close enough Premises communicator to central station over IP? This is real IP reporting High assurance message delivery to a contracted central station assures a reliable event response

7 Acronyms Preserving the Mystery IP = Internet Prococol A collection of protocols used for exchanging packets of digital data On a network shared with many users Many of whom cannot be trusted Most systems an IP sub-protocol: TCP Transmission Control Protocol UDP User Datagram Protocol

8 TCP = Transmission Control Protocol Forms a connection between the two devices that are communicating Handles message integrity detects corrupted message data Handles lost message retry Maintains order of message parts sent in multiple packets Expensive takes a lot of extra data to provide the deluxe services

9 UDP = User Datagram Protocol No connection overhead, messages are sent once and forgotten Message integrity is not assured Lost messages are not retried Message packets may arrive out of order But. It s efficient not much more traffic than the data itself

10 TCP vs UDP, So What? For a typical IP event message of 102 bytes: 97FD003A"SIA-DCS"0001L000000#1234[1234 NFA129]_02:10:38, bytes of event data, and 33 for ack TCP takes 629 bytes 9 packets 6.1 times the 102 bytes transmitted UDP takes 185 bytes 2 packets 1.8 times the 102 bytes transmitted UDP costs 1/3 as much as TCP, to send the same data Bytes UDP TCP Overhead Message

11 Partly Cloudy Is IP reporting the same as cloud security? Communicators may report to a server You don t know where the server is so it s in the cloud That service may rebroadcast premises events using usercontrolled rules It s not IP event reporting, but It certainly can be set up as a high assurance event delivery system You need to check out the details to make sure it is robust enough to meet your contract obligations to your customers Survives failures Secure Delivery confirmed

12 Types of IP Connections At a protected premises, you will typically encounter 3 types of IP connectivity Ethernet Wi-Fi Cellular Data Ethernet IP Communicator Ethernet IP Communicator

13 Ethernet This is the familiar 8 pin modular cable Useful when premises IP is well-managed + service to mitigate firewall issues Pro Unlimited capacity Fast Free Con Vulnerable to owner-initiated service changes Access to and adjustment of router settings is often impossible Requires wire installation to Ethernet switch on premises IT departments won t let you on

14 Wi-Fi Wireless connection to a Wi-Fi router on the local network Pro Con Unlimited capacity Fast Free Vulnerable to owner-initiated service changes Access to and adjustment of router settings is often impossible Signal is susceptible to attenuation and interference IT departments won t let you on Matching security settings can be hard

15 Cellular Data A cellular communicator is installed at the premises to provide an IP connection through one of the public cellular data networks Monthly contract for data transport Typically a few $/mo (varies widely) The best solutions are tightly integrated, usually supplied by the panel manufacturers

16 Cellular Pro Fast installation End-to-end control of communication Can be configured with robust security No line-cut vulnerability Con Monthly data costs Higher initial hardware costs Signal is susceptible to attenuation and interference

17 Cellular Data Providers Cellular data is now the most common way to connect communicators Verizon (Carrier) AT&T (Carrier) T-Mobile (Carrier) Sprint (Carrier) Kore - Wyless (MVNO) Wyless (MVNO) Numerex (MVNO) Telit IOT (MVNO) Aeris (MVNO)

18 Is Cellular the Same as IP? Increasingly true The original cellular solutions used an audio channel to send the phone-line protocol But most new solutions make an IP connection Cellular Communicator

19 Limiting Traffic On Cellular This is a big deal and can be hard to manage Open/close, supervision, remote programming can overrun plan limits - Most plans can cover a report or two a day Swinger conditions can burn an account quickly equipment should have a feature to control this Install some test systems in live accounts, and monitor their traffic usage Audit installations to be sure the programming is consistent with the allowed traffic

20 Open Protocols and Proprietary Protocols Open Protocols Developed with an open standards process Accessible for use by all industry participants ANSI/SIA DC-09 is the primary such open IP protocol Not widely adopted in the US Significant use in Europe, especially Switzerland Proprietary Protocols Designed by each manufacturer, and require their technology at both ends DSC s Fibro protocol is the most popular IP protocol, and is available from most central stations Licensed to other manufacturers as well

21 Both Open and Proprietary Protocols Have Benefits Open Proprietary Multiple suppliers of compatible equipment allows the transmitter supplier and the central station to be selected independently Solutions tend to be simpler and more stable Defensible as a best practice as it has broad industry support One manufacturer is able to maintain the compatibility of transmitters and receivers Generally provide more features since the same manufacturer controls both ends and can roll out upgrades May serve application areas where standard protocols have not been developed But most important: Select a protocol that is compatible with your central station(s)!

22 Application Encryption Event protocols tend to use application encryption Data packets themselves are encrypted by the transmitter Passwords are pre-shared between the transmitter and receiver ( PSK for pre-shared keys) Attackers can view the encrypted packets, they cannot be decoded and interpreted. Attackers can submit packets, but can t encrypt them correctly so they are processed

23 Transport Encryption Some systems may use transport encryption The transmitter and the receiver establish a secure channel using a certificate-based IP standard such as TLS 1.2 Yet another acronym Transport Layer Security, new name for SSL - Secure Sockets Layer Traffic is encrypted within IP, and keys do not need to be individually maintained Requires more computing resources for the transmitter than has been available Increases amount of data an issue especially for cellular Takes about 6500 bytes to create a TLS session (Nasko Oskov at Netsekure.org) Our sample message suffers 30x overhead compared to application encryption using UDP If you re paying for bytes, that s a lot of expense But transport encryption is increasingly used as transmitters have more resources and communication costs fall

24 Keys (Passwords) When you work with application encryption, you likely will need to work with keys (aka passwords) Planning for key management is an important aspect of supporting IP Common Keys When the receiver uses the same key for each transmitter, the keys are said to be common While often done, this is unacceptably risky by current standards Compromise of a single account exposes ALL the installed base Private Keys When each transmitter has a unique key, it is a private key. Additional effort/overhead is required to maintain the keys Compromise of a single account DOES NOT expose all the installed base

25 Security for Alarm Traffic Who has hacked the critical data vault? Incredibly, many (most?) communicators are set up with even worse passwords often the factory default Don t be that type of security provider

26 Remote Programming Connections Generally a separate consideration from event reporting protocols For some solutions, you can t contact a device from the central station to establish a connection - due to firewalls that you can t configure Be sure your IP solution includes a practical way to remote-program the transmitters

27 Conclusion We Covered What is IP reporting? IP access types you ll encounter Types of IP protocols open or proprietary IP over cellular avoiding traffic surprises Securing IP event traffic Application or transport encryption Shared or private keys Remote programming IP-connected systems

28 Takeaways Cellular is the way to go for premises connections Controlling the amount of cellular data traffic is important (UDP using application encryption for lowest data costs) Open protocols and proprietary protocols each have benefits Don t use a common password for the account base (or use TLS if your solution can support it) Be sure you have a solid remote programming solution for your IP communicators

29 Where To Get More Information (standards committee) (DC-09 resources) Your central station

30 Questions?

31