CICB-Server

Cyber Intel Classification Banner
CICB-Server (S): A central service communicating with CICB-Client (client.exe) and Portal.

Setting Tab

!!! WARNING !!!
DO NOT USE [ ONLINE MODE ] IN SCIF OR SECURE ENVIRONMENT TO AVOID ANY SECURITY VIOLATION.

Online Mode

When it is online, all settings will use the “Server”->”Portal” tab settings.
NOTICE: If the LDAP Sync setting is on, all online mode groups from the software portal will be disabled.

Example Use Case: Let’s say there is a salesman who works for a defense contractor. As a salesman, he needs to walk to different events frequently. During the event, he prepares different sensitive content for different audiences accordingly. With the online mode, the IT administrator can help the salesman update the banner color and text accordingly via the web software portal right before the salesman attends the next event.

Offline Mode / Off-Grid Mode / SCIF Mode

When it is offline, all settings will use the local database settings.

LDAP Sync On

Example Use Case: Let’s say there is a special operations base located in a secret, unknown location. There are 1,000 workstations that are labeled as highly classified within this secret base and labs. There are no internet connections, but there are local area networks. With the offline mode (SCIF mode), the IT administrator can change all banner colors and text via the server over a local area network.

LDAP Mode

 LDAP Sync ModeCombine with Online ModeCombine with Offline Mode/Off-Grid Mode/SCIF Mode
AD/DS | LDAP Sync OnCICB-Client/CICB-Server/PortalCICB-Client/CICB-Server
AD/DS | LDAP Sync OffCICB-Client/CICB-Server/PortalCICB-Client/CICB-Server

LDAP Sync On

When it is on, group settings will sync with the AD/DS server, which is defined in the Server -> LDAP tab.
NOTICE: If this setting is on, all online mode groups from the software portal will be disabled.

Example Use Case: Let’s say there is a national laboratory that has many researchers who are working on multiple research projects. Each researcher may share their workstation with others for a different research purpose. For example, a researcher may use workstation A on a secret-level project and workstation B on another top-secret-level project. since each project has a different classification level. With LDAP Sync On, all banner classification settings will not be attached to the machine but to each researcher/project security group setting. The IT administrator can put one researcher into many security groups, and then link the same security classification level projects to the same security group. The banner will change automatically according to the current sign in the user profile’s security group setting.

LDAP Sync OFF

When it is off, local group settings will be used.

Group

The IT admin can Create/Read/Update/Delete the group. The group also known as a “group of screen settings”, is a container/folder that has multiple screen settings within.

Example Use Case: let’s say a company has developers currently working on two or more projects at the same time. The developer needs to switch projects when he needs to switch gears on a different project. In this case, the IT admin can attach the settings to a group to achieve that goal. When the developer switches the sign-in profile, the attached group will also switch as long as all screen settings are within the group. (LDAP group works as well)

Screen

An IT admin can add up to 12 screens under each group. This means any workstation/VM that is connected to this group will apply the same setting to all screens that connect to that machine/VM, up to 12 screens.

Example Use Case: Let’s use NASA as an example. There are multiple workstations in one mission control center, and each workstation has multiple screens connected to it, each screen needs to be labeled with different colors and text with the Banner.

  • Banner Size
This option allows the IT administrator to change the banner height. Setting it to 0 pixels with "Text Size" set to 0-pt means turning it off.
  • Border Size
This option allows the IT administrator to change the banner border. Setting it to 0-pixel means turning it off.
  • Text Color
This option allows the IT administrator to change the text color.
  • Text Size
This option allows the IT administrator to change the text size in pt. Setting it to 0 pt with "Banner Size" set to 0 pixels means turning it off.
  • Banner Color
This option allows the IT administrator to change the banner color.
  • Heartbeat
This option allows the IT administrator to change the frequency of communication between the client and the server.
  • Center Text
This option allows the IT admin to change the center text of the banner.
  • Right Text
This option allows the IT admin to change the right text of the banner. There are a total of five states:
  • Server Down: when the server is not running.
    • No License: when the server’s license is invalid or expired.
    • Demo: default trial mode.
    • Connecting: when the client banner tries to establish a connection with the server.
    • Group Not Found: when the IT admin points the client banner to an invalid server group.
  • Show Computer Name
This option allows the IT administrator to display the computer name in the top left corner.
  • Show Username
This option allows the IT administrator to display the username in the top left corner.
  • Show IPv4 Address
This option allows the IT administrator to display the IPv4 address at the top of the left corner.
  • Show OS Info
This option allows the IT administrator to display the OS information in the top left corner.
  • Show Device ID
This option allows the IT administrator to display the device ID in the top left corner.
  • Show Group
This option allows the IT administrator to display the group in the top left corner.

Integration Key

This key is for 3rd party software to use to change user groups. This key should be the same for the server, clients, and 3rd-party software as well. (Default value: CISYS)
Notice: This is also the key for both CCM and the server GUI. If you forget the key after you set it up, then you can reset it by deleting the “server.db”, but you will lose all your settings as well.

Example Use Case: Let’s say there is company A that already has a user profile switch script in place. With the integration key, the IT admin can let the banner use pre-defined group screen settings accordingly.

