Why a secure cloud service is an important consideration...
- Thread starter Terence
- Start date
- Tagged users None
OP
OP
Not that I am aware of.
Tristren
Well-Known Member
The fact that you think it makes more sense for hackers to spend their time focusing on larger systems is fine. But the reality is that automated IoT attacks are becoming increasingly common. You can't picture it as one guy bent over the keyboard poking around in your controller, or thermostat or whatever. These are automated systems that scan through ip addresses for open ports, then automatically scan for devices, then scan for vulnerability. The vulnerability could be in some underlying system on your device as well, related to some of the common hardware that these things use, not the controller specific OS.
Having an open port is a risk. Having an open port 80 particularly so. Arguing that you having a known vulnerability in your setup doesn't matter because in theory Neptune might possibly have vulnerabilities in theirs, and that nothing short of some open security audit will convince you otherwise seems like a frankly silly argument.
https://www.npr.org/2016/10/22/4989...things-hacking-attack-led-to-outage-of-popula
TheEngineer
Formerly icecool2
These marketing posts masquerading as “I just want to be nice and share some info” posts from you @Terence continue to turn me off from Neptune’s products. I’d encourage you to stick with talking about your own products instead of making unsubtle, repeated jabs at your competitors.
chipmunkofdoom2
Always Making Something
So you're still working in IT now? Your signature says that you're a VP of sales and marketing.
I understand your claim. I don't take issue with the claim that Neptune's products are easy to set up and use. I take issue with the claim that port forwarding is inherently dangerous or difficult to do. I also take great exception to the concept that a device is secure simply because it does not require port forwarding.
Additionally, referring to NAT as a "firewall" is an unfair characterization of what NAT does. At best, NAT is an unintelligent stateful firewall. It is not an actual firewall and the security it does offer is marginal. NAT does not provide the ability to block external IPs or IP ranges. NAT does not provide the ability to block traffic from specific hosts or services. NAT offers no rate or bandwidth limiting (some more advanced routers may offer this separately, but rarely have I seen it on a per-host or per-service basis basis). NAT does not keep logs so that you can review what has been happening on your network. Further, many, many, many, many people, some of whom make their living in network security, don't believe NAT provides substantial security of any kind.
As I said before, I am not taking issue with any of Neptune's products. I also don't dispute that walking customers through port forwarding would be time consuming. I take issue with the argument that a device is more secure because you don't need to forward ports. This assumes that NAT offers substantial security. It also assumes that forwarding a port incorrectly compromises a network. Neither of these are necessarily true.
OP
OP
Guys, most customers are not engineers. They do not understand these things when looking at products and making a buying decision. Most customers will not be able to, on their own, do port forwarding, dynamic DNS, etc. This is not speculation. This is experience from us walking thousands of customers through this process - with innumerable challenges. Yes, thousands. On their own, while attempting to do these things, many will make mistakes and possibly compromise security. Furthermore, having open inbound ports on your router does, in some circumstances, open your home network up to vulnerabilities for a myriad of reasons.
@TheEngineer, I am intentionally not singling out any competing product. I am instead taking to task using this methodology the sole way to obtain external access to an aquarium controller. And I am saying why I believe we do it better. Many average customers do not even know there is a difference. Prospective customers can then use that information - and do their own additional research to help them come to a more informed buying decision.
My post IS meant to be informative (and create discussion) and I hope that it makes those seeking to make an informed purchasing decision take a deeper look at this particular topic. Because we feel it does matter.
@TheEngineer, I am intentionally not singling out any competing product. I am instead taking to task using this methodology the sole way to obtain external access to an aquarium controller. And I am saying why I believe we do it better. Many average customers do not even know there is a difference. Prospective customers can then use that information - and do their own additional research to help them come to a more informed buying decision.
My post IS meant to be informative (and create discussion) and I hope that it makes those seeking to make an informed purchasing decision take a deeper look at this particular topic. Because we feel it does matter.
TheEngineer
Formerly icecool2
EDIT: Deleted comment. No need for you and I to have a disagreement. My comment wasn’t directed at you.I think that puts you in the 27% that wasn't going to buy anyway.
Last edited:
TheEngineer
Formerly icecool2
My point is that you always frame these “helpful” posts as us versus them. None of the others do that. This isn’t politics, you don’t have to throw mud.
daelie
Active Member
I actually agree with @TheEngineer, it's too coincidental that he makes this post just as a competitor releases an app where you use port 80 to access it and says to make an informed decision on purchasing. Hmm..... don't really see other companies taking veiled jabs at them, but I guess their product quality seem to speak for themselves
I think the informed decision should be on quality of components, and I see more and more people on my local forum having their Apex brains fail and crash their tank.
