Important Security Information for System Administrators DX8100 Digital Video Recorder C2641M-B (4/08)
Contents DX8100 Platform Security Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Physical Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Setting the BIOS Supervisor Password . . . . . . . . . . . . . . . . . . . . .
List of Illustrations 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 4 DX8100 BIOS Setup Main Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 New BIOS Password Dialog Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of Tables A B Keyboard Remapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Open Ports on the DX8100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
DX8100 Platform Security Information The DX8100 Series digital video recorder (DVR) is equipped with an extensive set of security measures to provide the user with secure, uninterrupted service. NOTE: While great care has been taken in the design and development of the DX8100 to ensure a secure DVR platform, it is not feasible to protect a system from all internal and external security risks if it is connected to an unsecured network.
Figure 1. DX8100 BIOS Setup Main Screen 3. Use the cursor control keys on your keyboard to move over to the Security tab and select Change Supervisor Password. 4. Press the Enter key on your keyboard. The Enter New Password dialog box opens. 5. Enter a new password for the BIOS Supervisor account. Passwords should be between four to six alphanumeric characters. 6. Press Enter to accept the new password. WARNING: Make sure that you only set the BIOS supervisor password.
Figure 3. Password Confirm Dialog Box NOTE: Remember to write down this password and keep it in a secure place. 9. Press the F10 function key on your keyboard to save and exit the BIOS setup screen. 10. Finalize BIOS changes: • • To accept the BIOS changes and reboot, press the Enter key. To cancel the BIOS changes, press the Esc key and Ctrl+Alt+Delete to reboot the DX8100. Figure 4.
OPERATING SYSTEM SECURITY Upon a successful boot procedure, the DX8100 will automatically load the Windows® 2000 or Windows XP Embedded operating system. These operating systems are specifically tailored for use on the DX8100. It does not have the standard feature set found in the commercially available version of the Windows 2000 or Windows XP Embedded operating system.
Figure 6. Users and Passwords Dialog Box 4. Click the Advanced tab. The Advanced page opens. Figure 7. Advanced Page 5. Click the Advanced button. The Local Users and Groups dialog box opens.
Figure 8. Users and Groups Dialog Box 6. Click Users. Figure 9. User Listing Dialog Box 7. Right-click DX8100ADM and then select the Set Password option from the shortcut menu.
Figure 10. Enter and Confirm New Password The Set Password dialog box opens. Figure 11. Set Password Dialog Box 8. Enter a new password for the DX8100ADM account. Passwords are case-sensitive and should contain a mixture of alphabetic and numeric characters between six and ten characters in length. NOTE: Remember or write down this password and keep it in a secure place. 9. Click OK. The Set Password dialog box closes. 10. Close the Local Users and Groups dialog box and click OK. 11.
To enable the automatic logon feature: 1. Exit the DX8100 application if it is running, and return to the Windows operating system. 2. Click Start > Settings > Control Panel. The Control Panel dialog box opens. 3. Double-click Users and Passwords icon. The Users and Passwords dialog box opens. Figure 13. Users and Passwords Dialog Box 4. Click the check box “Users must enter a user name and password to use this computer.” 5. Click the check box again to deselect it and then click Apply.
WINDOWS XP EMBEDDED: CHANGING THE ADMINISTRATOR PASSWORD To change the Windows XP Embedded DX8100ADM password: 1. Exit the DX8100 application if it is running, and return to the Windows operating system. 2. Click Start > Settings > Control Panel. The Windows Control Panel opens. Figure 15. Users and Passwords Icon in Control Pane 3. Double-click the User Accounts icon. The User Accounts dialog box opens. Figure 16. User Accounts Dialog Box 4. In the accounts list, click the DX8100ADM account.
Figure 17. Changing Your Account Prompt 5. Click “Change my password.” The “Change your password” dialog box opens. Figure 18. Change Your Passwords Dialog Box 6. Enter the new password for the DX8100ADM account and then click the Change Password button. A prompt is not displayed advising you that the password is been changed. Instead, the dialog box closes and the User Accounts “Pick a task” dialog box is redisplayed.
8. To manually log on to the server application: a. Close the User Accounts dialog box, and then restart the DX8100. The logon message dialog box opens. b. Click OK. The Log On to Windows dialog box opens. Figure 19. Log On to Windows Dialog Box c. Enter the new password and then click OK. The DX8100 server application starts. ENABLING AUTOMATIC LOGON The DX8100 can be configured to automatically log on to the server. If the password is changed, this feature is disabled.
Figure 21. Automatically Log On Dialog Box f. In the Password text box, type the new DX8100ADM password. g. In the Confirm Password text box, retype the password again. h. Click OK and then restart the DX8100 server. The unit will restart and automatically log you on to the DX8100 server application. ENABLING CTRL+ALT+DEL Enabling the Ctrl+Alt+Del key combination allows you to open the Windows Task Manager dialog box to perform Windows system administration tasks.
DX8100 SECURITY INTERNET PROTOCOL SECURITY The DX8100 features built-in network security using Internet Protocol Security (IPSec). IPSec facilitates authentication and encryption at the network packet level. IPSec services protect the DX8100 from unwanted or potentially damaging network requests. With IPSec enabled, the DX8100 DVR will not respond to any unsecured communication across the network, whether friendly or malicious. IPSec only blocks unwanted or unauthorized communication flowing to the DX8100.
