sunhux
asked on
treatment for PCs used by guards, CCTV recording & environment sensors
What's the general security practice for such PCs? Do we connect to the
corporate LAN (where other users do sending email, MS Office) & do we
join them to the AD?
Or they ought to have a separate LAN or just simply standalone?
Do they need AV & signature updates (if so, is it via LAN or we manually
update) & is the backup the enterprise corporate backup or simply an
isolated standalone backup (say backup to an encrypted NAS)?
corporate LAN (where other users do sending email, MS Office) & do we
join them to the AD?
Or they ought to have a separate LAN or just simply standalone?
Do they need AV & signature updates (if so, is it via LAN or we manually
update) & is the backup the enterprise corporate backup or simply an
isolated standalone backup (say backup to an encrypted NAS)?
ASKER
We do have CISSP (in fact a number of them cleared the CISSP exams) but really
I'm tabling it here, hoping I get better answers as I've come across CISSP who
never heard of central authentication tools (TACACS, Radius) & Data Loss Prvntn
I'm tabling it here, hoping I get better answers as I've come across CISSP who
never heard of central authentication tools (TACACS, Radius) & Data Loss Prvntn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That's precisely I pose it here in EE: experts are free to ask me questions
& interview & come up with recommendations
& interview & come up with recommendations
ASKER
This is what I think:
the amount of videos recorded can be quite considerable as we have about 350 CCTVs : thus
the video stream could contribute to the network bandwidth thus a dedicated VLAN for
video server & PCs that connects to the CCTVs is needed, makes sense?
the amount of videos recorded can be quite considerable as we have about 350 CCTVs : thus
the video stream could contribute to the network bandwidth thus a dedicated VLAN for
video server & PCs that connects to the CCTVs is needed, makes sense?
ASKER
Or videos of different sensitivity ought to be segregated into different VLANs ?
Esp if the videos are not 'encrypted' ?
Esp if the videos are not 'encrypted' ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If your security software has a remote monitoring component over the LAN or internet, then it should be pretty obvious - they need to be on the LAN if you want to use that capability. If your environmental sensors are supposed to alert you to issues via e-mail (as opposed to some kind of dialup text) then, yes, of course they need LAN access.
You should contact a security professional to evaluate your company needs and help you determine what the best way of handling this is... In GENERAL, the systems should have as limited access as possible to everything - but if you pull them off the network entirely and they have network components, then they can't work the way they should... so you really should be talking to security professionals who can examine your network and to the vendors of the software and hardware systems you use.