General

Description

In the General settings, you can enable magic files and configure inbound connections.

A Magic File is a script on a USB drive that executes once it is inserted into the system. This function is disabled by default to make sure that magic files are not unknowingly executed on PolyScope.

 

 

Magic Files

Magic files have unrestricted privileges to make system changes, thus they must be considered as a security liability.

 

To enable Magic Files on PolyScope
  1. In the Header, tap the Hamburger menu and select Settings.

  2. Under Security, select General.

  3. Enable Run Magic Files.

Restrict Inbound Connections

The network access has been set to 0.0.0.0/0 has a security setting to ensure that there is no access to the subnet in PolyScope.

 

URCaps may require particular network interfaces to be open in order to function.

  • Consult your URCaps vendor/s, if any of your URCaps require particular network interfaces (ports/services) to be open.

Configuring Inbound Connections

Use Restrict inbound network access to a specific subnet to make sure network connections originating from an IP-address outside the indicated subnet will be refused.

For example:

  • Use 192.168.1.0/24 to only allow access from hosts in the range of 192.168.1.0 – 192.168.1.255.

  • Use 192.168.1.96 to allow inbound access only from this host.

 

  1. In the Header, tap the Hamburger menu and select Settings.

  2. Under Security, select General.

  3. Enter your Admin password.

  4. Enter subnet restrictions under Restrict inbound network access to a specific subnet.

 

Disable Inbound Access

Use Disable inbound access to additional interfaces (by port) to make sure any inbound connection to the designated ports will be refused.

 

  1. In the Header, tap the Hamburger menu and select Settings.

  2. Enter the interfaces to be closed in Disable inbound access to additional interfaces (by port).

Leave the field blank to avoid blocking ports. Any enabled service Services will take precedence over port blocking. Even if a port if blocked in the general security settings, it will be open by an enabled service.

 

Example
  • You can block all ports

    • Use 1-65535 to block all ports.

  • You can block one specfic port

    • You can use port number 564 to block port 564.

  • You can block a range of ports

    • Use ranges to block a specfic range of ports. 2318-3412, 22, 56-67 to block specific ports and specific ranges of ports.