SSLF and EC Secure Configurations on Windows XP and Windows Vista with C CURE 9000

Similar documents
C CURE 9000 Version 2.20 Patch 4 R2

OnSSI C CURE 9000 Video Integration

Quick Start Installation Guide

C CURE HDVR Integration User Guide. Version 1.93 REVISION A0

C CURE 9000 Version Monitoring Station Guide REVISION M0

C CURE 9000 Version Personnel Configuration Guide REVISION L0

A0. HD 4 Channel and 8 Channel Digital Video Recorder Quick Start Guide

C CURE 800/8000 REPORTS GUIDE. Version 9.1 REVISION A0

The Discover 300, 500 and 700 Series of

Avigilon Control Center System Integration Guide

LiNC-NXG for Windows 8 Professional, Windows 7 Professional, Vista Business Edition and XP Professional

C CURE 9000 Security and Event Management System

Release Notes. Version 1.6

Avigilon Control Center System Integration Guide

Genesys Decisions. Genesys Decisions IT Administration Guide 8.5

DefendX Software Control-Audit for Hitachi Installation Guide

Connect Install Guide

Microsoft SQL Installation and Setup

CCURE9000-ECLEID. Installation Manual. For the Belgian Electronic ID Reader

ADTVR-VS2 Embedded Video Recorder

USB Control Module Software Utilities

Reference manual Integrated database authentication

Oracle Hospitality Simphony Cloud Services Post-Installation or Upgrade Guide Release 2.10 E July 2018

Installation Instructions New and Upgrade

User Guide. Illustra Connect Version C0

Centrix WorkSpace IQ Installation Guide. Version 4.5

PACS. User Guide. Installing PACS on a Peer to Peer Network. pacs1.6

One Identity Manager 8.0. Administration Guide for Connecting to Active Directory

Database Creation & Setup for SQL Server

Release Notes for Avaya Proactive Contact 5.0 Supervisor. Release Notes for Avaya Proactive Contact 5.0 Supervisor

FieldView. Management Suite

Release Notes for Avaya Proactive Contact 5.0 Agent. Release Notes for Avaya Proactive Contact 5.0 Agent

ACCELERATOR 8.0 CISCO UNIFIED PRESENCE INTEGRATION GUIDE

Avigilon Control Center Server User Guide

Security in the Privileged Remote Access Appliance

SolidWorks Enterprise PDM Installation Guide

NTP Software File Auditor for Windows Edition

Oracle Hospitality ecommerce Integration Cloud Service Security Guide Release 4.2 E

Molecular Devices High Content Screening Computer Specifications

Product Release Notes for Avaya Proactive Contact Supervisor

Getting Started with Attunity Replicate on Amazon EC2. Version 6.0

CRYPTOCard Migration Agent for CRYPTO-MAS

Acronis Backup & Recovery 11 Beta Advanced Editions

Dell Statistica. Statistica Enterprise Server Installation Instructions

CRM Connect. Hosted VoIP Services. Administrator Guide. Document Version 1.3. GCI Ltd. Global House. 2 Crofton Close. Lincoln. Lincolnshire LN3 4NT

Oracle Hospitality Simphony Post-Installation or Upgrade Guide. Release 18.2

Oracle Hospitality ecommerce Integration Cloud Service Security Guide Release 18.1 E

Pelco Video Server 2.7 / Software House C CURE 9000 v2.7 Troubleshooting Guide C5638M-F 10 / 2018

Selecting Software Packages for Secure Database Installations

StoragePoint. Selective Restore Manager Guide. Publication Date: Thursday, December 29, 2016

StoneGate IPsec VPN Client Release Notes for Version 4.3.1

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

Reseller Portal System Administrator

DefendX Software Control-Audit for EMC Installation Guide

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

DOCUMENTATION MICROSOFT EXCHANGE INDIVIDUAL BRICK LEVEL BACKUP & RESTORE OPERATIONS

NTP Software File Auditor for Hitachi

Diagnostic Manager Advanced Installation Guide

WorldExtend Environment Preparation Guide

KYOCERA Net Admin Installation Guide

Release Notes for Avaya Proactive Contact Supervisor

NTP Software Defendex (formerly known as NTP Software File Auditor) for NetApp

Call Center Management Information System CC MIS Getting Started Guide (Supervisor Interface)

