Point-to-Point vs Port forwarding vs VPN for Surveillance Monitoring

by Damion Dick

14th August, 2019.

Today’s topic is a question that I have been often asked by customers and colleagues… “Which method is best to connect and monitor my Surveillance System?”

We will compare the following:

Point-to-Point (P2P/Cloud)

Port forwarding (Static versus Dynamic)

VPN (Virtual Private Network or Private Tunnel)

Now let’s see which one would be best to use to connect to your Surveillance system.

Let’s start by looking at the pros and cons of each type of connection.

1. Point-to-Point Method

Point-to-Point (P2P/Cloud)

Point-to-point or Cloud connection is the means by which you can use a mobile device via an app or a piece of software on your PC to connect your Surveillance system via a server that’s in the cloud or in someone else’s Data Center directly to your device.

The way it works is that your phone or device connects to the manufacturer’s “Cloud” or P2P server; also, your system connects to that same server. There is usually some form of secure authentication and then access to the video feed and system is allowed. Each Manufacturer of course will have documentation for their process.

Pros:

  • Easy configuration (see manufacturers documentation)
  • No port forwarding necessary once a router support UPnP
  • Devices are bound to a single account (sometimes) and can easily be shared with whom you choose.

Cons:

  • It uses UPnP so you do not control which ports are opened.
  • It is someone else’s server and if it goes down there’s nothing you can do but wait until it comes back up.

General warning: not all manufacturers make great point to point solutions.  Some of them do not require the device to be bound to a single account so it can be easily taken over if someone knows the serial number of the device and the default settings have not been changed.

Also if that company goes out of business and stops supporting their server you would be left with no means to connect to your CCTV system other than the two methods previous mentioned (port forwarding or VPN).

*recommended for residential systems and persons you trust with access

2. Port Forwarding Method

Port Forwarding

Port forwarding is a function of network routers that allows a user to configure specific communication ports to be routed to devices on a network, such as a computer, DVR, or IP camera. Simply put, you are punching a hole through your firewall to allow access to a specific device (server, PC, DVR/NVR, etc.)

Pros:

  • You have control of which ports are opened
  • If using ports not restricted by ISP it usually stays open
  • You have greater visibility and information regarding access details (time, user, IP address, etc.)
  • You can choose between static IP or Dynamic IP addressing (using DDNS) for remote access

Cons:

  • Ports that are opened stay opened all the time
  • If you do not have intrusion detection or prevention enabled you are exposing your system to attacks from the internet
  • Related to the previous; if a user has a weak password it compromises the system, so encourage the use of strong passwords.

Using this method is so far the most flexible option if you require more granular control, especially in situations where more than one person is required to access the system.

Also using a Dynamic Domain Name Service (DDNS) makes it easier to access via its web browser without the need to install the PC/Mac Client associated with your particular system. DDNS makes it so you can use “mycompany.com:80” instead of an actual IP address like “188.40.100.xx:80”which can change at your ISP’s whim and fancy.

If you have a static IP assigned to your router you can just use that as well.

*recommended for both commercial and residential use for accountability and controlled access to the system.

3. Virtual Private Network (VPN or private tunnel)

VPN (Virtual Private Network)

A virtual private network (VPN) is programming that creates a safe and encrypted connection over a less secure network, such as the public internet. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols.

OK, that was the very techie explanation but to simplify as it relates to our usage, it works similarly to the Point-to-point method except that it is a secure, encrypted tunnel to your network from outside of it via the internet.

Pros:

  • Offers greater security when connecting from remote locations
  • Useful for secure monitoring by a third party
  • You can use the DVR/NVR IP address directly (no need for DDNS)
  • No need to expose system and router ports to internet and risk open attacks.

Cons:

  • Speed of connection may be slower due to VPN overhead used for encryption of traffic
  • Extra steps required for connection

VPN technology is a very secure way to monitor your CCTV system but is not commonly used by residential users because of the complexity of the VPN setup in some cases, and these extra steps take away from the ease of use associated with a method like the Point to point method.

*recommended for use in professional, security and enterprise environments.

These methods are the most commonly used when it comes to connecting to Surveillance systems but the one you choose will ultimately be determined by your needs and how intimate you are with each process.

Need advice for choosing the best method for you?

feel free to Contact Us!!!