ELKRP & eKeypad over the internet

[mseicshn]

I recently opened port 2601 on my router. I was able to reconfigure iphone/ekeypad app to connect over the internet. Very cool. I then thought...why don't I try to open the java page on my m1xep. I can't get to it...? Is there some additional config that I need to do to the panel?

 

[mseicshn]

Another good question is.....How secure is that port? Is the rest of my home network at risk?

 

[jaysonc]

You are unable to access the Java page because it can only be accessed from port 80 on the XEP. Port 2601 is only used for direct communication with the M1 using the Elk defined ascii/binary API.

Concerning security, port 2601 is SSL encrypted and when combined with the use of a password setup in the XEP configuration is very secure. This is the same security scheme used by your web login to your Bank or any other HTTPS web site. It will not represent any risk to the rest of your home network.

 

[mseicshn]

You are unable to access the Java page because it can only be accessed from port 80 on the XEP. Port 2601 is only used for direct communication with the M1 using the Elk defined ascii/binary API.

Concerning security, port 2601 is SSL encrypted and when combined with the use of a password setup in the XEP configuration is very secure. This is the same security scheme used by your web login to your Bank or any other HTTPS web site. It will not represent any risk to the rest of your home network.

Is it secure to open port 80 in the same manner as 2601?

 

[video321]

Is it secure to open port 80 in the same manner as 2601?

No. Use VPN or SSH (Tutorial on Cocoontech).
But you use eKeypad so why the need for the XEP interface?

 

[electron]

You are unable to access the Java page because it can only be accessed from port 80 on the XEP. Port 2601 is only used for direct communication with the M1 using the Elk defined ascii/binary API.

Concerning security, port 2601 is SSL encrypted and when combined with the use of a password setup in the XEP configuration is very secure. This is the same security scheme used by your web login to your Bank or any other HTTPS web site. It will not represent any risk to the rest of your home network.

That's a pretty bold statement I personally ALWAYS recommend (and practice this myself) to not directly expose your life-saving devices directly to the internet. While SSL is 'relatively' secure, it doesn't protect the system from potential (D)DoS attacks, or some new worm outbreak accidentally locking up the panel because it is scanning all your ports in a very aggressive way (has happened in the past with other devices). You should always use a VPN/SSH type setup, or use your firewall to restrict remote access to certain IP addresses/ranges (difficult to do with mobile phone IP addresses tho, since they are all over the map).

Just my 2 cents

 

[jaysonc]

I agree with Dan for the majority of devices which have integrated network interfaces. In these scenarios the alarm system and the network adapter are sharing the same CPU. A DOS attach would directly effect all functions of the device.

However, I beleive the Elk architecture has some advantages in this area. Since the XEP module is a separate device with a dedicated CPU, attacks from the internet will only affect the XEP, the core M1 panel would remain unaffected. The only aspects that could be affected are email notifications, IP monitoring and whole house audio control.

It is correct that opening up any ports in your firewall do represent a potential risk. We all read of the worse case possibilities but you will need to evaluate if these represent a risk for you personally. My stance has softened after decades of no issues.

Maybe that is because I use Macs and UNIX.