...
There are four optional features in the BrightSign Unit Setup window that affect the overall security of the player:
A. The Diagnostic Web Server: The Diagnostic Web Server responds to requests sent to the IP address of the player, allowing a user who meets the username and password requirements to retrieve information about the player and send system commands to it (reboot, enter recovery mode, test video resolution, etc.).
B. Local Web Server: The Local Web Server responds to requests sent to the IP address of the player at port 8080. By default, this option also enables the device webpage at port 8008, which can optionally be disabled by navigating to File > Presentation Properties > Variables. The device webpage allows users on the local network to alter User Variables, which are numerical values within the presentation that extend the interactive capabilities of a player.
C. Local File Networking: Among the three networked methods for publishing content to a player, only Local File Networking can facilitate problems with network security. A player configured to use Simple File Networking or the BrightSign Network will send content update requests to a remote server based on internal conditions and intervals that are specified during the setup process: A player with one of these configurations will not respond to outside requests. A player that uses Local File Networking, on the other hand, is configured to respond to connection and content-update requests from local servers.
D. Simple File Networking – Basic Authentication: If you configure a player for Simple File Networking with user name and password authentication parameters, the player will use digest access authentication by default. This will prevent replay attacks and other attempts by third parties to read authentication packet data sent to the server. If you check the Enable basic authentication box, the player will send the user name and password as plaintext data. This option makes the player compatible with certain server authentication systems, but also makes intercepted packets very easy to read.
Other network settings that are configurable during the player setup process—such as proxy setup, wireless configuration, DHCP vs. manual IP—do not negatively affect the security of a player.
| Note | ||
|---|---|---|
| ||
For a full description of all the options in the Unit Setup window, please see the Setting up BrightSign Players section. |
.png?version=1&modificationDate=1459549686000&cacheVersion=1&api=v2&width=700)
High Security
Follow these steps during the BrightAuthor unit setup process to ensure the player has a high level of resilience to outside attacks.
...
- Enable the Diagnostic Web Server: Without password protection, the Diagnostic Web Server will be accessible by anyone on the local network at the player IP address.
- Enable the Local Web Server: Anyone on the local network will be able to access the device webpage at port 8008.
- Use Local File Networking: You will be able to use BrightAuthor to publish presentations and update schedules on a player connected to the local network.
- Enable basic authentication: If you are using Simple File Networking, you can enable basic authentication to have the player send the user name and password credentials to the server as plaintext data. This makes Simple File Networking compatible with a greater range of server configurations.