News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Obi 110 + Security Panel. Is security being compromised?

Started by salimashah, October 07, 2014, 09:48:38 PM

Previous topic - Next topic

salimashah

I have a security system and I am incorporating OBi-110.

Earlier configuration

Telco  <--> Security_panel <--> Home_phone(s)
                 Internet_access

The connection between Security_Panel and Home_phone is considered 'secure connection' and any access through the telco side is password protected. The internet connection is also secured with password.


New Setup

Telco <--> Security_Panel  <--> Obi110 <--> home_phone(s)
                 Internet_access       Internet_access

Question:
With Obi on the unsecured port of the security panel is my security compromised?

The answer will be NO, if the internet port of obi can NOT flow to the Security_Panel.  Internet --> Obi  --XXBreakXX -- Security_panel

The answer will be Yes, if we can form this path
internet -> Obi -> security_panel.

The answer will be Maybe if we can
Internet -> Obi --XXBlockXX -> Security Panel
where block can be password or setup option.

Salim

SteveInWA

One issue is remotely logging into the OBiTALK portal to access your OBi's settings.  Just doing that doesn't give anyone access to your home IP network or to the security panel directly.  Either disable OBiTALK portal access entirely, or assign a very strong password (at least 14 characters, using a combination of upper and lower case letters, numerals and punctuation symbols).  Even if someone were to guess your password, they'd also have to be an OBi expert, which I doubt any criminals would be, to further manipulate your settings.

In theory, someone would need to know how to use the OBi auto-attendant, and/or change your OBi's settings to re-route telephone calls in via the auto-attendant (which you can also disable), and then know that you have a security panel, and know how to access it.  Unless you are a character in a Mission Impossible or James Bond movie, that is extremely unlikely.

If you are that concerned about security, consider that the vast number of intrusions are physically via unlocked or easy-to-force open doors or windows, or forced entry smash and grab.  Focusing on physical security is more important than any alarm system.  It would be easier to just cut your internet and phone lines than to hack your OBi.  If you are still not comfortable, then get a dedicated connection for your security system...POTS line, or cellular.


salimashah

Thank you for a prompt reply.

Is there a finer switch that allows obi_attendant to disallow the dialing out through the telco port?

or can I set a rule that would only allow "#" to communicate to the security panel only through home_phone port.

Your view point on security is well understood. I dont want to simply put a lock on the door and leave the keys under the mat.

Salim









azrobert

The Auto Attendant has its own DigitMap and outbound route, so you can restrict what it can do. If you don't use the AA it can disabled.

MurrayB

Going to cellular monitoring communication eliminates any possible Obi issues or the cutting or tampering with your telco line.

giqcass

Quote from: MurrayB on October 08, 2014, 07:33:00 AM
Going to cellular monitoring communication eliminates any possible Obi issues or the cutting or tampering with your telco line.

True simplicity is better but nothing is tamper proof.  Cellular tech is pretty simple to disable.  Cell jammers can be bought fairly cheap.  I assume the alarm already has battery backup of it's own.  If I were to use VOIP for an alarm I would be primarily concerned about battery backup for the VOIP/internet equipment.
Long live our new ObiLords!

SteveInWA

Quote from: giqcass on October 08, 2014, 10:31:39 PM
Quote from: MurrayB on October 08, 2014, 07:33:00 AM
Going to cellular monitoring communication eliminates any possible Obi issues or the cutting or tampering with your telco line.

True simplicity is better but nothing is tamper proof.  Cellular tech is pretty simple to disable.  Cell jammers can be bought fairly cheap.  If I were to use VOIP for an alarm I would be primarily concerned about battery backup for the VOIP/intenet equipment.  I assume the alarm already has it.

This is not the movies.  The likelihood of men in black going around breaking into houses with a cell phone jammer is about as likely as the Cubs winning the world series.  The large majority of residential crime is perpetrated by idiots and drug addicts, not geniuses from the TV show "Person of Interest."

giqcass

Quote from: SteveInWA on October 08, 2014, 10:37:12 PM
This is not the movies.  The likelihood of men in black going around breaking into houses with a cell phone jammer is about as likely as the Cubs winning the world series.  The large majority of residential crime is perpetrated by idiots and drug addicts, not geniuses from the TV show "Person of Interest."
You always know how to get me going.  Let me rephrase so I can get my point across.

Cellular provides no additional security in the form of tamper protection.  Money would be better spent on something more practical.  It's far more likely that a house becomes a target of opportunity because of a random power outage.  Consider battery backup for the Obi and all related internet equipment if you haven't already.
Long live our new ObiLords!

giqcass

Quote from: SteveInWA on October 08, 2014, 10:37:12 PM
This is not the movies.  The likelihood of men in black going around breaking into houses with a cell phone jammer is about as likely as the Cubs winning the world series.  The large majority of residential crime is perpetrated by idiots and drug addicts, not geniuses from the TV show "Person of Interest."
Even though I agree with you it is very unlikely I had to post this anyway.
http://www.nassaucountyny.gov/agencies/DA/NewsReleases/2014/010914-burglaryring.html
Long live our new ObiLords!

salimashah

Great!

To plug the venerability due to OBI with my security panel I can

Simple: Turn off AA.
Refined: Block "#" from AA to go to the line.

I will look for help in the setup thread. (azrobert?)

The search/discussion on what would be an ultimate super secure system is a never ending discussion.

Salim