heart_and_
It would seem to me to make some sense to hide the DVR so a thief doesn't make off with it, taking evidence of his breakin with him. E.g., in the attic above the room I am controlling everything from. However, this makes things more difficult as the system is set up for mouse control of the DVR features, and the mouse with a short cord is attached to the DVR. Anyone done this and how did you handle?
Answer
I don't think the usb ports on these dvrs are able to accept wireless mice. You will have to try and see if you can get a wireless mouse to work on it. The reason behind it is because most wireless mice load drivers automatically in windows. These DVRs run on linux that's locked. Would be interesting to know your results.
Why don't you just put the DVR on your network and control it from another computer? That's what everyone does.
If you don't have a network port on the dvr then get yourself an inexpensive dvr with network. Here are some:
http://www.security-cameras-cctv.com/DVR-__-Digital-Video-Recorder/4-Channel-DVR/
I don't think the usb ports on these dvrs are able to accept wireless mice. You will have to try and see if you can get a wireless mouse to work on it. The reason behind it is because most wireless mice load drivers automatically in windows. These DVRs run on linux that's locked. Would be interesting to know your results.
Why don't you just put the DVR on your network and control it from another computer? That's what everyone does.
If you don't have a network port on the dvr then get yourself an inexpensive dvr with network. Here are some:
http://www.security-cameras-cctv.com/DVR-__-Digital-Video-Recorder/4-Channel-DVR/
how do you handle system security?
mukky
computer virus threats! how do you handle system security?
Answer
I've been taught to use layers of security, or "defense in depth".
Most of these practices & policies will be done over and over again - not a one-time fix, but a process.
At the lowest level, (your machine) - evaluate and address physical security. Do you need to keep this in a locked room so nobody tampers with it? Evaluate & update BIOS and Firmware if appropriate. Remove or block USB, CD/DVD and other drives if necessary.
Next level, the operating system: no matter what you use (Linux, Win, mac, others) make sure you limit administrator or root access and make strong passwords for all users.
(For Windows this means 15+ characters), Patch the OS on a regular schedule, and make sure to disable or remove any services or programs that aren't needed.
If this is a critical system, then some system-file checking system should be used. Make sure that system files haven't changed unless you change them. Update your information regularly, and keep the tables or checksums that you collect from that machine in a safe place (your only copy should not be on the same machine).
Turn on logging, and if practical - store the logs on another machine where they can't be easily tampered with.
Next level, applications: only install what you need, and clean up anything you remove. Manually verify that patches are done on a systematic schedule. Check for security 'best practices' - stuff like "chroot"-ing an Apache install, and input-verification on SQL-like databases. Again, if practical, log events and check file checksums.
Limit user access to application on a need-to-have basis.
Next level, loss prevention: Here's where your firewall, anti virus, anti-malware and user policies come in. Keep all users (even your admins) to the least privileges to get a job done. Have a system to add new users and remove old ones. Keep AV & other security apps patched, and make sure it is working.
If your users will comply, then training is a good thing. Explain why they can't use myspace / utorrent / aim on critical work machines, and hold them accountable if they do violate policy.
(* as Scheiner says, I think it was something like this.. users will try to step across policy bounds, and if your policy isn't enforced, word gets out fast. A poorly enforced policy is useless. Don't waste time making them.)
Review your firewall policy on some schedule, so you can tell if changes were made without authorization.
Review policies on a set schedule - everything from changing keys to the server room, changing passwords, who has night/ weekend access, whether devices like CDs and USB can be booted from or 'autoplay'-able.
Use a UPS (power supply) and keep the machines off the ground where water, bugs, or clumsy employees can damage them.
Write this stuff down as a policy, and be prepared to justify it to outsiders if you keep anybody else's data.
Next level: recovery planning
Frequent backups, of course.
Check those backups .. verify that you actually have a working backup, and check them for viruses. If practical, keep backups off-site. If you can technically perform and/or afford clustering, virtualization, or other fail-over solutions, then split your work up over 2 or more machines. If one fails, be ready to move to the backup. Lots of ways to do this in hardware or software.. one hardware package I recently read about was Novell's (just bought) "PlateSpin".
