Manuals / VBrick Systems / Photography / Security Camera

VBrick Systems 7000 manual Logging, Improving Security

Models: 7000

1 85
Download 85 pages 21.22 Kb
Page 31
Image 31

Generate Security Keys

The security keys used internally by HTTPS and SSH are

 

factory-generated and should be replaced only if security is an

 

issue. Note: Key generation is CPU-intensive and should only be

 

performed when the appliance is idle. It will take 3–5 minutes if

 

the appliance is idle (or much longer if the appliance is in use).

 

 

Security Keys Status

Valid Keys – The existing security keys are valid.

 

Generating Keys – New security keys are being generated.

 

Reboot Required – New security keys have been generated and

 

will take effect after a reboot.

 

 

Improving Security

You can improve security by (1) blocking unauthorized attempts to login and access a device and (2) by reducing exposure to malicious software attacks. The most common vulnerability is related to user accounts and passwords. After a successful installation, you should immediately change the default passwords. Many attacks come from within an organization and this helps to minimize the risk. The VBAdmin login is generally secure since it utilizes encryption techniques to hide usernames and passwords from network spyware.

Malicious software covertly attaches itself to unsuspecting devices. These programs are generally designed to compromise personal information or to create system havoc. Since the VBrick appliance uses an industrial-grade operating system, it is less susceptible to malicious software and unlikely to be a target of programs designed to attack PC-based systems like Microsoft, Linux, and others. However, you can still take additional steps to minimize risk. VBrick tries to make installation as simple and quick installation and many features are automatically enabled by default even though you may not need them. You can selectively disable unneeded features to reduce vulnerability. Another common problem is Denial of Service (DoS) attacks. A DoS sends floods of packets to an unsuspecting remote system in an attempt to disrupt or stop normal operation. These unsuspecting remote systems are typically discovered using ICMP or Ping. It is standard industry practice to block all ICMP and Ping requests from off-net foreign hosts. This is typically done in a centralized location using router/firewall technology which is more successful and cost effective than resolving the issue at each host.

Logging

Logging of certain events can be stored both locally (within the VBrick device) or externally (for example on a server). Local logs are stored in volatile memory. For preservation of information, it is recommended that remote logging be utilized. Remote servers generally offer ample storage and offer the additional benefit of collecting log information from several VBricks simultaneously. When logging externally, specify either the IP address or hostname of the actual server using the Remote Event Log Destination field. If remote logging is enabled, the log information is sent via SNMP traps. When you enable logging, be sure to set the system date and time (see System Time on page 11) or select a network time server in order to get accurate time stamps in the logs.

22

© 2009 VBrick Systems, Inc.

Page 30 Page 32
Page 31
Image 31
VBrick Systems 7000 manual Logging, Improving Security
Page 30 Page 32