I think the informed decision should be on quality of components, and I see more and more people on my local forum having their Apex brains fail and crash their tank.
Last edited:
Reef Monkie
Active Member
- Joined
- Sep 6, 2017
- Messages
- 100
- Reaction score
- 140
I think that puts you in the 27% that wasn't going to buy anyway.
I think it is wrong to insinuate that someone is a hater when they are simply expressing their opinion, lets not forget that the thread starter also expressed a opinion as they did not present any data to back up their claim.
I am also turned off by this type of marketing. And I am someone who has a background in the industry. I haven't seen any of the competitors in the controller market pushing their product on user forums in this way, I also don't see them using FUD (Fear, Uncertainty, Doubt), implying their potential customers are stupid, or using a lack of knowledge on the part of potential customers to attempt to persuade someone that their product is safer to use than that of a competitor, something I find extremely insulting. I don't own a aquarium controller and was deciding between attempting to build one myself (something I have no experience of, so that is quite daunting), or going with one of the many manufacturers of controllers for the build I am planning and this company seemed to have quite a attractive package but this discussion is leaving a sour taste in my mouth and it makes me question the other claims they make about their product.
At first I was only going to comment once to point out that I politely disagreed with what was being claimed by the marketing executive of this company, and they are only claims, made without the presentation of any independent evidence that their product is secure in any shape or form. Maybe it is just me but I don't believe that unsupported claims by someone with a vested interest leads to a healthy discussion or helps inform customer choices.
I thought the point of excellent forums such as this was to help ordinary people pursue their hobby and make informed choices based upon expert opinion, hard data, and the experiences of other ordinary people who share that hobby?
Reef Monkie
Active Member
- Joined
- Sep 6, 2017
- Messages
- 100
- Reaction score
- 140
Could you please link us to the page on your company website that contains the independent security audit of your product(s), software, and company that provides the independent proof that your company follows best practices when it comes to security, and that your products and the software code that runs it is actually secure? This would help me enormously with the additional research I wish to do to make informed decisions.
abecker
Well-Known Member
I think this thread has diverged from the original post's intent. The title says why it is an important consideration, not that it is the best way to go. Also, all on the points @Terence makes are clearly stated that they are the beliefs and opinion of Neptune. Does that make them all right or all wrong, probably not. But for Neptune it is simply showing why they have chosen to follow a specific model for accessing their controller through the internet. If I was company B and I had people access mine through port forwarding, I would probably have a very similar post saying we do things this way because of x, y, and z, and this is why it is better.
Newb73
Valuable Member
I hate to say it but no one should ever own a single controller anyway. A lightning strike, rambuctious kitten or snotty kid at exactly the right moment can break it and take down your tank. I actually keep a spare in my closet and think they should actually have a discount option to buy them in pairs. You may never use the backup but you shouldn't be without one or a fire extinguisher.
Having said that....mine has ran with ZERO problems since 2011 (the great lightning strike of 2014 not withstanding). It is up to the end user to take responsibility for having manual back ups and emergency measures in place
If you let a controller take down your tank...that's still on you as the user.
It is also a STRONG sign that you did not program the EB8s fallback commands correctly.
Please....stop right there. Say no more.
I am asking you...just stop.
Last edited:
Newb73
Valuable Member
Perhaps it's coincedential because, if i am not mistaken....port 80 was indeed how the casino was hacked. (It's been a few weeks since i read about it so i could be mistaken).
I for one use the latest most secure home router and protocols i can....call me crazy.
daelie
Active Member
If this post were made, say, back in July, when the casino was hacked, then sure, coincidence probably because of that, but it wasn't. Is it more likely that the post was made in response to a 4 month old hack or a competitor release days ago that uses that protocol. If it's not obvious to you, then I'm not sure what to say lol.
Newb73
Valuable Member
Can we take a moment to go back and discuss how a dead base unit causes an apex users tank to crash?
I am going to call BS. If you have even a modicum of knowledge and read the directions.....and this is at a level of expertise which I consider MUCH MUCH LOWER than that required to do port forwarding....
Then your Apex EB8s should run your tank like a power strip would for the critical componnents even if the main brain were not even attached.
