EyezOn Forum

Own NTP IP settings for receiving correct current time from local network device

Can we expect own NTP server setting so that EnvisaLink4 can be used in offline mode (because of security settings I intend block device from WAN).

So I would like to write own NTP IP in device web interface. In my case I would write router gateway IP address from which EnvisaLink4 would receive current correct time as other devices in network already does..

PS. I'm using EVL4 card with Home Assistant and it's working great. I'm using my Sonoff RF receiver so that I enable/disable DSC alarm with my remote keys..

So, I'm loving it because it's working really great.. Only thing is local NTP server function which is missing..

No, the EVL4 is pretty much out of code space. All new features will have to be cloud-based.

If you are using a DSC panel the time comes from the local panel anyow, not from the network.

K

I want to use DSC and ENV4 card in offline mode, so blocked from internet by my router Ubiquiti ER-4.
If I block internet and disconnect power from DSC and ENV4 card then after powering back to ON DSC do not get correct date/time (accually it stayes at the same date/time: year 1970), same status as before when no EVL4 card was inserted.

If I enable internet access to ENV4 card then time/date is set correctly after power fail.

So, if I understand correctly this settings are edited in web or cloud. So maybe enable me in the cloud settings that I can set own NTP server IP which will be used in ENV4 card if possible..

Or do you say that this settings regarding NTP server are stored in DSC alarm motherboard? In this case enable option so that I can edit this settings (if possible) from the cloud..

If this is not option, then please tell me where I can edit in DSC this NTP settings so that I will manually change..

Thank you for your answer...

PS. As alarm device we all know that best secure option is to use in offline mode and connected to internet via VPN /firewall access..

So, can I expect some answer to my additional questions?

dolenec wrote: PS. As alarm device we all know that best secure option is to use in offline mode and connected to internet via VPN /firewall access..

We do? Can you explain why we know that?

Still not answered to my additional question regarding NTP..

My policy is to have these devices offline or controled access to internet via VPN..

What are you asking? The Envisalink doesn't use NTP and I think K-man explained that it isn't going to be added.

And I agree with Crikey, only about 0.2% of Envisalink owners do not use the cloud service so you are definitely in the minority in your opinion about using it "offline".

GrandWizard wrote: And I agree with Crikey, only about 0.2% of Envisalink owners do not use the cloud service so you are definitely in the minority in your opinion about using it "offline".

My question is even more fundamental than that. He claimed "... we all know that best secure option is to use in offline mode and connected to internet via VPN /firewall access."

For one: If it's "connected to the Internet" it's not off-line. But, more fundamentally than that: What is the deal with all the VPNing, lately? Everywhere I turn it's "VPN this" and "VPN that" and "VPN the other thing." As an ex-IT professional with over 25 years in the field as an IT professional, and having been managing networks and been connected to the Internet even before that: I don't get it.

In the instant case: Unless you suspect some bad actor is going to be sniffing your or EyezOn's Internet connections for traffic, there's really no point. It would just add another layer of complexity and several more points-of-failure. And they'd have to break EyezOn's encryption to get usable information. Unless you're protecting a major financial institution or s00p3r s3krit government installation I think that exceedingly unlikely. Certainly the common burglar hasn't the tool set, or is willing to invest the time, to do that.

I've got three servers at different data centers in the U.S. I could have another anywhere I want in the world. I could easily set up VPN end points on any of them and just as easily set up my router to automatically route anything I want through any of them, based on any combination of source port(s), destination port(s) or destination address(es) I desire. If I really thought there was any point to doing that in the case of either our EyezOn system or our surveillance system: I would.

I don't.

But I'm not perfect. I don't know everything. Hell, sometimes it I find out I don't even really know what I thought I knew . Thus my question to the OP: "Why do we know that?" Educate me, please.

Crikey wrote:My question is even more fundamental than that. He claimed "... we all know that best secure option is to use in offline mode and connected to internet via VPN /firewall access."

For one: If it's "connected to the Internet" it's not off-line.

And they'd have to break EyezOn's encryption to get usable information.

Thus my question to the OP: "Why do we know that?" Educate me, please.

I am not the OP so I can only post my interpretation of what he wrote. It sounds to me like he is not saying to give it internet access via a VPN, he is saying to not allow it internet access at all and only manage it (TPI) by connecting to the local network via a VPN. Given the authentication and encryption a VPN provides this is much safer than direct unauthenticated access from the internet.

Also, the TPI has no encryption, so access to a offline module can only be done securely with a VPN.

That makes sense, lonewolf. But that's not what he wrote. He wrote "...controled access to internet via VPN." (Note emphasis.) If he meant controlled access from the Internet, then that's what he should have written. I don't wish to be pedantic, but words have meaning--especially when you're discussing networking technology, and doubly so when talking network security.

I would never punch a hole through to something like our alarm panel, either. Nothing is punched-through my border router that doesn't lead to an encrypted connection of some type, with failed access attempt detection/reporting/automatic blocking.

I wouldn't even use a VPN controlled by somebody else for such a purpose. It'd be my own VPN, on my own server.