References
This document provides essential technical reference information for deploying and securing BioStar X. Find network port configurations, recommended security settings, and key compliance requirements at a glance. Refer to the external resources section for additional support and detailed guidelines.
Default BioStar X network ports
| Service | Purpose | Default Port(s) | Notes / Recommendations |
|---|---|---|---|
| Unified Gateway Service | HTTPS (system access) | 443 | Default for admin/operator login. Changeable via Service Manager → Service Settings. |
| Core Web Service | HTTPS (internal UI) | 5002 | Prefer proxied to 443; restrict direct access. |
| CloudNgrok | 52000 | Disable if not required. | |
| Thrift RPC | 9310 | Restrict to trusted services. | |
| Core Service | WebSocket | 9002 | Internal only. |
| FastCGI | 9000 | Should be bound locally. | |
| API | 9010 | Secure with TLS & authentication. | |
| Coordinator Service | Client Communication | 21810 | Internal only. |
| Main Server | TCP Server | 51212 | Plaintext device comms — block if possible. |
| SSL Server | 51213 | Preferred device comms (TLS). | |
| gRPC | 51219 | Internal service comms only. | |
| Cache Service | Client | 10800 | Equivalent to Redis — do not expose externally. |
| Communication | 47500 | Internal only. | |
| Discovery | 47100 | Internal only. |
Default security features in BioStar X
| Feature | Location in UI | Default | Recommendation |
|---|---|---|---|
| Change default admin login ID & password | User → Edit Default Admin (UID:1) | admin / installer PW | Change immediately after install. |
| Access separation (roles) | User → Select a user → Permission → Account Level | Predefined: Administrator, User Operator, Monitoring Operator | Create custom roles as needed. |
| Password strength policy | Settings → System → Security → Login Password → Password Level | Medium | Set to Strong, enforce MFA. |
| Session security (Simultaneous connection) | Settings → System → Security → Session Security → Simultaneous Connection Allow | Active | Set to Inactive to prevent shared logins. |
| Multi-factor authentication | User → Select a user → Permission → Multi-Factor Auth for Login | Not Use | Enable for Administrator, User Operator, Monitoring Operator accounts. |
| Secure communication with device | Settings → System → Security → Advanced Security Settings → Secure communication with device | Not Use | Enable + use SSL port (51213). |
| Device hashkey management | Settings → System → Security → Advanced Security Settings → Device Hashkey Management | Not Use | Enable for tamper protection in high-security deployments. |
| System Backup | Settings → System → System Backup | Manual | Enable Automatic System Backup. |
| Directory Integration | Settings → System → Directory Integration | Not Configured | Integrate with Entra ID or Active Directory where available. |
| Log settings (Retention & Levels) | Settings → System → Server → Server | System log storage duration: 60 days System log level: Info | Adjust per compliance. Forward to SIEM. |
| Encrypt personal data on database | Settings → System → Security → Advanced Security Settings → Encrypt Personal Data on Database | Not Use | Enable in production. |
| Store visual face image | Settings → System → Server → Expert Settings → Store Face Image | Use | Disable unless justified. |
Compliance mapping (quick view)
| Security Control | Supports Compliance Areas |
|---|---|
| Database encryption (PII, biometrics) | GDPR, CCPA, ISO 27001 |
| System log retention + forwarding | ISO 27001, PCI-DSS |
| MFA for admin/operator accounts | NIST 800-63, ISO 27001 |
| Secure comms with devices (TLS) | GDPR, ISO 27001 |
| Backup & restore capability | ISO 27001, SOC 2 |
| Directory integration (Entra ID / Active Directory) | SOX, ISO 27001, SOC 2 |