How can I protect my security system, from an IT security perspective?
The attached document explains how the security system can be hardened. Additionally the BVMS - Network Design Guide includes best practices for desgning a secure network.
MTU and MSS
MTU stands for "Maximum Transmission Unit."
MTU is a networking term that defines the largest packet size that can be sent over a network connection. The MTU is typically limited by the type of connection, but may sometimes be adjusted IT network settings. The typical value of the Network MTU is 1514 Byte. If a system sends packets over an Ethernet network that are larger than this size, the data will be fragmented into smaller packets. When referring to Ethernet MTU this includes 4 Byte checksum. The 1514 Byte is the interface MTU without the Ethernet Checksum.
In cae there are limitations by the type of connection, the packets will then need to be reassembled on the receiving side (e.g. Bosch video management software or Bosch hardware decoder). However, it can be beneficial to optimize the packet size on the sender side (e.g. IP camera) to the exisitng network infrastructure.
As MTU maximum packet size is layer 1 related, the IP MTU that you can be adjusted at the BOSCH device configuration (Configuration Webpages or with the help fo BOSCH configuraiton software like "Configuraiton Manager"). The BOSCH GUI refers to this as “Network MTU”. BOSCH products can manage fragmented data.
MSS stands for "Maximum Segment Size"
The MSS value is calculated from the MTU. MSS = MTU – (layer 3 TCP header [20 Byte] + Layer 2 IP header [20 Byte]+ Layer Ethernet 1 [6+6+2 = 14 Byte])
For example looking at CPP 6 Platform – like FLEXIDOME IP panoramic 7000 MP in Firmware version 6.50.0128 you can adjust and find the following values:
Network MSS (in Byte) - default value = 1460
iSCSI MSS (in Byte) – default = 1460
Network MTU (in Byte) – default = 1514
MTU and MSS can be adjusted at all released firmware versions 4.x and later.
Here some screenshots as example based on Firmware 06.50.0128
In this article we cover the following basic questions:
How to Factory Default a NetApp E-Seires unit by using BOSCH tools and NetApp WEB GUI?
How to download the NetApp Support Bundle of a reachable online NetApp Storage Array
How to Factory Default a NetApp E-Series that you bought via BOSCH sales channel? Using the BOSCH Configuraiton Manager 6.00 or 6.01 the NetApp models E2600, E2700 and E2800 can be managed. Especially we recommend to use the BOSCH Configuration Manager version 06.01 when using a NetApp E2800 to have all models (also former models E2700 and E2600) supported. Also in the BOSCH Configuraiton Manager 6.01 the Basic configuration for the initial setup is helpful as well as the Factoury Default option and Clear option is available. Of cours the NetApp E2800 offers also a WebGUI by using the IP of the management port of a controller. The following screenshot made from the BOSCH Conmfiguration Manager shows the options available in the tab "Basic Configuration" when a NetApp E-Series (DSA E-Series) is already added to a VRM system in the Configuraiton Manager. The Button "Defaults" is used to trigger the "Reset Storage Array" mechanism of NetApp. At a E2800 all configuration is eliminated but the Management Port IP still remains to ensure that the WEB GUI of NetApp and the communiction of the BOSCH Configuraiton Manager can still work.
How to download the NetApp Support Bundle of a reachable online NetApp Storage Array In the Tab "My Devices" of the Configuration Manager 6.01 and newer versions you can also now download the Support Bundle (collection of logfiles) from a NetApp E2800 stroage system. Select the NetApp E2800 in your device tree that is added to a VRM system and right-click on it. There you find "File Download" and "Maintenance Log..." - Choose that to download the NetApp Support Bundle.