Secure camera configuration, any way to make this work?

Discussion in 'Networking' started by Silvestre, Aug 1, 2019.

Share This Page

  1. Silvestre

    Silvestre n3wb

    Aug 1, 2019
    Likes Received:
    Bakersfield, Ca
    We had green lit a surveillance system on the condition that it'd be configurable to the spec that our security team laid out.

    Camera endpoints would be on an internal subnet - 10.1.x.x

    The NVR would be on our DMZ - 10.7.x.x

    We've laid out routes for the 10.1 gateway to go to the 10.7 network.

    Now our vendor has disclosed that the NVR and cameras cannot communicate if they're on separate subnets, even if we've setup routes on our end. This is after they drilled holes, ran cable and mounted cameras through the campus.

    Anyone run into this type of issue?
  2. mat200

    mat200 IPCT Contributor

    Jan 17, 2017
    Likes Received:
    Welcome @Silvestre

    Why do you want the NVR in the DMZ?

    Some NVRs do have limits which you do not see typical in more flexible PCs / Servers / Networking gear.

    Determine what the functional purpose is to have the NVR in the DMZ and consider alternative options. Have the networking and security teams consider options.
    catcamstar likes this.
  3. catcamstar

    catcamstar Getting comfortable

    Jan 28, 2018
    Likes Received:
    I wouldn't "separate" nor "treat" an NVR differently than the IPCs. But either if they are in different subnets, someone should be able to "stitch" up these connections. But like @mat200 noted: networking team ànd security team need to collaborate, because even if you "could" technically stich it, it might open security holes left and right.
    My personal opinion: "downgrade" the NVR to the same level (subnet) as the IPC's, and make sure only authorised personnel can access it.
    Hope this helps!
    mat200 likes this.