DX8100 NETWORK PORTS Table B describes the DX8100 ports and their functions. The ports are classified either as user-changeable or fixed. You can assign a userchangeable port a different number. In this case, a port’s number must be assigned within the range of 5000–65535. If a port is assigned out of this range, the system displays a message alerting you that an invalid port number is being used. You cannot assign a different number to a fixed port. Table B.
PASSWORD RECOVERY There are no “backdoor” accounts or alternative access options built into the DX8100 application software. Pelco cannot issue overriding passwords, factory passwords, or other means to bypass the logon requirement of the application program. If the DX8100´s Admin account password is lost or forgotten, there is only one method for resetting the Admin password without completely reinstalling the system from the Recovery CD.
DX8100 System Recovery Procedure This DX8100 recovery procedure is used in two ways: • To recover your DX8100 software using the DX8100 Recovery DVD that is provided with the unit. • To recover your DX8100 Series DVR in case of a catastrophic failure. In this case, this procedure should only be thought of as a last resort endeavor.
RECORDING IP SECURITY SETTINGS 1. Exit the DX8100 application window to the Windows environment. 2. On the taskbar, click Start, and then click Programs > Manage IPSec Policy. 3. Record the status of Enable IP Security Policy: Checked_____ Unchecked_____. 4. Click Cancel to exit. RUNNING THE DX8100 RECOVERY PROCEDURE To reinitialize your DX8100 Series DVR and reinstall all operating system and application software: 1. Insert the DX8100 Recovery DVD into the DVD drive. 2. Do the following: a.
c. In the BIOS setup, go to the Boot tab, select Boot Device Priority, and then press Enter. The Boot Settings page is displayed. Figure 26. Boot Settings Page d. In the Boot Settings page, select Boot Devices Priority, and press Enter. The Boot Device Priority page is displayed. e. In the Boot Device Priority page, press the keyboard plus (+) or minus (–) key until CD/DVD is #1 in the list. Figure 27.
f. Press F10 and then select OK to save your changes and exit. The DX8100 will restart and prompt you by displaying “Press any key to boot from CD.” Figure 28. Selecting OK to Save Changes NOTE: The prompt “Press any key to boot from CD/DVD” appears for only a few seconds; and if missed the unit will not boot from the DX8100 Recovery DVD. g. Press the Space bar. After the DVD finishes loading, one of the following will occur: • If using Windows XP Embedded, the End User License Agreement (EULA) appears.
h. i. Do one of the following: • To accept the EULA, click Accept. The DX8100 Re-Install dialog box opens, displaying the Warning message. Go to step i. • To Cancel the reinstallation process, click Cancel. The DX8100 restarts. Type Yes in the text box to agree to the recovery procedure, and then click Proceed. Figure 30. Warning Message and Recovery Configuration j. Wait while the recovery process starts. Figure 31. Recovery Process Progress Indicator shows Status k.
3. Do the following: a. Enter the BIOS by pressing Delete at the point the Pelco splash screen is displayed. The BIOS Setup opens. Figure 32. BIOS Setup Window b. In the BIOS setup, go to the Boot tab, select Boot Device Priority, and then press Enter. The Boot Settings page is displayed. Figure 33.
c. In the Boot Settings page, select Boot Devices Priority. and press Enter. The Boot Device Priority page is displayed. d. In the Boot Device Priority page, select SATA, and press the plus (+) or minus (–) key until SATA appears first in the list. Figure 34. Boot Device Priority Page 4. Eject the DX8100 Recovery DVD. 5. Press F10, and then select OK to save the changes and exit. The DX8100 will reboot and prompt you to initialize the hard disks for use with the DX8100 database. 6.
• If you are updating an existing system and you want to save previously recorded video, select Recovery on the PDB Group ID box. In this case, all of the boxes should turn yellow and the individual drives should have Used selected. This step will save your recorded video. Figure 36. PDB Initialization Screen with Recovery Active • If you are installing this system for the first time, make sure that Allocation is selected on each of the individual disk drives in the tree.
IMPORTING THE DX8100 DVR SETTINGS 1. Insert the USB key into the front of the unit. 2. Click Edit > Import Setup. 3. Double-click the last drive on the list; this is your USB key. 4. Locate the backup file you previously created, and then click Open. Your previously backed up settings will now be imported into your new installation. NOTE: Allow 60 seconds for the import process to complete before performing step 5. This ensures that all of the DX8100 settings are imported. 5.
C2641M-B (4/08)
PRODUCT WARRANTY AND RETURN INFORMATION WARRANTY Pelco will repair or replace, without charge, any merchandise proved defective in material or workmanship for a period of one year after the date of shipment. Exceptions to this warranty are as noted below: • Five years on fiber optic products and TW3000 Series unshielded twisted pair (UTP) transmission products. • Three years on Spectra® IV products. • Three years on Genex® Series products (multiplexers, server, and keyboard).
Worldwide Headquarters 3500 Pelco Way Clovis, California 93612 USA USA & Canada Tel: 800/289-9100 Fax: 800/289-9150 International Tel: 1-559/292-1981 Fax: 1-559/348-1120 www.pelco.