Adept 8/8.1 System Requirements

Version Installation Guide. 1 Bocada Installation Guide

Integrated Management 5.2 Administration Tools Release Notes Service Pack 2

Centrix WorkSpace Discovery Installation Guide. Version 1.0

Oracle Hospitality e7 Point-of-Sale Release Notes. Release 4.2

An Oracle White Paper September Security and the Oracle Database Cloud Service

Deltek Costpoint Enterprise Reporting 6.1. Installation Guide for New Users

Device Set-Up. User s Guide

Version 3.0. Features & Recommendations A02005C

SOFTWARE SETUP GUIDE DIGITAL MULTIFUNCTIONAL SYSTEM

StoneGate SSL VPN Release Notes for Version 1.3.2

MediTutor Rehabilitation Software. Installation guide Professional edition Ver. 5.x

Insbridge Enterprise Rating Design Time Reporting Document

McAfee Firewall Enterprise epolicy Orchestrator Extension

DigitalPersona Pro Enterprise

Dashboard / Output Guide

Traverse Intelligent Tracking by PCS. Installation Guide for Traverse.

Avigilon Control Center Server User Guide

Online documentation: Novell Documentation Web site. ( documentation/securelogin70/index.html)

Avaya Aura Session Manager Release 6.1 Release Notes

Safe AutoLogon Password Server

Pre-Installation Guide

FuegoBPM TM Enterprise Process Orchestration Engine Configuration Instructions for a JVM Engine

NTP Software Defendex (formerly known as NTP Software File Auditor) for EMC

One Identity Manager 8.0. Administration Guide for Connecting to Cloud Applications

Polycom Video Edge (PVE ) 1000 Release Notes

Stonesoft Management Center. Release Notes for Version 5.6.1

Integrate Viper business antivirus EventTracker Enterprise

PerTrac Analytical Platform SQL Version Network Setup Guide (Version 7.2)

PageScope My Print Manager Ver. 1.0 Administrator s Guide

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

Using ifix EGD I/O Driver and OPC Server v7.20 with Microsoft Windows XP Service Pack 2 WHITE PAPER

SINGLE SERVER INSTALLATION GUIDE

NTP Software VFM Task Service for NetApp

AvePoint Record Rollback for Microsoft Dynamics CRM

APP NOTES Onsight Connect Network Requirements

IntelliTrack DMS (Data Management System) v8.1 Quick Start Guide Preliminary Copy (July 2011) Copyright 2011 IntelliTrack, Inc.

Transcription:

C CURE 9000 Version 1.93 SSLF and EC Secure Configurations on Windows XP and Windows Vista with C CURE 9000 REVISION F0 6 Technology Park Drive Westford, MA 01886-3140 http://www.swhouse.com Fax: 978-577-4392 Phone: 978-577-4000

C CURE and Software House are registered trademarks of Tyco International Ltd. and its respective companies. The trademarks, logos, and service marks displayed on this document are registered in the United States [or other countries]. Any misuse of the trademarks is strictly prohibited and Tyco International Ltd. will aggressively enforce its intellectual property rights to the fullest extent of the law, including pursuit of criminal prosecution wherever necessary. All trademarks not owned by Tyco International Ltd. are the property of their respective owners, and are used with permission or allowed under applicable laws. Product offerings and specifications are subject to change without notice. Actual products may vary from photos. Not all products include all features. Availability varies by region; contact your sales representative. Software version: C CURE 9000 v1.93 Document Number: UM-076 Revision Number: F0 Release Date: June 2010 This manual is proprietary information of Software House. Unauthorized reproduction of any portion of this manual is prohibited. The material in this manual is for information purposes only. It is subject to change without notice. Software House assumes no responsibility for incorrect information this manual may contain. 2010 Tyco International Ltd. and its respective companies. All rights reserved.

Table of Contents Overview............................................................ 1-1 Windows XP Professional System Requirements.......................... 1-2 Microsoft Windows XP Professional Secure Configuration..................... 1-2 Microsoft Windows XP SSLF and EC........................................ 1-2 Windows Vista System Requirements................................... 1-3 Microsoft Windows Vista Secure Configuration.............................. 1-3 Microsoft Windows Vista SSLF and EC...................................... 1-3 Microsoft Windows Vista Limitations....................................... 1-3 Administration Station Configuration Not Saved on Remote Vista Client in an SSLF Environment.............................................. 1-3 Report Preview Can Fail on a Vista Client in an SSLF Domain.............. 1-4 C CURE 9000 Database Privileges...................................... 1-5 Firewall Exceptions....................................................... 1-6 C CURE 9000 SSLF and EC Secure Configurations iii

