Virus scanning policies, Network and firewall policies – Grass Valley K2 System Guide v.7.2 User Manual

07 April 2010

K2 System Guide

169

Virus scanning policies

Please note that this policy applies to “High Priority” updates only. There are
countless other updates not classified as “High Priority” which are made available by
Microsoft. If you feel that one or more of these other updates must be applied, we
request that you contact Grass Valley prior to installation.

You should exercise common sense when applying these updates. Specifically,
updates should not be downloaded or installed while a Grass Valley product is being
used for mission critical purposes such as play to air.

Virus scanning policies

The K2 system is based on the Microsoft Windows operating system. It is important
to defend this system against virus or SpyWare attacks. Grass Valley supports the
scanning of the K2 system drives (the disk drives or drive partition used to house the
operating system and installed application software) from a PC that is running the
scanning program while the K2 system is being used to record or play video to air.
The anti-virus package executing on the PC can be scheduled to scan the system
drives of multiple K2 systems.

The following strategies are recommended for virus scanning:

• Run the scanning software on a dedicated PC that connects to the K2 system via a

network mount. Do not run scanning software locally on the K2 system.

• Connect to the K2 system via 100BaseT network. This constrains the bandwidth

and system resources consumed, so as to not interfere with media operations. Do
not connect and scan via Gigabit Ethernet.

• Grass Valley does not support the running of anti-virus programs on a K2 system.

This includes K2 Media Server, K2 Media Client, K2 Summit Production Client,
and K2 Solo Media Server.

With these recommended strategies, you should be able to scan the K2 system without
interrupting media access.

Network and firewall policies

The following protection policies are recommended:

• Where possible, the K2 system should be run in a closed and protected

environment without network access to the corporate IS environment or the outside
world.

• If the K2 system must operate in a larger network, Grass Valley recommends that

access be through a gateway or firewall to provide anti-virus protection. The
firewall should allow incoming HTTP (TCP port 80) connections for client and
configuration connections to the K2 system inside the private network.

• If operating with an Aurora Browse system, ports should allow incoming packets

so requests to the Proxy NAS can be properly processed. The port that needs to be
open is port 445 for TCP and UDP for Windows and SAMBA shares. If your site’s
policies require that these port numbers change, contact Grass Valley support for
assistance.

• Access to the K2 system should be controlled in order to limit the likelihood of

malicious or unintended introduction of viruses.