As installers become increasingly involved with networked solutions, they need to closely monitor network procedures and maintenance issues.
By NVT
Network management procedures
One of the big challenges facing electronic security installers when working with network security solutions is to adopt the idea that, unlike solid-state hardware, the hardware connection is prone to failure – with hard drives being a particular area of weakness.
Additionally, network security solutions are complex; and they are organic. Small changes that accumulate in the software can result in unusual and unexplained problems that can have a severe impact on network performance over time. Additional complexity comes into the equation when building network levels.
Each component will have its own software and will require appropriate configuration in its own right. You can install a beautifully connected and integrated CCTV and access control solution, but if the configurations of a Cisco 800 wireless router, high-performance flow above the security system are incorrect, then the workstations will have constant intermittent performance and connection problems.
If you want your network security solution to have longer life and reliability, then you need to think very carefully before and during installation, to ensure that the system is vigorous and not at risk of implosion. You will need to think simultaneously about aspects such as network security, access procedures, backups across the entire network and, of course, the maintenance and improvement of network components.
Something that makes things even more difficult is that the network you are sharing is fluid. There will be different loads on different days and even if you don't like it, any shared network will constantly evolve in a way that may not be suitable for the network security solution. Such changes could include the addition of wireless sub-networks in new areas of a facility that demand network security support, but are nevertheless hampered by narrowband wireless channels.
Although this discussion is not intended to be exhaustive in any way, we will take a general look at some procedural measures that security managers should insist on implementing, and to which installers and integrators should adhere in relation to effective procedures for network maintenance and operation.
Network Security: Access Control
From the outset, network security is a particular topic, and when we talk about network security we are not talking about antivirus solutions or firewalls.
In security, people should be thinking more about something they probably already understand enough, such as access control.
Needless to say, the network or sub-network on which security teams are installing their systems has a powerful security policy that is managed by the systems manager and the systems department. The company's security policy will handle many general matters related to network security. Having said that, in general terms access control is poorly handled in many networks, with shared passwords and access cards, or with workstations that stay connected to applications when they are not paid attention, among others.
One thing you want to ensure is that no one can interfere with any element of your network unless they are authorized to handle the updating, maintenance, or operation of the system. Access control needs to take into account not only the "taste for adrenaline" of hackers or the sinister intrusion of personnel with unclear designs; most of the damage to networks is done by authorized persons who may or may not have an idea of what they are doing in relation to their network or sub-network components.
Vulnerabilities
Digital video recorders (DVRs) are a perfect example of a vulnerable network component. Too many DVRs are not designed to withstand the attention of bored or very enthusiastic operators and technicians, who easily gain access to operating systems and begin to carelessly manipulate system settings, either in an attempt to repair an apparent flaw or for simple personal entertainment.
The burden falls on the system designers, as well as the network designers, who must ensure that the DVRs and network video recorders (NVRs) are built in such a way as to ensure that their background functionality cannot be manipulated.
Obviously, the highest risk arises in the person who has the highest level of access to the system, the network administrator. Such is the power of the network administrator that a single error, at the highest level, can destroy the security system on the network, perhaps never to function properly again.
For networked security systems, file servers are particularly vulnerable. Simply put, file servers are network devices that offer data sharing. It could be an NVR or DVR, or a partition of the workstation's hard drive, in which event monitoring software is tracking the action of your built-in access and alarm system.
A typical sub-safety net will have file server folders to which some access can be given to authorized persons. Along with this, the network administrator can also stipulate whether an authorized user has read-only, read/write/edit access to a file. With folder access control on secure storage devices, things are simpler than they should be for file servers accessed by half the organization. Your list of authorized users can be restricted to about half a dozen people.
As a general rule, the list of authorized users will be limited to whom the security manager says they need access. For example, two workstations in the control room, the security manager, the safety supervisor, the building/operations manager, the general manager, and the network administrator would certainly encompass these requirements.
There may be other assets attached to the safety net that will not be controlled by the security department's list of authorized users, but the likelihood of this will depend on the size of the organization and the structure of the network. Such add-ons could include servers for printers, routers and printers/faxes, etc. Depending on the level of security that the sub-safety net requires, you should look to have something to say in the access restrictions implemented on these devices.
