Virus scanning and protection policies – Grass Valley K2 Storage System Instruction Manual v.3.2 Sep.24 2007 User Manual

September 7, 2007

K2 Storage System Instruction Manual

689

Virus scanning and protection policies

Virus scanning and protection policies

The K2 Media Client and the K2 Media Server are based on a standard Windows
operating system platform. It is important to defend this system against virus or
SpyWare attacks. Grass Valley supports the scanning of system drives (the disk drives
or drive partition used to house the operating system and installed application
software) from a PC that is running the scanning program while the K2 computers are
being used to record or play video to air. The anti-virus package executing on the PC
can be scheduled to scan the system drives of multiple K2 Systems.

The following strategies are recommended for virus scanning:

• Run the scanning software on a dedicated PC that connects to the K2 system via a

network mount. Do not run scanning software locally on the K2 system.

• Connect to the K2 computer via 100BaseT network. This constrains the bandwidth

and system resources consumed, so as to not interfere with media operations. Do
not connect and scan via Gigabit Ethernet.

• Grass Valley does not support the running of anti-virus programs on a K2 computer

itself at the same time the system is being used to record or play video to air.

With these recommended strategies, you should be able to scan K2 computers without
interrupting media access.

In addition, the following protection policies are recommended:

• Where possible, K2 systems should be run in a closed and protected environment

without network access to the corporate IS environment or the outside world.

• If the K2 system must operate in a larger network, Grass Valley recommends that

access be through a gateway or firewall to provide anti-virus protection. The
firewall should allow incoming HTTP (TCP ports 80 and 280) connections for
client and configuration connections to the K2 system inside the private network.
Additionally, ports should allow incoming packets so requests can be properly
processed. The port that needs to be open is port 445 for TCP and UDP for
Windows and SAMBA shares. If your site’s policies require that these port
numbers change, contact Grass Valley support for assistance.

• Access to the K2 system should be controlled in order to limit the likelihood of

malicious or unintended introduction of viruses.

• The front and rear USB ports of K2 systems should normally be disabled; they

should only be used by Windows administrators. On a K2 Media Client, be careful
that you do not disable the internal USB connection to the RS-422 boards. Refer to
the K2 Media Client System Guide.