Networking Tip: Handling Static About IP Addresses
April 1, 2007
When programming security devices for connection to an Ethernet network, it is usually preferable to use “static” IP addresses. IP cameras, networked DVRs and video encoders function as “servers,” and need static IP addresses so that authorized users (or clients) know what address on the network should be accessed to connect to the security devices.
Most enterprise-level IT systems use dynamic IP addresses (DHCP) for the majority of devices on the network. IT managers often prefer to use DHCP, because they can monitor and control what devices get valid addresses on the network while eliminating the problem of having to issue and record individual static IP addresses for each device.
If the IT manager is reluctant to issue static IP addresses for physical security devices that will be placed on the network, ask him or her if their DHCP server can provide “reservations.” With this option, the IT person programs the DHCP server to provide a specific IP address for a specific MAC address when that device asks for an address. This IP address is reserved for only that device.
The result of this programming is to provide the physical security device(s) with the same IP address every time, which is basically a static address.
When planning to use this method, it is important to verify that a particular IP camera, video encoder, access control panel or other device will request and accept a DHCP address â€” some do not.
Simple Monitoring of Network Security DevicesEthernet itself is an unsupervised communication protocol â€” if a network device is unplugged or loses power, the only indication that the device is disabled is if another device on the network attempts to communicate with it. Technologies such as Simple Network Management Protocol (SNMP) are available in medium and high-end network switches and can provide various levels of device supervision.
If a network does not support SNMP, there is a simple program available that can monitor physical security devices on a network. Free Ping, available from http://www.tools4ever.com/products/free/freeping/, is a Windows application that allows users to program in specific IP addresses, local or over the Internet, which are periodically sent “ping” (ICMP) status packets.
Active devices on the network will respond to the ping, indicating that they are connected to the network and powered up. If a device fails to respond, this program can generate instant messages and other indicators for the operator.
This program works well, but there are a couple of issues. The first is that the monitoring computer must have the program running, be turned on and connected to the network. Additionally, nothing prevents a user from turning off the software, negating the monitoring function. So Free Ping should only be used in very controlled circumstances where it is unlikely to accidentally or purposefully be turned off.
My First BikeThe only way I’ve found to truly understand a technology is to get a device, hook it up and make it work. While books, training and instruction manuals are very helpful, nothing replaces the knowledge gained by being “hands on” with a new device, and there is no other way that I have found that provides the confidence acquired by successfully making something function properly.
To learn how to program and connect IP-enabled physical security devices, it really helps to get a network camera and hook it up to your home or office network.
My first bike was a Schwinn “Typhoon.” Balloon tires, no gears, a heavy frame and you could adjust the front forks with a hammer in the event of an unplanned sudden stop against a hard object. All in all, a great first vehicle to learn the joys of the open road.
Micon Technologies has produced a new IP camera that is very easy to use and program, and is an excellent tool for technicians to learn how to connect cameras to IT networks. Two features make this one of the easiest cameras to program.
First, on the top of the camera is an LCD display which scrolls the IP address, subnet mask and default gateway currently programmed into the device. This is a great benefit, because any errors in basic IP addressing can be read on the top of the camera and proper addressing can be visually confirmed.
The second feature I call “Instant DHCP.” If the camera is plugged into a network that has a DHCP server, the camera will automatically pick up a functional temporary address. This new address will be displayed on the top of the camera, and the programming of the device can be accessed quickly using Internet Explorer and the temporary IP address.
Remember that in most cases, we want network cameras to have a static IP address, so technicians will have to change the temporary address to a valid static one before the installation is finalized.
Like my old Schwinn, this is a great first product for beginners learning the ways of networks. But the Micon 250E is also an excellent product for single IP camera installations in homes or small businesses.
An innovative feature of this camera is the available USB port, which allows the connection of one additional camera. Micon currently provides a small IR camera, and a full PTZ model that can use the USB terminal. When the additional camera is connected, only one camera (the main or the auxiliary) can be viewed at one time.
Hats off to Micon for producing an easily programmable network security camera at a very competitive price. These cameras are available at ADI for less than $100, part number 5X-IP250E.
You need a ticket for this rideâ€¦There are a wide variety of training avenues available for networking, and a thorough foundation in networking knowledge can be gained through training classes, books, and online sources. When I attend industry functions, I’m often asked which of the many certification programs available is right for security technicians, sales personnel and project managers.
I’ve investigated two programs and can provide you with some details. The Cisco Certified Network Associate (CCNA) program furnishes a detailed education in networking with a strong emphasis on the programming and manipulation of various Cisco switches and routers. The knowledge needed to pass the CCNA exam is available in books, classroom training and online sources. Along with the training materials, a Cisco device simulation software (CCNA Virtual Lab) is available that allows the user to practice programming common Cisco devices, which is much less expensive than purchasing the equipment. People have told me that the examination is very difficult, and only those candidates with extensive experience with Cisco devices have a good chance of passing the test on the first try. That said, the CCNA is a solid credential to possess, and should be considered if your future will include lots of interaction and programming of Cisco network devices.
Another program that may be a better fit for our industry is the Computer Technology Industry Association (CompTIA) “Network+” certification. This course of study provides a non-vendor-specific education in many aspects of common networks, Internet connections, network security and other topics. As with the Cisco program, books, classroom training and online sources are available for your study.
Smart industry professionals should start looking at certification programs and aiming towards an industry-recognized certification for themselves and their employees.
Sidebar: Book of the MonthSecurity+ Exam Cram 2, Kirk Hausman and others, Que Publishing â€” This is a fairly difficult read, because it is a study manual for those educating themselves in preparation for the CTIA Security+ test. However, this book is chock full of information on network security, encryption, authentication and other important issues. Security integrators need to know this information in order to understand how to implement security measures on networks where physical security devices are connected.
Sidebar: Website of the Monthwww.whatismyip.com
Type this into your Web browser, and this free Web site will display the current public IP (Internet address) of the network being tested.