Pelco dx8100 DX8100 SECURITY, Internet Protocol Security, Firewalls, System Management, Snmp

DX8100 SECURITY

INTERNET PROTOCOL SECURITY

The DX8100 features built-in network security using Internet Protocol Security (IPSec). IPSec facilitates authentication and encryption at the network packet level. IPSec services protect the DX8100 from unwanted or potentially damaging network requests. With IPSec enabled, the DX8100 HVR will not respond to any unsecured communication across the network, whether friendly or malicious. IPSec only blocks unwanted or unauthorized communication flowing to the DX8100. It does not hinder communication sessions that are initiated by the DVR.

IPSec is enabled by default on the DX8100; however a system administrator can disable the service if it is deemed necessary for the proper functioning of the unit.

WARNING: Disabling IPSec services will expose your DX8100 Series HVR to potentially damaging network traffic. It is highly recommended that IPSec is enabled at all times for the protection of your system.

To disable IPSec services on the DX8100 Series HVR:

1.Exit the DX8100 application if it is running, and return to the Windows operating system.

2.Go to Start > Programs > Manage IPSec Policy. The DX8100 IPSec Policy dialog box opens.

Figure 12. DX8100 IPSec Policy Dialog Box

3.Deselect the Enable DX8100 IPSec Policy check box. Reselect the Enable DX8100 IPSec Policy check box to re-enable IPSec.

4.Click OK.

FIREWALLS

The DX8100 includes the Windows firewall that comes with Service Pack 2 for Windows XP. The security services provided by the Windows Firewall protects the DX8100 from unwanted or potentially damaging network requests. With the Windows Firewall and IPSec enabled, the DX8100 HVR will not respond to any unsecured communication across the network. However, there are potential risks to which you should be aware. The Windows Firewall does not block all ports. For a list of ports required for operation, refer to DX8100 Network Ports on page 15.

Pelco recommends that an external network firewall be used. The network firewall will provide additional protection for the DX8100. Regardless of which port or service is under attack, the port must be open or at least visible in order for the malicious program to exploit it. Firewalls filter and render all unneeded ports invisible, providing excellent protection against such attacks. Networked systems exposed in anyway to the outside world (for example, when connected to the Internet) should be equipped with network-based firewall protection.

SYSTEM MANAGEMENT

Any SNMP monitoring software can be used to monitor DX8100 system health events. This section describes the guidelines for implementing DX8100 and SNMP monitoring software communication.

•SNMP:

–Supported versions: SNMPv1 and SNMPv2

–SNMP community string: pelco

•NMS: Although the version 1.2 WinXP firewall is opened to allow incoming SNMP requests on port 161/udp, third-party network management stations (NMS) are not able to query a DX8100 running IPSec.

To enable a NMS to query the DX8100, select one of the following options:

–IPSec on: Run IPSec on the NMS (with the same passphrase, authentication, and encryption settings) performing SNMP polling.

–IPSec off: Turn IPSec off on the DX8100.

Ping echos are enabled through the WinXP firewall, so that a third-party network management station can auto discover DX8100s (standard procedure).