On 02/06/2018 02:56 PM, Bob Goodwin wrote:
I bought twoptz cameras which can be viewed and controlled with the
family iPhonesand of course they would like to use the "Armcrest"
cloud/server in order to view them while away during the day. The
cameras would connect to my LAN and via my router to the Viasat modem. I
have always tried to avoid such connections to my system and doing this
is worrisome.
This is typically how most things such as SimplySafe and most home
automation systems). It's essentially a TURN system to utilize the
restricted cone NAT on your firewall. The cameras report out to the
Armcrest server. This opens an outgoing pipe through your firewall
which permits Armcrest to come back through your firewall to connect
to the cameras. The app connects to Armcrest and uses the information
there to get back to your cameras. This is essentially the "RELATED,
ESTABLISHED" conditions you may be familiar with in iptables.
In home automation, the cone NAT connection is generally only between
the automation hub and the cloud service, with the hub doing the heavy
lifting of talking to the automation devices (the individual devices do
NOT talk to the cloud--just the hub).
Is it dangerous? Well, anything that permits incoming data through your
firewall can be bad, but this is generally restricted to just allowing
Armcrest through your firewall in a bidirectional mode. It doesn't poke
other holes and the TURN/cone mechanism only allows incoming data from
the Armcrest server. So it's something to watch, but I wouldn't panic.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks(a)alldigital.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- A squeegee, by any other name, wouldn't sound as funny. -
----------------------------------------------------------------------