Management of procedures in the network
Even with small networks, obstacles to network procedures can be a hellish experience for administrators, maintenance teams, and network users alike. Medium/small companies probably pose the biggest challenges, especially if there is no dedicated systems team available to implement procedures. Larger organizations can more easily ensure that their systems and their components maintain a sense of order.
It's not just the hardware that needs to be carefully considered. Anyone who has been in contact with computers knows that multiple complex software applications on a single workstation can result in disaster; also may not present problems immediately, but over time damage will accumulate until the point of bankruptcy is reached. The way to avoid this is to ensure consistency relative to the applications that can be used on a given network. Any machine that plays MP3s, games and/or spends a lot of time surfing the Internet will be a security target. For maximum security, machines running security management platforms should not run any other jobs.
The rules also apply to network devices. It should be considered that the potential of multi-brand network applications on a network whose compatibility with its operating system or key hardware components may prove to be superficial; the more network components and the more diverse their origins, the more likely there are to be changes in configuration and maintenance. These challenges are long-lasting, this means that it will not be enough for a technician to install the most complex devices and then leave them forgotten without further ado. Ordinary maintenance technicians will also need to know how these devices are maintained and to what extent as the number of them increases, the complexity skyrockets.
Network Security
When you reflect on network maintenance, you need to think about the kind of pressures under which that work will be performed; if your safety net supports a casino operation with 3,000 cameras or multiple cameras, in a public space at an important event, where both the network server and its migration twin after a failure fail and pass to a better life, the pressure will be intense, and the last thing you want is a rookie technician (unsupervised), struggling to understand thorny topics like the setup boxes of a team that no one understands.
Network security solutions need to be designed to ensure the redundancy of routers and servers, while simultaneously offering multiple network paths to the control room. You must prevent the entire network from being based on a single piece of hardware, which in the long run will certainly fail.
When you install redundant hardware you should not put it in the rack once out of its box. Every piece of equipment needs to be put up and running, configured and tested while running, while ensuring that existing hardware continues to do its job. If you don't do this you will have problems; either way you will face challenges during the process of adding redundant hardware.
Depending on the nature of the site you are working on, as well as the procedures of the systems equipment you are operating with, you may not have any decision-making power over the type of network devices the organization decides to use on the network or sub-network, in which the network security solution will be installed.
If the system team knows your branch, then this will not be a problem. In the next 10 or 15 years network administrators will have established the most reliable network components, and senior management will know (or so you expect) that your business cannot function without full-time connectivity, so they will spare no expense to provide you with those components.
Network Installation
Routers are a key element in all of this. The last thing a network security installer wants to see as they load all their equipment all over the place is a hodgepodge of router equipment; some of which are as old as Noah's ark. Make no mistake, if the budget is limited, there will be a considerable number of pre-existing routers that offer varying levels of performance and compatibility; as there can be three different types, there can be 10. And if there are multiple wireless sub-networks on the network, things will get worse again.
Having said all this, if you are installing an individual sub-safety net, many of these problems will not be such. There may be single inputs and exit points to the sub-network and you can ensure that things remain running smoothly. The problem is that sticking to a sub-network on a site of considerable size can be misleading and, in some ways, contradicts the premise of sharing network infrastructure in the first place. If you are installing IP cameras wide and wide on a configured network without an order, sooner or later you will notice.
In case you were wondering, network security technicians need to be smarter than most of the in-house systems staff in charge of pulling cables. This is because they will be facing different networks in all work with different routing systems, communications technology, network operating systems and the rest. And none of this takes into account the changes faced by those trying to integrate security solutions into existing shared networks.
It is therefore essential for the reliability of the network to form a manual that explains in detail how each equipment works on the network, how it needs to be configured and how it needs to be maintained. The manual will be easier on a site that has only one type of router and updates all of its routers at once.
The procedures manual needs to take a technician step by step through the process of setting up and maintaining the equipment, leaving nothing out. Most important of all, the manual will provide the device settings. The configuration comprises IP addresses and network protocols that relate to a particular device. The manual will also outline the physical location of the network components.
As mentioned before, the IT department is likely responsible for many external elements of the network, although this is less likely in smaller organizations. Regardless of the above, all network security devices need their own procedure manual. The manual should also consider the network devices – routers and servers (which support the safety net). If you are stingy with this procedure manual, you will most likely face problems. The idea that hired technicians can enter uncharted territory and resolve network issues in the first few hours is misguided, and few sites will tolerate their security systems being disabled for days at a time.
Leave your comment