Disconnected: The importance of VLANs
There are many reasons why network-based connectivity is increasingly adopted as the communications method of choice for a variety of risk-relevant systems and solutions. Cost efficiencies, flexibility, interoperability and the ability to future-proof systems are all major selling points. Because network technology is – by nature – open, it is important that those using it in critical systems understand, and address, its vulnerabilities to ensure overall security is not compromised.
The benefits which have been brought to the security sector, and more specifically the video surveillance sector, by the wider use of network-based topology are significant. Indeed, they have brought the potential for mainstream surveillance systems from the rather limited roles of viewing, recording and analysing incidents through to being the multi-functional and flexible tools for a wide range of tasks that represent today’s solutions.
Whilst it must be accepted that the mere fact of using a network topology isn’t a panacea, in the majority of applications the benefits of the technology can be exploited to deliver additional value. The reality is that much of what video surveillance offers – the real-time capture, management and analysis of video and audio streams, the use of additional triggers and data to affect that management, followed by the generation of actions based upon events occurring – need not be limited to purely security-related tasks. During times when a site is at a lower risk, such as during normal working hours, the system can still capture and manage that data, but the relevant triggers and actions can be adjusted to serve other purposes. This delivers additional value for the user.
Another benefit offered by network-based technology is that developments are very rapid, and are being driven by other sectors, including the consumer market. Whilst some might think that this could potentially ‘dumb down’ security technology, that’s not actually the case!
In recent years, one of the most significant advances emerging from the consumer market has been mobile data management devices. Network-based technology has always offered remote access to data of all types, and this is a benefit in many security applications, not least those with distributed sites. However, the introduction of mainstream mobile devices such as tablets and smartphones has ensured that surveillance systems can deliver video, audio and data into the hands of the end user, no matter where they might be located.
Rather than ‘dumbing down’ security solutions, the adoption of technologies evolving in the consumer market and other industrial sectors has made surveillance more flexible, more accessible and – many will argue – more intelligent.
Networked solutions become ever more flexible when connectivity is considered. That the technology can also make use of a large, open and very comprehensive WAN – the internet – is a blessing. Well, to be clearer, it’s both a blessing and a curse. Thankfully, the risks of transmitting security-related data over the internet can be mitigated if the right approach is taken.
There are two risks which stand out above others: data security and quality of service. These can be addressed through the use of VLANs and VPNs.
It is simplest to consider a VPN (Virtual Private Network) as a secure LAN. It has the characteristics of a LAN, but it uses the internet to allow remote connectivity to a system. The core LAN at a protected site can therefore be extended, allowing authorised users to connect to it, as if they physically part of it, from another location.
In typical networking, businesses use VPNs to allow staff to utilise company resources on the local network while working remotely or travelling. In surveillance, the usual use for a VPN allows video streams and other associated data to be viewed and managed from a central control room or a head office. It can also allow mobile users to view the system, and interact with it, using mobile devices.
VPNs can have varying degrees of security applied to them, dependent upon the risks being faced. The most basic security measure uses log-ins with user name and password, but often this should be enhanced with encryption or links only being allowed from ‘trusted’ devices.
VPNs can be Layer 2 or Layer 3, and can be established as point-to-point, or with multipoint characteristics, dependent upon the site’s needs.
Whilst VPNs are predominantly considered for secure remote connectivity over other networks, VLANs (virtual local area networks) differ in that they either allow parts of a single LAN to exist as separate entities, or bring together separate LANs to work as a single entity. For surveillance operations, the first example is most commonplace.
As such, this allows a virtual local area network to be constructed, thus preserving a specified amount of bandwidth exclusively for the use of the surveillance system. This ensures that other data on the network does not affect the performance of the surveillance system, whilst also preventing the video streams from creating congestion on the network, causing other data traffic to fail.
VLANs are Layer 2, implemented at the switch. However, they can allow the creation of multiple Layer 3 networks using the same switch.
Aside from quality of service issues, many experts feel that using VLANs for surveillance, where the network is shared with other data traffic, is good practice. It keeps the network ‘tidy’ with regard to maintenance and trouble-shooting, and also ensures that any issues on the data network do not impact on the surveillance operation.
Ultimately, every application will have differing criteria to meet, but where network-based solutions are employed, security must always come first!