beautypg.com

2 internet connection, 3 limiting the number of protocols, Webcctv installation manual – Quadrox WebCCTV Installation Manual User Manual

Page 62

background image

WebCCTV Installation Manual

62


Version 4.4 Series

6.2.4.1

Dedicated network versus integration with the
corporate network

Having a dedicated network for video surveillance, adds an intrinsic level of security by
physically eliminating access points for attacks. This way, you can easily have a safe and
robust system. The network becomes a safe entity in itself, while if WebCCTV is incorporated
in a more general network, security should be built around the unit.

A dedicated network also ensures that the video traffic doesn’t interfere with other general
data. This potentially increases the performance of both WebCCTV and other applications on
the network.

On the other hand, integrating the video network with the corporate network can potentially
reduce the costs of installation and administration. Both solutions are possible and endorsed by
Quadrox. The choice depends on your performance, cost and security needs.

6.2.4.2

Internet Connection

When WebCCTV is in a LAN, the number of network nodes from which an attack can
originate is at most a couple of hundred. When WebCCTV is connected to the Internet, this
number rises to millions. Connecting WebCCTV to the Internet dramatically increases the
chance on an attack.

The decision to put a unit on the Internet depends on the needs of the end user. If you do so,
please pay extra attention to the security issues mentioned in this document.

6.2.4.3

Limiting the number of protocols

By default, the Windows operating system supports multiple network protocols. An example is
NetBios which is, among other things, the protocol used to share folders across the network.

To increase security these protocols are disabled in WebCCTV. Only one protocol is enabled:
TCP/IP. This is the main protocol used on most of the current networks, including the Internet,
and the only one needed for WebCCTV functionality.

Disabling other protocols prevents attacks that use them and it is in that sense a good measure
to increase security. Furthermore it prevents the unit from broadcasting, or in other words
constantly yelling its position to the rest of the network. This makes it more difficult for an
attacker to find the unit on the network, which again increases security.

In some exceptional cases it might be necessary to enable these protocols again, e.g. to backup
video through shares. This is technically possible: the protocols are disabled, not removed.
However, Quadrox strongly advises against this practice and will not give support on this
functionality or any problems that originate from it.

See also other documents in the category Quadrox Video surveillance systems: