|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Possible to restrict IP address access using ACLs?viewing MJpeg streams from 30+ ip cameras located throughout our facility. None of the cameras will be accessable via the internet. Each camera has password protected access for up to 5 users. Some of these camera are located in sensitive areas and I need to allow/deny access to the camera based on AD group membership. At present, I'm using System.DirectoryServices to get the user's group membership and based on that membership allowing or denying access to the camera. While this works, it forces me to hard code the camera's password in the application and it doesn't solve the problem of a user being able to enter the camera's ip address in a browser and being presented with a camera log in screen. The latter is less of an issue as it's unlikely that the user would be able to guess the camera's username and password. However, I'd much prefer to make the camer'a invisible to users that don't/shouldn't have access to these cameras. Is there any way to limit access to specific ip addresses based on a user's AD group membership? If not, does anyone have any suggestions? Thanks -- Steve Hello,
I think this is more an infrastructure question. I would suggest putting the cameras in a different subnet (or vlan) and protected this subnet with a firewall. Microsoft ISA Server can allow/deny traffic based on Windows group membership. Kind regards, Henning Krause <StevenVib***@hotmail.com> wrote in message Show quoteHide quote news:1193403364.071883.129130@o38g2000hse.googlegroups.com... > I'm in the process of writing a WinForms application that will allow > viewing MJpeg streams from 30+ ip cameras located throughout our > facility. None of the cameras will be accessable via the internet. > > Each camera has password protected access for up to 5 users. Some of > these camera are located in sensitive areas and I need to allow/deny > access to the camera based on AD group membership. > > At present, I'm using System.DirectoryServices to get the user's group > membership and based on that membership allowing or denying access to > the camera. While this works, it forces me to hard code the camera's > password in the application and it doesn't solve the problem of a user > being able to enter the camera's ip address in a browser and being > presented with a camera log in screen. The latter is less of an issue > as it's unlikely that the user would be able to guess the camera's > username and password. However, I'd much prefer to make the camer'a > invisible to users that don't/shouldn't have access to these cameras. > > Is there any way to limit access to specific ip addresses based on a > user's AD group membership? If not, does anyone have any suggestions? > > Thanks -- Steve > Henning,
Thanks for the suggestion--I'll have a look at what setting up ISA Server entails. This would certainly be the cleanest approach. -- Steve On Oct 27, 1:46 pm, "Henning Krause [MVP - Exchange]" <newsgroups_rem***@this.infinitec.de> wrote: Show quoteHide quote > Hello, > > I think this is more an infrastructure question. > > I would suggest putting the cameras in a different subnet (or vlan) and > protected this subnet with a firewall. Microsoft ISA Server can allow/deny > traffic based on Windows group membership. > > Kind regards, > Henning Krause > > <StevenVib***@hotmail.com> wrote in message > > news:1193403364.071883.129130@o38g2000hse.googlegroups.com... > > > > > I'm in the process of writing a WinForms application that will allow > > viewing MJpeg streams from 30+ ip cameras located throughout our > > facility. None of the cameras will be accessable via the internet. > > > Each camera has password protected access for up to 5 users. Some of > > these camera are located in sensitive areas and I need to allow/deny > > access to the camera based on AD group membership. > > > At present, I'm using System.DirectoryServices to get the user's group > > membership and based on that membership allowing or denying access to > > the camera. While this works, it forces me to hard code the camera's > > password in the application and it doesn't solve the problem of a user > > being able to enter the camera's ip address in a browser and being > > presented with a camera log in screen. The latter is less of an issue > > as it's unlikely that the user would be able to guess the camera's > > username and password. However, I'd much prefer to make the camer'a > > invisible to users that don't/shouldn't have access to these cameras. > > > Is there any way to limit access to specific ip addresses based on a > > user's AD group membership? If not, does anyone have any suggestions? > > > Thanks -- Steve- Hide quoted text - > > - Show quoted text - 
Other interesting topics
SSL for dummies... how to generate X509Certificate (*.DER) files?
Try to hack my web site! SQLClientPermission problem ??? Which Key Encrypts .Config Files ??? Cant Create Instance of IE7 Via IIS 7 (I think security related) Prompt for domain login Cannot access the private key of a local machine certificate which is installed by another user Problem with nested AD-groups Got error w/DirectoryEntry.RefreshCashe on a DC but not the other Specified key is a known weak key for (encryption name) and cannot be used. |
|||||||||||||||||||||||
