Things to Consider When Operating in the Cloud
When it comes to operating in the cloud certain services may be required to be opened for operation. Typical services for communications include but are not limited to ports 80 (HTTP) and 443 (HTTPS). Recommendations around operations are to whitelist the URLs and of that service that are required and that the network is allowed to communicate with. Only open the minimum required to operate. Do not use “any” statements, allowing large numbers of connections, which can lead to data breaches. Other protection measures may include the use of intrusion protection services on the inbound and outbound connections. Best practices also include looking at the URL and ensuring it is using HTTPS secured by a trusted certification, not HTTP; and disallowing signing into a site using HTTP, as that can lead to clear text passwords passing over the web. Services that allow for cloud connections may use public known methods or may have proprietary means of communicating.
Below are examples of connecting to the two cloud-based video platforms we utilize.
Depending on your firewall rules, you may need to whitelist Verkada’s camera server domain, control.verkada.com (all port 443): *.control.verkada.com.(uses wildcard) If you prefer to not whitelist an entire domain, you may instead whitelist these specific subdomains:
For Avigilon’s strict firewall policies requiring whitelisting servers, you will want to whitelist the following:
Avigilon Cloud Services are hosted at the follow IP addresses:
Azure Web Services TCP port 443
Azure IoT Hub – TCP port 443
Azure Blob Storage – regional IP address mentioned above
Ably – TCP port 443 for IP address that may change without notice
PubNub – TCP 443 for IP address that may change without notice
Twilio (WebRTc) – TCP 443 for IP address that may change without notice
Google Analytics – TCP 443 for IP address that may change without notice