What is a VLAN and why do I need one?

A VLAN is a way of slicing a single physical network switch into multiple, isolated "virtual" networks. Even though the CCTV cameras and the staff laptops share the same cabling, they cannot "see" or talk to each other unless we explicitly allow it.

1. Security: The "Air-Gap" Effect

In a standard unmanaged network, if a guest connects a laptop to a wall jack, they can potentially see every device on the network—including your Access Control controllers and CCTV recorders.

  • The Risk: Most IoT devices (cameras/intercoms) have lightweight security. If one is compromised, a hacker could move "laterally" to your server or accounting PCs.
  • Our Solution: By putting security hardware on its own VLAN, we create a digital wall. Even if a guest gets onto your Wi-Fi, your security backbone remains invisible to them.

2. Performance: Preventing "Traffic Jams"

High-resolution 4K cameras generate a constant, massive stream of data.

  • The Problem: On a flat network, "broadcast traffic" from cameras can flood the entire system, causing lag on staff computers and buffering during Zoom calls.
  • Our Solution: VLANs keep that heavy camera traffic contained. Your staff gets full bandwidth for work, and your cameras get a clear, dedicated lane to the NVR (Network Video Recorder).

3. Compliance: Meeting NDAA and Insurance Standards

Many modern insurance policies and the NDAA (National Defense Authorization Act) require that security infrastructure be logically separated from public-facing networks. VLAN isolation is the industry-standard way to meet these requirements without the massive cost of running two separate sets of physical cabling.

The Kent-ITS Standard: We typically deploy MikroTik or UniFi hardware to manage these VLANs. This allows us to prioritize security traffic (Quality of Service) so that even during peak internet usage, your door entry and alarm signals never drop.

 

1

Network Audit

Mapping the traffic

We identify all "Guest," "Staff," and "Security" devices to determine how many isolated lanes are required.

2

VLAN Tagging

Logical separation

We assign a unique ID (e.g., VLAN 10 for CCTV, VLAN 20 for Access Control) to the specific ports on your managed switches.

3

Firewall Rule Injection

The 'Gatekeeper'

We program the router to block all traffic between these IDs, only allowing the NVR to talk to the cameras and authorized admin PCs to talk to the software.

4

Bandwidth Reservation

QoS setup

We ensure the Security VLAN is guaranteed enough "pipe" so that video streams never stutter, regardless of how much Netflix is being streamed on the Guest Wi-Fi.

 

I have a free antivirus installed. Doesn't that protect me from everything?

Unfortunately, no. While free antivirus tools provide a basic "shield," they are often the reason people let their guard down. This is known as a False Sense of Security, and modern cyber-threats are specifically designed to bypass these basic tools.

Here is why a free "shield" isn't enough:

  • Signature-Based Limits: Free tools usually look for "known" viruses (signatures). Modern malware is Polymorphic, meaning it changes its own code every time it infects a new machine to stay invisible to basic scanners.
  • The "Nagware" Distraction: Many free tools are actually marketing platforms. They bombard you with pop-ups to upgrade, which can lead to "Notification Fatigue"—users start clicking "Allow" or "Close" without reading, inadvertently letting a real threat through.
  • Zero-Day Vulnerabilities: These are flaws in your software (like Chrome or Windows) that hackers find before the developers do. Free antivirus rarely has the "Behavioral Analysis" needed to stop these brand-new attacks.
  • Browser Hijacking: Most modern infections aren't "viruses" in the traditional sense; they are malicious browser extensions or "Adware" that steal your data while your antivirus says "System Protected."

The Kent-ITS Standard: We don't just "run a scan." Our Virus & Malware Removal service involves a deep forensic clean of your system's registry and boot sectors. We then harden your machine with professional-grade configurations that block threats before they reach your files.

My computer has become painfully slow. Should I buy a "PC Cleaner" app, or is it time for a new machine?

Before you spend money on a new PC or a "Cleaner" subscription, you likely just need a Professional System Rebuild.

Most "PC Cleaner" apps are ineffective; they often delete harmless temporary files while leaving the real culprits—registry bloat, broken background services, and "telemetry" junk—untouched. In some cases, these apps can even make your system less stable.