Put in some system so you (or appropriate people) get some kind of auto-message from your UPS if power fails, or get called if your network goes down. Your recovery plan needs a start point - usually something other than " Monday AM, the CEO calls and complains". Try to avoid that one :)
Depending on how critical your systems are, you may want to have 24/365 monitoring including video camera or recorded logs of swipe/key access to the server rooms.
Network security is a whole 'nuther animal.
Again, layers of security..
block ports you don't need, firewall users/ IPs you don't need, use a VPN if you can, change default passwords on routers & switches, restrict physical and virtual access.. etc.
I've been taught to use layers of security, or "defense in depth".
Most of these practices & policies will be done over and over again - not a one-time fix, but a process.
At the lowest level, (your machine) - evaluate and address physical security. Do you need to keep this in a locked room so nobody tampers with it? Evaluate & update BIOS and Firmware if appropriate. Remove or block USB, CD/DVD and other drives if necessary.
Next level, the operating system: no matter what you use (Linux, Win, mac, others) make sure you limit administrator or root access and make strong passwords for all users.
(For Windows this means 15+ characters), Patch the OS on a regular schedule, and make sure to disable or remove any services or programs that aren't needed.
If this is a critical system, then some system-file checking system should be used. Make sure that system files haven't changed unless you change them. Update your information regularly, and keep the tables or checksums that you collect from that machine in a safe place (your only copy should not be on the same machine).
Turn on logging, and if practical - store the logs on another machine where they can't be easily tampered with.
Next level, applications: only install what you need, and clean up anything you remove. Manually verify that patches are done on a systematic schedule. Check for security 'best practices' - stuff like "chroot"-ing an Apache install, and input-verification on SQL-like databases. Again, if practical, log events and check file checksums.
Limit user access to application on a need-to-have basis.
Next level, loss prevention: Here's where your firewall, anti virus, anti-malware and user policies come in. Keep all users (even your admins) to the least privileges to get a job done. Have a system to add new users and remove old ones. Keep AV & other security apps patched, and make sure it is working.
If your users will comply, then training is a good thing. Explain why they can't use myspace / utorrent / aim on critical work machines, and hold them accountable if they do violate policy.
(* as Scheiner says, I think it was something like this.. users will try to step across policy bounds, and if your policy isn't enforced, word gets out fast. A poorly enforced policy is useless. Don't waste time making them.)
Review your firewall policy on some schedule, so you can tell if changes were made without authorization.
Review policies on a set schedule - everything from changing keys to the server room, changing passwords, who has night/ weekend access, whether devices like CDs and USB can be booted from or 'autoplay'-able.
Use a UPS (power supply) and keep the machines off the ground where water, bugs, or clumsy employees can damage them.
Write this stuff down as a policy, and be prepared to justify it to outsiders if you keep anybody else's data.
Next level: recovery planning
Frequent backups, of course.
Check those backups .. verify that you actually have a working backup, and check them for viruses. If practical, keep backups off-site. If you can technically perform and/or afford clustering, virtualization, or other fail-over solutions, then split your work up over 2 or more machines. If one fails, be ready to move to the backup. Lots of ways to do this in hardware or software.. one hardware package I recently read about was Novell's (just bought) "PlateSpin".
Put in some system so you (or appropriate people) get some kind of auto-message from your UPS if power fails, or get called if your network goes down. Your recovery plan needs a start point - usually something other than " Monday AM, the CEO calls and complains". Try to avoid that one :)
Depending on how critical your systems are, you may want to have 24/365 monitoring including video camera or recorded logs of swipe/key access to the server rooms.
Network security is a whole 'nuther animal.
Again, layers of security..
block ports you don't need, firewall users/ IPs you don't need, use a VPN if you can, change default passwords on routers & switches, restrict physical and virtual access.. etc.
Powered by Yahoo! Answers
Tidak ada komentar:
Posting Komentar