Security Infrastructure - Crestron UPX-2 Operation Manual

Universal Presentation Processor
Operations Guide – DOC. 6276C
Additional information is available in the MediaMarker help file and the latest
version of the UPX-2 Reference Guide (Doc. 6286).

Security Infrastructure

Since the UPX-2 does not use a traditional hard drive, but rather an image that gets
restored every time the UPX-2 is rebooted, any virus infection is cleared
immediately after a reboot. However, using the currently available tools and
techniques, Crestron has provided an infrastructure that protects against possible
virus infections.
1. Executables/Scripts brought in on external media
The implementation of the UPX-2 series has restrictions on starting any
application or script. The only applications that can be started are those allowed
by Crestron, and these can only be started from the Crestron project.
2. Downloaded Program/Script
Depending on the settings established in the "Embedded Apps" section of the
SETUP MENU, the UPX-2 can have download permissions enabled or disabled.
The only files the browser can open regardless of the security settings are the
files it has plug-ins for, such as PDF, etc.
3. Browser Hijack and Browser vulnerability
Crestron has patched all currently known hijacks and vulnerabilities. Future
updates can be downloaded from the Crestron website.
4. E-mail Viruses
There is no e-mail client installed on the UPX-2. Email-based viruses cannot be
executed.
5. Viruses that attack web/FTP servers
The UPX-2 does not run a web or FTP server. Therefore, it is not listening to
port 21 or 80. The only ports the system listens to are the ports registered to
Crestron.
6. Virus from other machines on the network
Since drives on the UPX-2 can be shared on the network, it is possible that a
virus can write itself to files/folders on these shares. Our recommendation
therefore is to share as "Read-Only," so that viruses cannot attach themselves to
files on the UPX-2.
7. ActiveX and Java
Depending on the settings established in the Embedded Apps section of the
SETUP MENU, the UPX-2 can have ActiveX and Java permissions enabled or
disabled. For more information, refer to "Embedded Apps" on page 37.
NOTE: While browsing the Internet with the UPX-2, clicking on a link may
cause a message box titled "Restrictions" to appear that contains the text "This
operation has been cancelled due to restrictions in effect on this computer.
Please contact your system administrator." If this message appears, checking
Enable Pop-ups in the "Embedded Apps" window may correct this error. Other
restrictions may also cause this error, so this may not prevent all occurrences.
Crestron UPX-2
Universal Presentation Processor: UPX-2 ¥ 65