– SECURITY INTEGRATOR · LEVEL 1 · STUDY LEARNING

Network and system hardening for camera-to-VMS deployments BETA

The hub course where the network, the cameras, and the Windows servers come together into one designed system. Four topology models for physical security networks, camera-to-VMS hardening discipline, and the operational habits that hold up under audit. Vendor-neutral. Free.

Start the course → All courses

What you will learn

This is the synthesis course in the Study Learning suite. By the end you can pick a deployment topology for a client risk profile, write a camera-to-VMS firewall policy that lets the system work and nothing else, hold the line on the compatibility matrix during procurement, set up ONVIF service accounts at the right privilege level, and demonstrate the NTP discipline that holds up under evidentiary review.

The four-model framework (Connected / Isolated / Pseudo-connected / Air-gapped) is the organizing structure of the course. Different organizations use different names; the underlying choices are stable. Example VLAN and IP schemes shown in the lessons are illustrative — adapt them to whatever the customer already runs.

Course outline

PART 01

The Integrator's Mandate

What the security integrator network actually is. The four topology models that cover every real install. How to pick one for a client risk profile.

3 lessons

PART 02

The Connected Model

Shared infrastructure with strict VLAN segmentation and firewall policy. Camera-to-VMS firewall rules. The jump host pattern for management isolation. Includes a checkpoint.

3 lessons + checkpoint

PART 03

Isolated and Pseudo-Connected

Physically separate networks. One-way bridges (data diodes or firewall-enforced one-way egress). When each model fits and what each costs.

3 lessons

PART 04

The Air-Gapped Model

No electronic bridge of any kind. Sneakernet operations. The regulatory and threat drivers that make air-gap mandatory. The hash-verified firmware transfer pattern. Includes a checkpoint.

3 lessons + checkpoint

PART 05

Camera-VMS Hardening

Procuring against the compatibility matrix. ONVIF service accounts at the right privilege level. Firmware baselines per platform. The NTP discipline that underwrites evidentiary chain.

4 lessons

PART 06

Operational Discipline

Documentation that someone else can read. Change control that holds up under audit. The consolidated integrator hardening checklist. The judgement to know when an issue belongs to someone else. Final assessment closes the course.

4 lessons + final assessment

Prerequisites

This course is the synthesis course. It expects (or assumes you can comfortably skip):

Network Primer Level 1 — networking foundations.
CCTV Fundamentals Level 1 — the camera side.
Network Hardening Level 1 — vendor-neutral switch hardening.
Windows Hardening Level 1 — VMS and access control server hardening.

Without those, the topology decisions here will feel arbitrary because the constraints they enforce are taught in those courses.

Course details

Level, Level 1 (beginner)
Length, ~90 minutes
Lessons, 20 across 6 parts
Knowledge checks, 8 total (2 per checkpoint, 4 in the final)
CLI animations, 8 integration-focused scripts (nmap policy verification, firewall ACL inspection, ntpdate across the stack, curl/jq against a VMS compatibility matrix, ONVIF service account creation, isolation reachability, inter-VLAN routing, hash-verified firmware transfer)
Cost, Free
Author, Hans Study
Status, BETA

Ready to start?

The course opens at lesson 01 and steps through all 20 lessons in order. Use the prev / next buttons or arrow keys to move between lessons. Score is tracked on the bottom bar and a completion certificate appears at the end.

Open the course →