Secure camera configuration, any way to make this work?

Silvestre

n3wb
Joined
Aug 1, 2019
Messages
1
Reaction score
0
Location
Bakersfield, Ca
We had green lit a surveillance system on the condition that it'd be configurable to the spec that our security team laid out.

Camera endpoints would be on an internal subnet - 10.1.x.x

The NVR would be on our DMZ - 10.7.x.x

We've laid out routes for the 10.1 gateway to go to the 10.7 network.

Now our vendor has disclosed that the NVR and cameras cannot communicate if they're on separate subnets, even if we've setup routes on our end. This is after they drilled holes, ran cable and mounted cameras through the campus.

Anyone run into this type of issue?
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
4,767
Reaction score
2,636
We had green lit a surveillance system on the condition that it'd be configurable to the spec that our security team laid out.

Camera endpoints would be on an internal subnet - 10.1.x.x

The NVR would be on our DMZ - 10.7.x.x

We've laid out routes for the 10.1 gateway to go to the 10.7 network.

Now our vendor has disclosed that the NVR and cameras cannot communicate if they're on separate subnets, even if we've setup routes on our end. This is after they drilled holes, ran cable and mounted cameras through the campus.

Anyone run into this type of issue?
Welcome @Silvestre

Why do you want the NVR in the DMZ?

Some NVRs do have limits which you do not see typical in more flexible PCs / Servers / Networking gear.

Determine what the functional purpose is to have the NVR in the DMZ and consider alternative options. Have the networking and security teams consider options.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,043
Reaction score
659
I wouldn't "separate" nor "treat" an NVR differently than the IPCs. But either if they are in different subnets, someone should be able to "stitch" up these connections. But like @mat200 noted: networking team ànd security team need to collaborate, because even if you "could" technically stich it, it might open security holes left and right.
My personal opinion: "downgrade" the NVR to the same level (subnet) as the IPC's, and make sure only authorised personnel can access it.
Hope this helps!
CC
 
Top