Information Systems:Building Security Hardware Connected To LAN
The Pork Beef And Chicken Documentation
There are 2 digital video recorders that are located in the security room next to Gerald’s office. These DVR’s have been assigned internal and external IP addresses so that John and Gerald can view the security cameras from their laptops.
Pork.unipharm.local 172.30.18.37
Pork.unipharm.com 207.102.139.107
Beef.unipharm.local 172.30.18.38 Beef.unipharm.com 207.102.139.106
The external IP address is NATed to the internal on the Sophos firewall. The ports that are open on the external IP addresses are
TCP UDP 8234 TCP UDP 8235 TCP UDP 80
All of the objects on the Sophos firewall are commented with “Gerald-Nelson”. The internal host names ( local ) are on the AD DNS servers and the .com host names are on the Infoblox DNS servers.
Gerald and John have a java based program installed on their laptops that acts as the client to the DVR’s. Darren does not know if the data flowing from the DVR to the client is encrypted or even if the username and password is encrypted. Darren does not know the usernames or passwords that Gerald and John use to access the DVR video feed.
AS OF JANUARY 2013
Gerald and John no longer use the external .com host names or the public IP addresses to view the DVR video. They simply connect to the VPN as normal and use the internal .local host names. The public IP address and the open ports on the firewall have been turned off for this application for reasons of security.
AS OF 2014
Gerald and John had Safe&Sound add in another piece of security hardware to the LAN. Its a device from Honeywell that controls the door locks. The device does have a static IP listed with "chicken.unipharm.local" in DNS. The device has a web login page that Gerald and John and Sean can access to configure door access and log who goes in or out. IT does not have access to this device and IT does not have any passwords to the device which is located in the electrical room.
The naming convention of pork beef chicken is meant to obscure the purpose of the hardware. It's a not great compromise on naming the devices "securitycamera1" or "hack-this-to-get-in". It may sound silly to name network attached objects after food but it does provide a small amount of obscurity and it helps group them together logically. Ideally they would be on a VLAN separated from the rest of the network, while remaining accessible to staff that need to use the hardware.
AS OF 2016
So yes, we do now have a new security system of new cameras and a new DVR. The manufacturer is Hikvision. Safe&Sound has wired each of the new digital 1080P cameras into a Trendnet POE switch that is located in the electrical room. There is a single trunk line that goes from the Trendnet switch all the way across the warehouse into the DVR which is located in Gerald's security room. The DVR has 2 network ports, 1 for the trunk line and 1 connected to our internal network at 172.30.18.61. The hostname for that IP address is lamb.unipharm.local because beef and pork and chicken were already used.
The DVR is accessed from a web browser with an ActiveX plug-in plus a username and password. Gerald is having Safe&Sound do the setup of users to cameras and he is giving the 3 of us access to the new camera in the Server Room. Lamb will be accessible from inside the building without any VPN. Outside the building will require a VPN connection to view anything. The DVR uses port 8001 and we have not and do not need to open that port at the firewall. Doug will continue to use his PPTP VPN connection for maintenance and support.
The wiring that Safe&Sound has used is all yellow coloured Cat5e cabling from the cameras to the Trendnet switch. The wiring for all of the old cameras ( which are still in service ) is grey or black coax cable. When and if we do our re-wire in the warehouse, we will need to be aware not to touch the yellow Cat5e or the coax. Doug at Safe&Sound has assured me that he will be consistent and continue to use yellow Cat5e for any future change or additions that Gerald and John want.