Specifications
Copyright © 2009, 2010, 2011 Black Box Network Services
724-746-5500 | blackbox.com 127
Setup
To allow all IP addresses between 192.168.0.0 and 192.168.255.255, type: 192.168.0.0/16
WARNING: If you do not enter your own IP address, then you are locked out of the iCOMPEL when the firewall takes
effect after a reboot. The iCOMPEL will, however, warn you if your IP address is missing from the list.
FTP Service settings
FTP access to the iCOMPEL allows someone to download the content from the iCOMPEL or to upload content that might
be inappropriate. With a working knowledge of the XML interface, they could also alter the Playlists and other settings. FTP
is not a very secure connection since the passwords are sent unencrypted. The advantage of having the FTP service,
however, is that it allows legitimate users to upload multiple content files more quickly than is possible via the HTTP
service.
You may wish to change the FTP port to different port number either to make it more difficult for an attack to succeed, or to
use port redirecting or to comply with corporate security policy. It may also be desirable to have an alternate port available.
The Enable FTP checkbox enables or disables the FTP service.
The FTP Ports entry allows you to specify up to two different ports to accept FTP connections on. The default FTP port is
21.
Once an FTP connection has been made, the two machines make a second connection to each other on a different port
known as the passive port. Some corporate firewalls require that the passive port number fall within a certain range. Some
may require a different passive port number for every iCOMPEL. If this is the case then you must set the range of passive
port numbers in accordance with the corporate firewall.
The Passive Port Range allows an upper and lower port limit to be specified.
It is possible to restrict the rate at which files are transferred to the iCOMPEL via FTP. While this is not a security issue, it
is important to prevent files from being transferred to the iCOMPEL at such a high rate that the video player starts to
stammer.
As a rule of thumb:
If people are likely to be watching the Screen while large files are being transferred to the iCOMPEL, then restrict the
transfer rate to 2500.
If large files are only transferred when no one is watching the screen, then the transfer rate can be much higher, say
10000.
HTTP Service settings
This tab page allows you to select which protocols (HTTP or HTTPS) are allowed to access the iCOMPEL Web user
interface. It is not possible to manage the player without either HTTP or HTTPS.
HTTP is more secure than FTP since the passwords are encrypted. HTTPS is a more secure form of HTTP because
everything is encrypted.
HTTP and HTTPS access is restricted by managing the user account names and passwords. See the User Account
Settings page for more information.
Select either HTTP only, HTTPS only or HTTP and HTTPS from the Supported Protocols drop down menu.
The standard port for HTTP access is port 80 and the standard port for HTTPS access is port 443.
You may wish to change these to different port numbers either to make it more difficult for an attack to succeed, to use port
redirecting or to comply with corporate security policy. It may also be desirable to have one or more alternate ports
available.
SSH Service settings
An SSH connection to the iCOMPEL allows access to the deeper levels of the device. Most users never need SSH, but it is
occasionally essential for support and maintenance purposes so it cannot be disabled. SSH access is restricted by
managing the master iCOMPEL password below.
117