Network Security – Part Two

Michael Accetta

By
On February 11th In IP Solutions, IP Surveillance Video, IP Tech Tips, Networking
Tags:

Internet Connected Networks

In the previous post we discussed a local network that had no Internet connection. Such a network is basically impervious to outside hacking attempts. However, the real benefit of a computer network is the availability on an Internet connection, which allows users on the LAN to access all sorts of data, programs, videos, and other Internet media.

You can think of an Internet connection like a door on your house. The door is there to perform two security functions. First the door keeps the kids and the dog inside the house, where they belong. The door also keeps the bad guys from just walking into your home and stealing your stuff. The doors on your house are necessary for you and your family to be able to experience the whole world, not just what’s inside your home. 

The door on your house will have one or more locks on it, that allow authorized users such as family members to open the door from the outside and enter your home. Your immediate family members have the keys, and perhaps you’ve given a set to your sibling or neighbor so they can handle some issues inside your house when you’re out of town.

The devices on a network that provide the door and lock set functions are routers, which provide connections between a LAN and the Internet or possibly between two LANs. In some cases the device provided by a client’s Internet Service Provider (ISP) such as a DSL or cable adapter provides the router function. In other cases the ISP provided device has no router built-in; in this case it is strongly suggested that the client have a router installed between the ISP device and the LAN. 

Basic Four Port Switch/Router from LeGrand, ADI part #H4-DA1004

In small commercial and residential systems the client will often have a device that combines the router function along with a network switch. 

The router provides a security function commonly called a firewall. The firewall is default programmed to stop any uninvited data communications from entering the LAN. So you can go to the www.espn.com website, click on Major League Baseball, and the baseball scores and news are sent via a data stream from ESPN, through the router, and to your PC or tablet. This data stream was requested from a device on the LAN, so the router allows it to pass through to the LAN. Alternatively, if a hacker attempts to pass through the router to try to hack your PC, the router will block the traffic; the hacker’s data packets are unsolicited outside traffic.

The key to understanding firewall functions and how they apply to physical security devices such as IP cameras is to know that the firewall can be programmed to allow specific outside traffic to enter the LAN and reach specifically programmed devices. 

In the next post we’ll go over how to set the firewall to allow specific traffic to enter the LAN from the Internet. Once properly programmed authorized users can access their IP-enabled security devices from any device that is connected to the Internet.