Observer GigaStor : Getting started : Hardening your GigaStor
   
Hardening your GigaStor
 
Page Contents
How to change the Windows administrator password
Installing Windows updates and updating virus protection
How to disable NetBIOS
How to disable Windows features
Created: 2016-02-16
Based on your organization’s requirements, in addition to the default security settings, you may need to change various options on the GigaStor, especially for the operating system. This is sometimes called “hardening” the system.
We recommend that you stay current with the Windows Updates and patch your system accordingly. Using common sense, as well as not disabling the default Windows security options, should keep your GigaStor safe from most issues.
To successfully use your GigaStor in a production environment, we recommend the following items. Any processes beyond these will be at your organization’s discretion.
Ports 25901, 443, and 80 must be open to allow Observer Platform communication. See Ports used by Observer Platform v17 and later.
Areca Services (RAID controller). The RAID controller is responsible for writing packet capture data to disk. See GS-2P40-576TGS-2P40-288TGS-8P-576TGS-8P-384TGS-8P-288TGS-8P-192TGS-8P-96TGS-4P-32TGS-4P-16TGSP-8P-9TGSP-8P-6TSSD.
Observer/Apache Web Services. The Apache Web Service is used to serve reports for Observer Apex or Apex Lite.
Lights out Management (LOM). This may be turned off, if desired. See Configuring the Lights Out Management port.
Remote Desktop (RDP). This may be turned off, if desired.
How to change the Windows administrator password
Created: 2016-03-04
The default Windows administrator user has full permissions and cannot be deleted. For these reasons, change this password as soon as possible, and you should use a very strong password.
Caution: Do not forget or lose your new Windows administrator password! It cannot be recovered, and you must reformat the operating system drive. All data on the operating system drive will be lost; however, no data on the RAID (D: drive) will be affected or lost.
To change the administrator password:
1. Press Ctrl+Alt+Delete, and then click Change a password.
2. Type the old password, type a new password, type your new password again to confirm it, and then press Enter.
The default user name and password are admin/admin.
 
You successfully changed the administrator password. Your new Windows administrator password is in effect.
 
Installing Windows updates and updating virus protection
Revised: 2016-03-04
From time to time Microsoft releases updates for the operating system used for your probe or your virus protection software vendor updates their virus definitions. You should apply those updates as soon as feasible, however, you should always apply the updates manually.
We do not recommend that you allow Windows to automatically install the updates and restart the system. By manually applying the updates you ensure that the system restarts properly and that the probe starts correctly whether running as a Windows service or as an application.
For your anti-virus software, follow these guidelines:
Ensure TCP ports 25901 and 25903 are open. All Observer Platform products communicate on these ports.
Ensure UDP ports 25901 and 25903 are open if you use Observer Management Server (OMS).
For all probes, disable any scanning of the Observer installation directory (typically C:\Program Files\Observer) and of D: (RAID) drive as scanning greatly diminishes the performance of writing data to disk.
The performance of the operating system may be greatly diminished when using anti-virus software.
Under no circumstance should anti-virus scan the RAID drive (D:).
 
 
How to disable NetBIOS
Created: 2016-03-04
By default GigaStor sends NetBIOS sends name resolution requests to the Internet to resolve host names. You may turn off NetBIOS if this type of name resolution is not needed in your environment.
NetBIOS is part of the operating system and is turned off within Windows.
1. Choose Start > Control Panel > Network and Sharing Center.
2. Select Change adapter settings on the left.
A list of network adapters, including capture cards, is shown.
3. Right-click the management network adapter and choose Properties.
The management adapter is used to get the GigaStor onto your network by giving the appliance an IP address. The management card is not the capture card.
4. On Networking, select Internet Protocol Version 4 (TCP/IPv4) and choose Properties.
The Internet Protocol Version 4 (TCP/IPv4) window opens on the General tab.
5. Click Advanced.
The Advanced TCP/IP Settings window opens.
6. Click WINS and choose Disable NetBIOS over TCP/IP.
Figure 4: Disable NetBIOS over TCP/IP
 
Your GigaStor will stop sending NetBIOS requests. Your firewall or network monitor should be able to confirm this.
 
How to disable Windows features
Created: 2016-03-04
Many Windows features run in the background but are not generally needed for your GigaStor. You may disable the features you deem unnecessary.
Most Windows features are not needed to read or write data to the RAID drives.
1. In Windows Control Panel, choose Programs and Features.
2. On the left, choose Turn Windows features on or off.
Figure 5: Programs and Features
3. Clear any feature you do not want to use.
You must keep Internet Explorer 11! All others may be turned off.
Figure 6: Windows Features
 
Only the Windows features you want to use are remain.