Ways to shield access to cameras and PC /BI
Posted: Mon Aug 07, 2023 10:21 am
Hey,
I am setting up a BI system and as a newbie I'm running in some issues regarding securing it.
For now it wont have any internet access because I cant think of a way to completely secure it 100% to my liking (with the limited abilities I have).
My gripe now is, if someone got physical access to the camera and its ethernet connection to the (managed) switch, how can I ensure that any traffic he could create to intrude the switch or the connected PC with BI running
is blocked? I was thinking about only allowing incoming RTSP on the camera ports? It seems you can set up ACLs (which I am also not familiar with).
I'm looking into the whole VLAN thing, but I am not clear on whether that is feasible or reasonable.
For now it's my impression, short of routing which would be another challenge, all cameras and the BI server have to be on the same network/subnet.
I played around a little with IP addresses, but BI then usually lost connection to the cameras.
My switch does have some kind of an L3 mode (lite), but it's not activated so far. And I think the routing would open a whole new can of worms.
So right now, the whole setup does not have a router anywhere.
I just want to make sure that nobody can access the switch and use it to gain access to the other cameras or the PC running BI.
I looked into the windows firewall rules, but that is new stuff to me (other than on/off) and I couldnt find structured info that I can understand, in how to set up a firewall controlling wanted traffic and deny all other.
From what I can tell BI is not even on the firewall list specifically yet video is received, although Windows firewall is active, not sure what to make of that.
Regards
Jack
I am setting up a BI system and as a newbie I'm running in some issues regarding securing it.
For now it wont have any internet access because I cant think of a way to completely secure it 100% to my liking (with the limited abilities I have).
My gripe now is, if someone got physical access to the camera and its ethernet connection to the (managed) switch, how can I ensure that any traffic he could create to intrude the switch or the connected PC with BI running
is blocked? I was thinking about only allowing incoming RTSP on the camera ports? It seems you can set up ACLs (which I am also not familiar with).
I'm looking into the whole VLAN thing, but I am not clear on whether that is feasible or reasonable.
For now it's my impression, short of routing which would be another challenge, all cameras and the BI server have to be on the same network/subnet.
I played around a little with IP addresses, but BI then usually lost connection to the cameras.
My switch does have some kind of an L3 mode (lite), but it's not activated so far. And I think the routing would open a whole new can of worms.
So right now, the whole setup does not have a router anywhere.
I just want to make sure that nobody can access the switch and use it to gain access to the other cameras or the PC running BI.
I looked into the windows firewall rules, but that is new stuff to me (other than on/off) and I couldnt find structured info that I can understand, in how to set up a firewall controlling wanted traffic and deny all other.
From what I can tell BI is not even on the firewall list specifically yet video is received, although Windows firewall is active, not sure what to make of that.
Regards
Jack