We recommend a Clean Installation (System Rebuild) because it provides a "Factory Fresh" experience:

  • Total De-Bloating: We remove the hidden manufacturer software and trialware that slows down even brand-new PCs.
  • Registry Health: Instead of trying to "patch" a messy system, we start with a perfect, lean foundation.
  • Driver Optimization: We install only the latest, most stable drivers for your specific hardware, ensuring your components communicate at 100% efficiency.
  • Data Integrity: As part of a rebuild, we back up your important files, wipe the drive, and move your data back into a clean, fast environment.

The Kent-ITS Standard: If your hardware is still capable, a clean install—often paired with an inexpensive SSD upgrade—can make a 5-year-old laptop feel faster than the day you bought it.

How can I make sure I never lose my family photos or important files?

We implement the professional 3-2-1 Backup Strategy for all our residential clients. Relying on a single external hard drive or just "the cloud" is a single point of failure.

To truly protect your data, you need:

  • 3 Copies of your data: The original files on your computer, plus two backups.
  • 2 Different media types: For example, one backup on a Local NAS (Network Attached Storage) or encrypted external drive, and one in the cloud.
  • 1 Copy off-site: If the worst happens to your home (fire/flood/theft), your data stays safe in a secure, encrypted UK-based data center.

The Kent-ITS Standard: We don't just sell you a drive; we set up Automated Syncing. Whether you use a Mac (Time Machine) or Windows, your photos and documents back up in the background without you having to remember to "plug something in."

Why can't I just use the router my internet provider gave me?

Standard ISP routers are "all-in-one" devices designed for basic connectivity, not high-performance or security. When you have multiple users, smart home devices, and security cameras all fighting for bandwidth, these consumer-grade boxes often crash or "hang."

We replace or bypass these with a Managed Infrastructure (using professional gear from Zyxel, UniFi, or TP-Link). This gives you:

  • Dedicated L2 Managed PoE Switches: We use these to power your cameras and WiFi points directly over the data cable. This centralizes power and allows us to "reboot" a stuck camera remotely without visiting your site.
  • Hardware Offloading: Professional Access Points handle dozens of devices simultaneously without slowing down your main PC.
  • VLAN Support: Unlike ISP routers, our gear supports proper "Network Isolation" to keep your private data away from guest users or IoT devices.

The Kent-ITS Standard: We select the hardware stack based on your specific environment. Whether it’s the robust simplicity of Zyxel or the seamless ecosystem of UniFi, we ensure your backbone is business-grade.

Can my CCTV cameras 'see' my private office files or home computers?

On a standard "flat" network, the answer is technically yes. If a camera is compromised or has a firmware vulnerability, a bad actor can use that camera as a "beachhead" to scan your network for other devices, such as NAS drives, PCs, or servers. This is known as Lateral Movement.

To prevent this, we implement VLAN Segmentation (Virtual Local Area Networks).

  • Isolation: We place all CCTV hardware on its own dedicated "island" (VLAN). Even though they share the same physical cabling, the cameras are digitally locked away from your private data.
  • Preventing Snooping: By default, we configure firewall rules that allow your NVR to record the cameras, but prevent the cameras from ever "talking" to your PCs or the wider internet unless specifically authorized.
  • Traffic Management: This also ensures that high-bandwidth video traffic doesn't "flood" your main network, keeping your VoIP calls and Netflix streams stutter-free.

The Kent-ITS Standard: We don't just "plug and play." We use MikroTik and Managed PoE switches to ensure your security system is a closed loop, invisible to the rest of your digital life.

What happens to my doors if the building loses power?

In all our security installs, we provide Power Backup (UPS) to ensure the system stays online during a cut. For our enterprise Paxton systems, we use dedicated Net2 PSUs with battery backup. Depending on fire regulations and your specific needs, we configure locks as Fail Safe (open on power loss) or Fail Secure (stay locked). All our systems include a fire alarm integration to automatically drop power to locks during an emergency, ensuring a safe exit path."