Hey,
I am setting up a BI system and as a newbie I'm running in some issues regarding securing it.
For now it wont have any internet access because I cant think of a way to completely secure it 100% to my liking (with the limited abilities I have).
My gripe now is, if someone got physical access to the camera and its ethernet connection to the (managed) switch, how can I ensure that any traffic he could create to intrude the switch or the connected PC with BI running
is blocked? I was thinking about only allowing incoming RTSP on the camera ports? It seems you can set up ACLs (which I am also not familiar with).
I'm looking into the whole VLAN thing, but I am not clear on whether that is feasible or reasonable.
For now it's my impression, short of routing which would be another challenge, all cameras and the BI server have to be on the same network/subnet.
I played around a little with IP addresses, but BI then usually lost connection to the cameras.
My switch does have some kind of an L3 mode (lite), but it's not activated so far. And I think the routing would open a whole new can of worms.
So right now, the whole setup does not have a router anywhere.
I just want to make sure that nobody can access the switch and use it to gain access to the other cameras or the PC running BI.
I looked into the windows firewall rules, but that is new stuff to me (other than on/off) and I couldnt find structured info that I can understand, in how to set up a firewall controlling wanted traffic and deny all other.
From what I can tell BI is not even on the firewall list specifically yet video is received, although Windows firewall is active, not sure what to make of that.
Regards
Jack
Ways to shield access to cameras and PC /BI
-
Jack Freeman
- Posts: 1
- Joined: Mon Aug 07, 2023 10:05 am
Re: Ways to shield access to cameras and PC /BI
Simplest way I’ve found to “secure” BI is to add a 2nd network card to the PC, give the card a diff subnetwork and then hang all the hardware required for the cams to that 2nd card.
Make sure that you don’t enable bridging between the network cards, this will keep all the traffic on the 2nd card network in that network and that network won’t have access to the internet.
The first network card you connect to your home network and then you only need to work out how to access and control that that PC.
Typical methods of access are either by port forwarding or via a VPN, VPN is favoured and way more secure.
Make sure that you don’t enable bridging between the network cards, this will keep all the traffic on the 2nd card network in that network and that network won’t have access to the internet.
The first network card you connect to your home network and then you only need to work out how to access and control that that PC.
Typical methods of access are either by port forwarding or via a VPN, VPN is favoured and way more secure.