beautypg.com

Network and firewall policies, Enabling and disabling the usb ports – Grass Valley K2 Media Client System Guide v.3.3 User Manual

Page 148

background image

148

K2 Media Client System Guide

June 9, 2009

Chapter 6 Administering and maintaining the K2 system

program while the K2 is being used to record or play video to air. The anti-virus
package executing on the PC can be scheduled to scan the system drives of multiple
K2 Systems.

The following strategies are recommended for virus scanning:

• Run the scanning software on a dedicated PC that connects to the K2 system via a

network mount. Do not run scanning software locally on the K2 Media Client.

• Connect to the K2 Media Client via 100BaseT network. This constrains the

bandwidth and system resources consumed, so as to not interfere with media
operations. Do not connect and scan via Gigabit Ethernet.

• Grass Valley does not support the running of anti-virus programs on a K2 System

itself at the same time the system is being used to record or play video to air.

With these recommended strategies, you should be able to scan the K2 Media Client
without interrupting media access.

Network and firewall policies

The following protection policies are recommended:

• Where possible, the K2 system should be run in a closed and protected

environment without network access to the corporate IS environment or the outside
world.

• If the K2 system must operate in a larger network, Grass Valley recommends that

access be through a gateway or firewall to provide anti-virus protection. The
firewall should allow incoming HTTP (TCP ports 80 and 280) connections for
client and configuration connections to the K2 system inside the private network.

• If operating with an Aurora Browse system, ports should allow incoming packets

so requests to the Proxy NAS can be properly processed. The port that needs to be
open is port 445 for TCP and UDP for Windows and SAMBA shares. If your site’s
policies require that these port numbers change, contact Grass Valley support for
assistance.

• Access to the K2 system should be controlled in order to limit the likelihood of

malicious or unintended introduction of viruses.

• The front and rear USB ports of the K2 system should normally be disabled; they

should only be used by Windows administrators. (If the K2 Media Client has USB
RS-422 cards, be careful not to disable the RS-422 USB.) For more information,
see

“Enabling and disabling the USB ports” on page 148

.

Enabling and disabling the USB ports

Grass Valley recommends that the front and rear USB ports be disabled. This protects
the K2 Media Client from exposure to unauthorized files. If the K2 Media Client has
USB RS-422 cards, do not disable the RS-422 USB. The following illustration shows
which USB ports should be disabled in Windows Device Manager.

This manual is related to the following products:
See also other documents in the category Grass Valley Equipment: