Filter
Top Products
C2641M (9/06) 9
OPERATING SYSTEM SECURITY
Upon a successful boot procedure, the DX8100 will automatically load the Windows
®
2000 operating system. This operating system is
specifically tailored for use on the DX8100. It does not have the standard feature set found in the commercially available version of the
Windows 2000 operating system. This means that services that are not needed for the correct operation of the DX8100 have been removed to
eliminate potential vulnerabilities.
Only two user accounts are available in the DX8100’s operating system software. These user accounts should not be confused with the accounts
assigned by the DX8100 application software. An administrator account allows a designated user to make changes to the registry and security
settings to accommodate the requirements of the specific site. A single user account, which is automatically logged in during boot up, is used to
start and run the DX8100 application software. The capabilities of the user account have been dramatically reduced to prevent the default user
from modifying the operating system setup.
This reduction of services and operating system capabilities is based on recommended lockdown procedures of the National Institute of
Standards and Technology (NIST) for security-hardened computer systems. In addition to the NIST lockdown, a further lockdown of the Microsoft
Internet Information Service (IIS) server has been implemented.
In finding a balance between security and functionality, Pelco has consistently opted for security but leaves it up to the administrator to unlock
features that might be useful if the administrator has determined that the additional security of the lockdown is not needed. A typical example of
this is the capability of the DX8100 to use dynamic IP addresses. Because IP addresses can change over time, clients must use a different
mechanism to connect to the server than by simply providing an IP address. The additional use of NetBIOS protocol services allows the computer
to find IP addresses on the local LAN by system name. However, the NetBIOS service also has a known vulnerability. To counter this vulnerability
while still providing end users with a flexible platform, NetBIOS services are disabled at the factory but can be enabled by an administrator,
when needed. The administrator then needs to apply alternative means to protect against hackers and viruses, for instance, by using a firewall.
How to enable services on the DX8100 is outside the scope of this manual. Please check with your information technology specialist or contact
Pelco Product Support for further instructions.
WINDOWS OPERATING SYSTEM UPDATES
Due to the lockdown of nonessential services on the DX8100, administrators are advised against installing every operating system upgrade
published by Microsoft. The majority of these updates are not applicable to the DX8100. Pelco will redistribute any necessary operating system
upgrades as part of a system upgrade.