1.   Change Default Passwords

• After Installation, immediately the user must change their default passwords for the sickservice and sickadmin Users.
• Access the PA application homepage, login with the sickservice user, and click the grey circle in the top right corner with the user initials, e.g. "SS" for sickservice. A drop-down menu will appear as seen in the figure below. You can see the Change Password option here.

• Once you click on Change Password, a pop-up window asking for your current and new passwords.
• The password tips indicate that the password should have a minimum of one uppercase and one lowercase character.
• Do all the above steps for the sickadmin user in addition to sickservice.

Note: Special characters and spaces are not allowed to include.

2.    Disable Image Access for Guest Users

• Navigate to the LA configuration page and select Configuration > Software Settings, as indicated in the figure below.

• Select Restrict Image Display from the software Settings page and set it to Disabled, click on Save.

3.   Disable Guest users

• Login to MySQL either through the terminal or through MySQL Workbench.
• Run the following SQL query: UPDATE sick_ap_login.ap_login_settings SET setting_value = 'false' WHERE setting_key = 'isGuestEnabled';

4.   Restrict dashboard Access for Guest users

• To Restrict guest users from accessing the dashboard, Click on Configuration > Dashboard Configuration as shown below.

• Click on Edit option to edit the dashboard.

• A window called “Edit Dashboard” will pop up. In that window, click the “Share With” drop-down, and click the row “Guest Users” to deselect it. Click the Save button.

5.   Restrict Guest User Features

• To disable various features for guest users, open the “Software Settings” page.

• Click on the box below “Guest Access Control” and a check box list should appear.

• Uncheck all features to be restricted from the guest user, and click Save.

6.   Enforce https for user access

• To disable HTTP, go to PA application location select the file services_application.properties and open it in a text editor.

• Locate http.enabled=true in services_application.properties, update it to false, and then click Save.

• Go to services > SICK An Service and restart it once it's completed. After SICK An Service has been restarted, restart SICK An DACQ and SICK An AAP.

7.   Disabling  Insecure Protocols in Media Server

• To disable the use of HTTP and FTP protocols, navigate to the “Windows x64” directory in the installation location, and open the file “sick-bip-is.cfg” in a text editor. Bellow are the sections where protocols are listed; delete the lines for FTP and HTTP, and then restart the Media Server service.

8.   Secure Inter-Service Communication

• Launch the PA application. Go to Configuration and choose Media servers. Click on the ‘+’ icon as shown in below figure.

• In Add Media Server window select HTTPS and click on NEXT button.

• Turn on HTTPS so that the Media Server can communicate with Inter Service. By doing this, data integrity and confidentiality are protected during the safe and encrypted image retrieval process from Media Server.
• To make this change for Media Servers that are already configured, click the “⋮” icon next to the Media Server, and click “Edit”. Click the “Protocol” drop-down and Select HTTPS.