Table of Contents iv C CURE 9000 SSLF and EC Secure Configurations

Overview This document contains information on any special requirements for the Specialized Security--Limited Functionality (SSLF) or the less restrictive Enterprise Client (EC) environments on the Windows XP Professional operating system (with SP3) and on the Windows Vista operating system (with SP1) with the C CURE 9000 System. NOTE Windows 7 has not been evaluated by NIST. Therefore C CURE 9000 has not been qualified for SSLF and EC on Windows 7. Windows XP Professional users should first refer to and read the Windows XP Security Guide, available online at: http://technet.microsoft.com/en-us/ library/cc163061.aspx. The document provides an overview of secure environments on XP and links to detailed configuration information for both SSLF and EC on Windows XP Professional, SP3. Windows Vista users should first refer to and read the Windows Vista Security Guide, available online at: http://technet.microsoft.com/en-us/library/ bb629420.aspx. The document provides an overview of secure environments on Vista and links to detailed configuration information for both SSLF and EC on Windows Vista, SP1. SSLF and EC environments do not require any changes to the C CURE 9000. Certain TCP/UDP firewall ports are required to be open for communication, which is allowed by the SSLF and EC specification since they are needed for hardware to function. Several programs, most notably ICU and _mprosrv.exe need to be added to the Windows firewalls exceptions. SSLF is supported under Windows XP Professional for both client and server, and on Vista for client only. Not supported with SSLF or EC is istar dialup because remote access service (RAS) is required for istar dialup, and RAS is specifically disabled by SSLF. C CURE 9000 SSLF and EC Secure Configurations 1 1

Windows XP Professional System Requirements Windows XP Professional System Requirements Microsoft Windows XP Professional Secure Configuration Details on the configuration and links to Microsoft implementation guidelines are available on the NIST site at http://csrc.nist.gov/itsec/ download_winxp.html. Microsoft Windows XP SSLF and EC There are two preset secure configurations of Microsoft Windows XP Professional: Specialized Security -- Limited Functionality (SSLF) and the less restrictive Enterprise Client (EC). Details on these configurations and links to Microsoft implementation guidelines are available at the following Microsoft and NIST sites: http://technet.microsoft.com/en-us/library/cc163061.aspx http://csrc.nist.gov/itsec/download_winxp.html. The SSLF and EC environments with the C CURE 9000 system are currently supported on Windows XP Professional only, and are supported for both client and server. The C CURE 9000 system may be installed before or after configuring XP. 1 2 C CURE 9000 SSLF and EC Secure Configurations

Windows Vista System Requirements Windows Vista System Requirements Microsoft Windows Vista Secure Configuration Details on the configuration and links to Microsoft implementation guidelines are available on the NIST site at http://csrc.nist.gov/itsec/ guidance_vista.html. Microsoft Windows Vista SSLF and EC There are two preset secure configurations of Microsoft Windows Vista: Specialized Security -- Limited Functionality (SSLF) and the less restrictive Enterprise Client (EC). Details on these configurations and links to Microsoft implementation guidelines are available at the following Microsoft and NIST sites: http://technet.microsoft.com/en-us/library/bb629420.aspx http://csrc.nist.gov/itsec/guidance_vista.html. The SSLF and EC environments with the C CURE 9000 system are currently supported on Windows Vista for client only. The C CURE 9000 system may be installed before or after configuring Vista. Microsoft Windows Vista Limitations Testing has found the following two limitations to the use of Windows Vista with C CURE 9000. Administration Station Configuration Not Saved on Remote Vista Client in an SSLF Environment If you try to use Client Configuration (right-click Admin Client tray icon and select Configure) to change the server that a remote client connects to, then click Save and Close, your change is not saved in an SSLF environment. C CURE 9000 SSLF and EC Secure Configurations 1 3

