Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Network setup question

  • 07-01-2015 12:07pm
    #1
    Registered Users, Registered Users 2 Posts: 304 ✭✭


    Hi,

    I have a question regarding network setup/configuration. We had some issues recently with viruses/malware and need to better protect our network.

    We do some development/testing of video servers so there are a number of windows based NVR's on our office network. Most of them we can't install anti-virus on and some have no firewall so leaves them quite open to infection.

    What I would like to setup is where the machines in question have no access to the internet but we still need to be able to connect to those machines from our office LAN (and from externally via our office LAN VPN)

    My idea is to create a separate private network with all the NVR's on it and buy a cheap hardware firewall (e.g. NETGEAR ProSafe VPN Firewall) and connect that to either our office LAN or direct to WAN)
    Would it just be a case of configuration to restrict all access then only to the known IP:ports of the individual NVR's?

    Or is there a different/better way to secure the network.

    (Note: currently we have a basic D-Link router as our access point to WAN)


Comments

  • Site Banned Posts: 2,922 ✭✭✭Egginacup


    Hi,

    I have a question regarding network setup/configuration. We had some issues recently with viruses/malware and need to better protect our network.

    We do some development/testing of video servers so there are a number of windows based NVR's on our office network. Most of them we can't install anti-virus on and some have no firewall so leaves them quite open to infection.

    What I would like to setup is where the machines in question have no access to the internet but we still need to be able to connect to those machines from our office LAN (and from externally via our office LAN VPN)

    My idea is to create a separate private network with all the NVR's on it and buy a cheap hardware firewall (e.g. NETGEAR ProSafe VPN Firewall) and connect that to either our office LAN or direct to WAN)
    Would it just be a case of configuration to restrict all access then only to the known IP:ports of the individual NVR's?

    Or is there a different/better way to secure the network.

    (Note: currently we have a basic D-Link router as our access point to WAN)

    As long as the servers are accessible from the outside OR someone using the server can access the outside (hit websites, download and install shareware, etc) then there is a possibility of infection.


  • Registered Users, Registered Users 2 Posts: 57 ✭✭ObeyTheSuit


    I could go to town on this thread but you've said you can't modify the OS?
    May I ask why you can't put an AV or enable the software firewall on the NVR's? Not that AV is even half decent against a threat from the wild. Symantec admitted that it only caught 40% of zero day threats anyway. It's just another thing to help reduce the threat.

    VLAN would be a good start Start by locking down the ports for everything bar what you need (remote access, streaming, FTP etc).
    Create ACL's so they can be accessed by the admin workstation subnet only. Only required ports in, required ports out.
    Block the Gateway from external network access or to the VLAN\subnet(s) you require

    The network side of things will help contain a virus but I would recommend you also look at hardening the OS preventing it from even infecting the machine. Most NVR's I've come across old XP Operating systems and are non-domain joined. I can help you with hardening the OS that if it's an option and perhaps creating an image you can use as a standard deployment.


  • Posts: 0 [Deleted User]


    get an entry level sonicwall firewall and lock down the servers to ip, etc....


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    Barracuda are good too. Better support imo.


  • Registered Users, Registered Users 2 Posts: 3,464 ✭✭✭jamesd


    Get a sonicwall with global security suite on it and it will do a good job protecting from the outside.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 200 ✭✭druidhill


    How is networking set on the NVRs (can the gateway be removed from them)?


Advertisement