It is quite simple really. Using "Fallback on"/"Fallback off" you program your main pumps and a wav maker or two to be on...and your heaters and skimmers and lights to be off. It is literaly impossible to crash an entire tank due to a main brain unless you just flat out cannot follow the directions.....in which case you had no chance in hell of port forwarding either. I should also point out that the Neptune wave is uniquely suited to a "fallback on" command because even if the tank is busted and hemorrhaging water the wave will detect when its in the dry and shut off..no other pump does that so its a bit of a risk to have that bit of code with other wave makers.
Can a crash occur in this situation...yes. Here is how I have seen it happen. Dad is away at work and the power goes out (in the process the main brain was fried)...son or wife panics and unplugs everything from the EB8s and plugs them directly to the wall...in the process the EB8 fall back commands are effectively bypassed and a doser or heater ends up in a steady state on position. As the insurance commercial says "seen it". All the while they are high fiving each other because the lights came on therefore they "saved" the tank...
The fix of course is very simple...issue a DO NOT TOUCH THE DARN tank even if power is out ....unless I am on the phone with you edict.
Another fix is to make sure the power goes through a proper surger protector..in my case it goes through an isobar followed by an a UPS BEFORE even getting to my Main brain or EB8. One EB8 is however plugged directly to the socket so that I can initiate power outage commands. (its required for the setup).
Its also handy if you have 2 EB8s and have two main pumps (one main to each eb8) and one wav maker into each of them..so even if an EB8 is fried you still have a main pump and wave maker running.
Oh yea also..I don't believe in having just a single main pump...too much of a critical point of failure. Always plumb and run two simultaneously.
I am going to call BS. If you have even a modicum of knowledge and read the directions.....and this is at a level of expertise which I consider MUCH MUCH LOWER than that required to do port forwarding....
Then your Apex EB8s should run your tank like a power strip would for the critical componnents even if the main brain were not even attached.
It is quite simple really. Using "Fallback on"/"Fallback off" you program your main pumps and a wav maker or two to be on...and your heaters and skimmers and lights to be off. It is literaly impossible to crash an entire tank due to a main brain unless you just flat out cannot follow the directions.....in which case you had no chance in hell of port forwarding either. I should also point out that the Neptune wave is uniquely suited to a "fallback on" command because even if the tank is busted and hemorrhaging water the wave will detect when its in the dry and shut off..no other pump does that so its a bit of a risk to have that bit of code with other wave makers.
Can a crash occur in this situation...yes. Here is how I have seen it happen. Dad is away at work and the power goes out (in the process the main brain was fried)...son or wife panics and unplugs everything from the EB8s and plugs them directly to the wall...in the process the EB8 fall back commands are effectively bypassed and a doser or heater ends up in a steady state on position. As the insurance commercial says "seen it". All the while they are high fiving each other because the lights came on therefore they "saved" the tank...
The fix of course is very simple...issue a DO NOT TOUCH THE DARN tank even if power is out ....unless I am on the phone with you edict.
Another fix is to make sure the power goes through a proper surger protector..in my case it goes through an isobar followed by an a UPS BEFORE even getting to my Main brain or EB8. One EB8 is however plugged directly to the socket so that I can initiate power outage commands. (its required for the setup).
Its also handy if you have 2 EB8s and have two main pumps (one main to each eb8) and one wav maker into each of them..so even if an EB8 is fried you still have a main pump and wave maker running.
Oh yea also..I don't believe in having just a single main pump...too much of a critical point of failure. Always plumb and run two simultaneously.
Last edited by a moderator:
@Terence just wanted to thank you for designing an excellent product! A lot of people like to nitpick you on here but they themselves don't have the resolve to do what you have done for our hobby. I know at times the "few" can seem to overwhelm the many by being more vocal but I can say enough about the quality and the performance of every single product I've bought from you over the last 5 years! You've always taken the time to answer my questions at all the shows I've seen you at and your company even sent a rep out to our LFS for a Q&A! Top notch customer service! I can't wait for the Trident!! Just wanted you to know you're appreciated.
- an actual Neptune customer
- an actual Neptune customer
Last edited:
Guys, you can’t argue with someone who think they’re inherently right all the time. I for one love the diversity of opinions on this site, but some take it a little bit too far. Just because someone has an opinion on this thread doesn’t automatically make them wrong. I’m sure there are pros and cons in each. Bashing someone because of their own thought process has no place here at all.
Similar threads