IP Address (aka. Server IP Address)

This IP address is for all clients to connect back to the server. (Default value: 127.0.0.1)

Server Port

All clients’ ports should be the same as this one. (Default Port: 56789)

Example Use Case: Let’s say there is company A that already uses network software and is currently using port 56789 on their server. In this case, the server cannot use the same port again on the same server. The IT administrator can use the server port feature to change the default port to another one, such as 65432, to solve the port conflict issue.
Notice: Server ports should be within the dynamic/private ports range. Using port ranges from well-known or registered ports may cause more port conflicts.

  • Well-Known Ports: 0 through 1023.
  • Registered Ports: 1024 through 49151.
  • Dynamic/Private Ports: 49152 through 65535.

Portal Tab

The “Software Portal” username.
  • User Password
The “Software Portal” password.
  • “Save” Button
Save all “Software Portal” connection settings.
  • Upload Info
Upload and sync new client(s) with the “Software Portal”. This upload information should contain all clients within the local area networks.
  • Download Settings
All settings will download from the “Software Portal” and be pushed to all clients.

LDAP Tab

Setting

  • Connection name
Give a name that the IT admin chooses the connection name as preferred.
  • Host
Active Directory (AD) server FQDN or IPv4
Assume your DNS domain is ldap.abc.com then the Host should be:
e.g. ldap.abc.com
e.g. ldap <format: NetBIOS Name>
e.g. 1.1.1.1 <format: AD server IPv4>
Notice: If the Server is installed on the same AD machine, then put 127.0.0.1 as the Host.
  • Port
Default: SSL 636
e.g. LDAP over SSL (LDAPS) 636
e.g. LDAP over TLS (STARTTLS) 389
  • Base DN
Assume your DNS domain is ldap.abc.com then Base DN should be:
e.g. DC=ldap,DC=abc,DC=com
  • User DN
Assume your DNS domain is ldap.abc.com then the User DN should be:
e.g. user1@ldap <format: username@NetBIOS Name>
e.g. user1@ldap.abc.com <format: username@DNS domain>
e.g. UID=user1,CN=Users,DC=ldap,DC=abc,DC=com
NOTICE: user1 is the username and Users is a user active directory user group.
  • Password
e.g. gQ5ZS90er98H8
  • SSL/TLS
Default SSL
  • Save Setting Button
Save all settings.
  • Test Connection Button
Check the connection status.

NOTICE: The Server is built in LDAP with version 3.

Alarm Tab                                                                                                                             

Type

IT admin can add/delete alarm type. Each type can have many settings.

Example Use Case: let’s say there is a high school. During normal business hours, if there is a gun shooting incident, the IT admin could trigger alarm mode to sound an alarm on every computer that installed the CICB client. The user is not able to use the computer until the IT admin dismisses the alarm. This will use all computer speakers as an external alarm system. This feature can also be used by another 3rd party AI cam system as well.

Setting

  • Message
This option allows the IT admin to add alarm messages, one message per line, and it supports multiple lines of messages.
  • Text Color
This option allows the IT admin to change the alarm text color.
  • Banner Color
This option allows the IT admin to change the alarm banner color.
  • Banner Size
This option allows the IT admin to change the alarm banner size. Setting it to 0 pixels means turning it off.
  • Text Size
This option allows the IT admin to change the alarm text size. Setting it to 0 pt means turning it off.
  • Frequency (warning: high flash frequency may cause seizures)
This option allows the IT admin to change the flash frequency and measure the delay by milliseconds between two flashes.
  • Border Size
This option allows the IT admin to change the border size and unit in pixels. If you want to turn off the border, then set it to 0.
  • Level
This option allows the IT admin to change the alarm level.
Level 1: Only notify the user.
Level 2/3/4: Alert the user with a flash warning message with a sound. These levels will auto-lock the operating system after 30 seconds.
  • Sound
This option allows the IT admin to choose which alert sounds. There is also a "sound" folder inside the client installation path that allows IT admins to put their own alerts in. MP3 sound files. (Server re-launch is required after each new custom .mp3 file is added)
  • Loop
This option allows the IT admin to set the warning sound looping.
  • Save Button
This option allows the IT admin to save all settings.
  • Start Button
This option allows the IT admin to start the alarm mode. All clients will start the alarm mode within 10 seconds.
  • Stop Button
This option allows the IT admin to stop the alarm mode. All clients will stop the alarm mode within 10 seconds.

About Tab

All server-related information will be displayed under this tab.

  • Server ID
  • License
  • Buy License Button
  • Activate License Button
  • Check Update Button

Local Database

The CICB server comes with an auto-backup feature. All backup settings are within the database “server.db” file under “/cicb-installation-path/backup/server.db.backup”. This feature allows the IT admin to restore the “server.db” settings.

Setting Backup

!!! WARNING !!!
RE-INSTALLING WITHOUT A BACKUP WILL CAUSE THE LOSS OF ALL SETTINGS!

When the IT Admin attempts to reinstall CICB software, they can easily create a backup of the server.db file found at “/cicb-installation-path/server.db”.

Memory Usage

One Server instance is required for the server, total usage is about 5MB~10MB.