Windows Vista System Requirements Workaround: An administrator with proper security permissions should open the Admin Workstation Config File (SWHSystem\Client\SoftwareHouse.NExtGen.Client.AdminWorkstation.ex e.config) in Notepad and change the server IP or name manually. The text to change is indicated in bold below: <client> <endpoint name="clientsession" address="net.tcp://servername:8999/ CrossFire/IClientSession" binding="nettcpbinding" bindingconfiguration="servicebinding" contract="softwarehouse.crossfire.common.clientinterfacelayer.iclie ntsession"></endpoint> <endpoint name="clientstream" address="net.tcp://severname:8997/ CrossFire/IClientStream" binding="nettcpbinding" bindingconfiguration="streambinding" contract="softwarehouse.crossfire.common.clientinterfacelayer.iclie ntstream"></endpoint> </client> Report Preview Can Fail on a Vista Client in an SSLF Domain If you try to preview a Report or Report Form on a Vista Client in an SSLF Domain, you may experience the following error: "Object Reference not set error". This error occurs because C CURE 9000 Reporting utilizes Isolated Storage, which does not support the FIPSAlgorithmPolicy. Workaround: You can use either an XP client or a non-sslf Vista client to preview the report. Alternatively, you can change the registry setting for fipsalgorithmpolicy to 0, as follows: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa ] "fipsalgorithmpolicy"=dword:00000000 1 4 C CURE 9000 SSLF and EC Secure Configurations

C CURE 9000 Database Privileges C CURE 9000 Database Privileges In order to create the C CURE 9000 database, the user performing the installation must have local admin rights on the SQL Server machine. Having local admin rights gives the user full access to the SQL Server database. The default operation of the application is that the Windows domain user who runs the C CURE 9000 service is the owner of all three C CURE 9000 databases (SWHSystem, SWHSystemAudit, and SWHSystemJournal). In this default situation, the user/owner has full privileges on the databases. However, it is possible to restrict access to the minimally-permissible. At a minimum, the user needs the following roles in order to execute the related tasks: Table 1-1: Admin Roles Needed Task Required Role(s) Target Databases General Editing and Viewing db_datareader db_datawriter SWHSystem SWHSystemAudit SWHSystemJournal Database backup db_backupoperator SWHSystem SWHSystemAudit SWHSystemJournal Log Message Management db_datareader db_datawriter SWHSystem db_owner SWHSystemAudit SWHSystemJournal For log message management, the db_owner role can be secured by denying all permissions on the audit and journal databases except for the following: Alter Alter Schema Connect Backup log C CURE 9000 SSLF and EC Secure Configurations 1 5

C CURE 9000 Database Privileges Checkpoint Create default Create function Create table Select Delete Insert Update Execute Firewall Exceptions The following exceptions may need to be added to the Windows Firewall. Exceptions can be made for particular ports and for executables which use dynamically-assigned ports. To add an exception: 1. Start > Settings > Control Panel > Windows Firewall. 2. Set the firewall On. On the Exceptions tab, select either Add Port or Add program. The opening in the network can be limited to particular machines on the network by selecting Change scope. Port Description Exception Type Location 8999 Base Address of the CrossFire Service TCP Server 8989 Base Address of the Client TCP Server 8998 Base Address of HTTP TCP Server 8997 Base Address of Client Stream Port TCP Server 8995 Trace Viewer URI TCP Server 8985 Base Address of Driver Service TCP Server 8005 System Trace URI TCP Server 1 6 C CURE 9000 SSLF and EC Secure Configurations

C CURE 9000 Database Privileges Port Description Exception Type Location 8006 Remote Hardware Interface List URI TCP Server 5000 a Base TCP Port for ISC TCP Server 5001->5003 ISC Ports TCP Server 5000 a IntellexAPI Base Address TCP Server 5001 IntellexAPI Live Port TCP Server 5003 IntellexAPI Alarm Port TCP Server 2600 ApC Driver TCP Server 2800 istar Driver TCP Server 2801 istar Fast Download Port TCP Server 2803 istar Encryption Port TCP Server 5025 ISC Point Change Port UDP Server 5026 ISC Version Attendance Port UDP Server 28010 istarex Communications TCP Server 28001 istarex Fast Download Connection TCP Server 28002 istarex Fast Image Download TCP Server SoftwareHouse.Crossfire.Server.exe Program Server ICU.exe Program Server 80 IIS TCP Server 1433 Sql Server TCP DB server 1433 Sql Server UDP DB server 1434 Sql Server UDP DB server 1521 Oracle listener TCP DB server SoftwareHouse.NextGen.Client.AdminWorkstation.exe Program Client SoftwareHouse.NextGen.Client.MonitoringStation.exe Program Client a. These work fine, using the same port address. C CURE 9000 SSLF and EC Secure Configurations 1 7

C CURE 9000 Database Privileges 1 8 C CURE 9000 SSLF and EC Secure Configurations

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback