TABLE OF CONTENTS

Security Overview


    Security is a top priority for iRecord and NCATrak. Below is high-level description of how this 

integration is secure.

SSL/HTTPS


• SSL (Secure Sockets Layer) and HTTPS (HyperText Transfer Protocol Secure) encrypt data 

transmitted between a user's browser and a web server, ensuring that sensitive information 

are protected.


• Requires Certificate, more information below.


Cross-Origin Resource Sharing (CORS)


• CORS is a security feature implemented by web browsers that allows a web application 

running at one origin to request resources from a different origin, while preventing 

unauthorized access. 


• It adds security by enforcing policies on the server side to specify which domains are 

permitted to access its resources, thus protecting against cross-site scripting (XSS) 

attacks and data theft.


Content Security Policy (CSP)


• Content Security Policy (CSP) is a security standard that helps prevent a variety of attacks, 

such as cross-site scripting (XSS) and data injection, by allowing web developers to control 

the resources that a user agent can load for a given page. 


• CSP adds security by specifying which sources of content are trusted and permitted to be 

loaded and executed, thereby reducing the risk of malicious content being injected into web 

pages.



SSL Certificate


    In order to utilize the iRecord/NCATrak integration, you must have a SSL certificate that can be 

installed on to the iRecord Web Browser IIS site. There are many options for this depending on the 

type of access you would like to give your users. Certain access may require additional setup on your 

network. If needing remote view access, the private key (.key) and public key (.crt) for the certificate. 

Request the HTTPS guide for more information on remote viewing


End User Access Decision

    Below are the different options and considerations for the type of access you would like to give your 

end users for this integration. Although iRecord and NCATrak cannot create/give you a certificate for the 

website, we are happy to support you and your team through the process and get it installed on the iRecord 

Capture unit once you have it. 


Public Internet: 

    

    Behavior: End users can access NCATrak from anywhere, and the iRecord functionality from anywhere


    Requirements: Trusted Certificate – wildcard or SAN, Public DNS Entry


    Additional Setup: DNS name must be created, Public IP address translation to internal IP address.                                             Firewall changes are likely needed.


Local Network Only:


Behavior: End users can access NCATrak from anywhere, but the iRecord functionality is only 

available on the local network


Requirements: Self sign certificate/key associated with internal hostname/ip address

Additional Setup: certificate key needs to be installed on end user devices


Public Internet, but only employee devices


Behavior: End users can access NCATrak from anywhere, and the iRecord functionality from 

anywhere


Requirements: Self sign certificate/key associated with public DNS name/Public IP address


Additional Setup: Certificate key needs to be installed on end user devices, DNS name must be 

created, Public IP address translation to internal IP address. Firewall changes are likely needed.



Installation Process


Pre-Requisites


iRecord Universe 3.6+ - Minimum iRecord Universe version needed for utilizing the 

integration.


iRecord Web Browser – WSI Technologies can assist with the installation of iRecord Web 

    Browser if needed. 


Customer Owned


Certificate – it is the responsibility of the customer to generate or purchase a certificate. 

NCATrak is available to help with the decision process and collaborate with any additional 

teams


Networking/DNS – Depending on the access type, networking and DNS changes will need 

    to be owned by the customer with the support of iRecord and NCATrak


iRecord


Web Browser Security Implementation – iRecord Support team members will need remote 

access to your iRecord Universe capture device to add the additional security measurements for the integration. This is completely owned by iRecord Support and includes the necessary configuration for CORS and CSP


Binding of the certificate – iRecord Support team will help with binding the certificate to 

the IIS site and updating the remote viewing configuration to utilize your certificate

enabling SSL/HTTPS. If using remote viewing, PFX


Connecting to your NCATrak Instance – After the top two items are complete and 

validated, iRecord support will update backend settings of the web browser connect with 

ncatrak.org


NCATrak


Update administrator settings – configure the iRecord tab features in CAC’s NCAtrak 

environment



SSL Certificate


    An SSL certificate, full path with private key, is required to utilize iRecord Web via HTTPs with Remote 

viewing. Ideally your organization already has a client certificate installed on all user machines that will trust 

the certificate for iRecord or you utilize a widely trusted certificate. Work with your team who manages 

certificates to create a CSR and obtain the certificate that will be configured in IIS. 


    If your organization already has certificates used internally or publicly, such as a wildcard certificate, it 

can be purposed for this functionality. 


    iRecord Support can take the .pfx or .cer version of the certificate and get it configured for iRecord Web 

Browser by binding it in IIS.


Remote viewing


    To utilize remote viewing, iRecord must be given the .key file and a .crt file for the certificate that is 

configured in IIS. These files are needed to securely render the remote viewing subsystem configuration. 

iRecord Helpdesk can take a .pfx and get these created or your team can provide them on the desktop of the 

iRecord Capture Unit for iRecord support to configure. 



800-425-7637 | iRecordInfo@WSI-Tech.com

iRecord.tv | wsi-tech.com