Skip to content
BastionSec
Contact us
Managed · Physical & network security

Cameras and access control: we configure, secure and manage them. You pick the hardware.

We handle the systems and software side: dedicated network, segmentation, accounts, encryption, retention and monitoring. We don't sell cameras or NVRs: you choose and buy the hardware, we make it secure and manageable.

  • Setup and management only: configuration, network integration and software. No hardware sales.
  • Cameras and NVRs isolated on a dedicated VLAN: no IoT gear talking to your servers.
  • Accounts, MFA where possible, encryption and retention configured per policy and GDPR.
Contact usZero Trust architecture

When we help

You have a system, or you're about to install one, but nobody owns its cyber security?

System installed, never secured

Cameras and NVRs wired to the corporate network with factory credentials and firmware never updated. We secure it.

New system to configure properly

You picked the hardware with your installer: we integrate it into the network, segment it and configure it the right way.

Audit or certification touching physical security

ISO 27001's Annex A includes physical controls: video surveillance must be managed and documented, not left to itself.

See ISO 27001
IP cameras and NVRs are among the most attacked IoT devices: often exposed to the Internet with default credentials, vulnerable firmware and no segmentation. A badly set-up system is an entry point into your network, not a security measure.

What we configure and manage

  • Network integration and segmentation: cameras and NVRs on a dedicated VLAN, isolated from the user network and servers, with explicit firewall rules.
  • Device hardening: removing default credentials, disabling unnecessary services (UPnP, P2P cloud), firmware updates.
  • NVR/VMS software management: recording software configuration, streams and channels, quality and motion settings.
  • Accounts and access: named accounts with least privilege, roles, MFA where the system supports it, no shared accounts.
  • Encryption: video traffic encrypted where supported (RTSPS/HTTPS), credentials and configurations protected.
  • Retention and privacy: retention periods consistent with policy and GDPR, access to footage logged.
  • Access control (network badges/locks): integration, accounts, entry logs, controller segmentation.
  • Monitoring and logs: device status, tampering/offline alerts, centralised logs for audit.

What we don't do: clear boundaries

Honest about roles. We're the systems and cyber-security side of the installation, not the hardware vendor nor the installer.

We don't sell hardware

Cameras, NVRs, locks and badges are chosen and bought by you (or your installer). We give you selection criteria from a security angle, but we don't resell gear.

We don't do physical installation

Cabling, mounting and building works stay with the installer. We come in on configuration, network and software.

We don't run guarding

We're not a security-guarding firm and don't provide guards or a monitoring station: we configure and secure the system, we don't watch the footage for you.

We don't do forensic image analysis

We don't extract evidence or produce expert reports. We configure retention and logged access; investigative use of recordings is a different discipline.

How we work

A linear path, from photographing the system to ongoing management. People configure and validate; we document everything for audit and GDPR.

  1. 1

    System assessment

    We inventory devices, firmware, network exposure and configurations.

  2. 2

    Network design

    Dedicated VLAN, firewall rules, separation from users and servers.

  3. 3

    Hardening & configuration

    Credentials, firmware, accounts, MFA, encryption, NVR software.

  4. 4

    Retention & access

    Retention periods and logged access, consistent with policy.

  5. 5

    Monitoring

    Device status, offline/tampering alerts, centralised logs.

  6. 6

    Ongoing management

    Updates, account reviews and periodic checks on retainer.

Stack & references

We work at the category level, independent of your system's vendor: IP cameras and NVR/VMS from the main manufacturers, network-based access control, switches and NGFW firewalls for segmentation.

Method references: hardening per CIS Benchmarks where applicable, segmentation and least privilege along Zero Trust lines (NIST SP 800-207), management consistent with the physical and access controls of ISO/IEC 27001:2022 Annex A and with GDPR for footage retention.

Model and pricing

Initial setup as a project ('from' price, pinned down after the assessment: device count and network complexity drive the price) and ongoing management on a monthly retainer.

For multi-site environments or complex systems the model is on request. See the pricing page for the ranges.

Frequently asked

Do you sell me the cameras?

No. We don't sell hardware: cameras, NVRs, badges and locks are chosen and bought by you or via your installer. We configure, secure and manage the system. If you need it, we give you selection criteria from a security angle.

Do you also do the physical installation?

No. Cabling, mounting and works stay with the installer. We come in afterwards, on configuration, network integration and software.

Why put cameras on a dedicated VLAN?

Because cameras and NVRs are often-vulnerable IoT devices: isolating them on a dedicated network means that if one is compromised, it can't reach your servers or users' PCs. It's the first concrete measure of a properly built system.

What about default credentials?

We remove them. Most compromised systems are compromised because cameras and NVRs run with factory username and password, which are well-known and indexed. We set up named accounts with least privilege and MFA where the system allows it.

How long do we keep the footage?

We define it with you based on your internal policy and GDPR: retention must be proportionate to the purpose. We configure the periods and log access to recordings.

Do you also manage badge access control?

Yes, on the systems side: integrating the controller into the network, accounts, entry logs and segmentation. The hardware (readers, locks, badges) you choose yourselves.

Related services

Zero Trust

The segmentation and least privilege we apply to the system are part of a broader Zero Trust architecture.

Learn more

Network & enterprise WiFi

Firewall, VLANs and segmentation the video network sits on too: we manage the whole network.

Learn more

Detection & response

The system's logs and alerts feed continuous monitoring, with incident response on retainer.

Learn more

Is your system actually secure?

Tell us your need: we look at how cameras and access are configured and tell you, honestly, what needs fixing.

Contact us