IDR Series Security Configuration Guide

1. General Information

Windows® XP Embedded has various security methods to block viruses and unauthorized invasion from network; Internet Connection Firewall, TCP/IP Filtering, Local Security Policy, IP Security Policy (IP SEC), and so on. IDR Series based on Windows® XP Embedded are also able to use these security methods, and they are a reliable solution to make your system safe from unexpected disasters. Here are the instructions to enable the most useful security functions for IDR Series.

2. To enable Internet Connection Firewall (ICF)

1. Open Network Connections (Click Start > click Control Panel > then double-click Network Connections.)
   
   
   
2. Click to select the Internet connection that you want to protect; Local Area Connection $ or My Network. Right-click on the connection that you want to protect and then click Properties.
   
   
   
   
3. On the Advanced tab, under Internet Connection Firewall, select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box, and click Settings.
   
   
4. On the Services tab, select Web Server (HTTP), and click Add.
   
   
   
5. Fill the textboxes; Description of services may be filled with any string you want. Name of IP address must be filled with "localhost". External (Internal) Port number for the service should be filled with all of the following port numbers: 8016, 8017, 8020, 8201, 8300, 8301, 8302, 8303, 8304, 8305, 8400, 10019, and click OK.
   
   
   
6. Make sure 4 new Service Settings are added and click OK.
   
   
   
7. On the ICMP tab, select Allow incoming echo request and click OK.
   

3. To configure TCP/IP Filtering

1. Open Internet Connection properties. (Step i, ii from '2. Enable Internet Connection Firewall') ON the General tab select Internet Protocol (TCP/IP) and click Properties.
   
   
   
   
2. Click Advanced.
   
   
   
3. On the Option tab select TCP/IP filerting and click Properties.
   
   
   
   
4. Select Enable TCP/IP Filtering (All adapters). Select Premit Only of each protocol ports. Add port number into TCP Ports list: 80, 8016, 8017, 8020, 8201, 8300, 8301, 8302, 8303, 8304, 8305, 8400, 10019; and click OK.
   
   
   

4. To modify User Right Assignmnet from Local Security Policy

1. Open Control Panel > Administrative Tools > Local Security Policy.
   
   
   
   
2. Select User Rights Assignmnet of the Security Settings tree.
   
   
   
3. Double-click Access this computer from the network.
   
   
   
   
4. Remove user accounts and user groups from the list except for Administrators, click OK.
   
   

5. Additional Information

1. After the ICF and TCP/IP Filtering are enabled, you can't access Internet with domain name but only IP addresses are allowed. Therefore, you must use IP addresses instead of domain names to configure an e-mail server address on SmartGuard.
   
   
   
   
   
2. TCP/IP Filtering function is only available on Local Area Connection #.