- Aug 31, 2013
- 367
- 1
- 10,960
So this is my situation.
I am a computer science student working at a health food retail store. We don't exactly have an IT department, and our Systems Administrator's knowledge is limited mainly to the software which keeps our systems running. Our store manager apparently took notes from Howard Hughes regarding paranoia. I say this because we currently have 31 IP security cameras installed (relatively small store too) and he wants to double this number.
Only problem is, our network is congested because whoever set it up, set the entire network on a /8. So while my knowledge of network communications is limited, I am guessing ~81 hosts all communicating on the same broadcast network is a terrible idea. Here is a breakdown of our network
(3) Switches, Linksys GS724TP (this one powers the IP cameras as it offers PoE), GS724T & JGS542.
(1) Motorola Router SBG6580
(9) Network Printers
(7) Network Scales (for weighing sandwiches, meats etc, requires network access so that we can program ingredients, prices etc).
(25) Desktop computers + (1) Laptop
(31) IP cameras, only two of which record audio as well.
(2) Wireless Scanners
(1) Windows 2008 Server
(1) Credit card processing server
(1) POS server
(1) IP camera server + Storage
I am pretty sure I can work some sort of deal with tuition reimbursement plan if I can solve this problem. I am hoping to put into action whatever plan on Thanksgiving, as it will be the only time I may have ~36 hours to work straight since the store will be closed.
My first question I suppose is, as far as network segmentation goes. I would guess creating two networks from our 10.0.0.0/8, into let's say 10.0.1.0/24 & 10.0.2.0/24. One network for only cameras and one for everything else.
Second question is concerning the hardware. To the best of my knowledge, we do not run any sort of port security, ACLs etc, but I would like to down the line if I am permitted further freedom to tinker. But for now, I would assume with the increased routed transactions, we will need something more powerful than our current SoHo router.
Third question, for something such as a network bandwidth monitor. Does anyone have suggestions? I would like someway to physically map out what is using X % of the bandwidth so I can put some sort of presentation or packet together to present. And where would this be installed to? I would say the router, but from what I remember from my Cisco training, since everything is on the same network, the router pretty much only deals with requests to the outside. So I would say switch, but since we have three, would each switch only indicate the performance for the 24 slots it has filled? Then I figure on the server itself, but the boss man seems to want to protect access to this like fort knox. Even though our POS has its own dedicated server, our credit cards are processed through a dedicated server. He seems to believe that breaking our Windows server will cause the store not to function. So he generates a random password and locks it in the safe, generating a new one each time the old one is used. Which is fantastic and all, but keeps the default logins for just about everything else.
Thanks to those of you who reached this point, I know it was quite a doozie of a question, but hopefully someone has a similar experience and can share some hindsight. Look forward to the feedback ~Sub
I am a computer science student working at a health food retail store. We don't exactly have an IT department, and our Systems Administrator's knowledge is limited mainly to the software which keeps our systems running. Our store manager apparently took notes from Howard Hughes regarding paranoia. I say this because we currently have 31 IP security cameras installed (relatively small store too) and he wants to double this number.
Only problem is, our network is congested because whoever set it up, set the entire network on a /8. So while my knowledge of network communications is limited, I am guessing ~81 hosts all communicating on the same broadcast network is a terrible idea. Here is a breakdown of our network
(3) Switches, Linksys GS724TP (this one powers the IP cameras as it offers PoE), GS724T & JGS542.
(1) Motorola Router SBG6580
(9) Network Printers
(7) Network Scales (for weighing sandwiches, meats etc, requires network access so that we can program ingredients, prices etc).
(25) Desktop computers + (1) Laptop
(31) IP cameras, only two of which record audio as well.
(2) Wireless Scanners
(1) Windows 2008 Server
(1) Credit card processing server
(1) POS server
(1) IP camera server + Storage
I am pretty sure I can work some sort of deal with tuition reimbursement plan if I can solve this problem. I am hoping to put into action whatever plan on Thanksgiving, as it will be the only time I may have ~36 hours to work straight since the store will be closed.
My first question I suppose is, as far as network segmentation goes. I would guess creating two networks from our 10.0.0.0/8, into let's say 10.0.1.0/24 & 10.0.2.0/24. One network for only cameras and one for everything else.
Second question is concerning the hardware. To the best of my knowledge, we do not run any sort of port security, ACLs etc, but I would like to down the line if I am permitted further freedom to tinker. But for now, I would assume with the increased routed transactions, we will need something more powerful than our current SoHo router.
Third question, for something such as a network bandwidth monitor. Does anyone have suggestions? I would like someway to physically map out what is using X % of the bandwidth so I can put some sort of presentation or packet together to present. And where would this be installed to? I would say the router, but from what I remember from my Cisco training, since everything is on the same network, the router pretty much only deals with requests to the outside. So I would say switch, but since we have three, would each switch only indicate the performance for the 24 slots it has filled? Then I figure on the server itself, but the boss man seems to want to protect access to this like fort knox. Even though our POS has its own dedicated server, our credit cards are processed through a dedicated server. He seems to believe that breaking our Windows server will cause the store not to function. So he generates a random password and locks it in the safe, generating a new one each time the old one is used. Which is fantastic and all, but keeps the default logins for just about everything else.
Thanks to those of you who reached this point, I know it was quite a doozie of a question, but hopefully someone has a similar experience and can share some hindsight. Look forward to the feedback ~Sub
Facebook
Twitter
Instagram