Table of Contents
Advertisement
G. ZoneRanger Technician Access
Even with all of the ZoneRanger audit, logging, and diagnostic capabilities, there may be rare times
when Tavve Support must access a ZoneRanger at the operating system level to diagnose problems.
To enable access to a ZoneRanger while preserving ZoneRanger security, ZoneRanger provides a highly
secure technician access method. The process of establishing technician access follows:
1. The customer sets up terminal access directly to the ZoneRanger.
2. The technician logs in using the terminal access
ZoneRanger Installation and Configuration Guide.
Note: The user ID for terminal access is always
. You should change this password as soon as initial configuration is finished.
setup
Note: The MAC address of the ZoneRanger that is displayed at the top of the Main Menu
screen. Users must communicate this MAC address to Tavve Support personnel so that a time-
limited, secure passcode can be generated. This passcode can only be used on the ZoneRanger
having the matching MAC address, and only for a limited time after the passcode is generated.
Technician access passcodes are generated at Tavve, using a custom application that encrypts
and digitally signs the resulting passcode.
3. The customer enters the keyword
4. At the passcode prompt, the customer enters the provided passcode.
5. After a valid passcode is entered, a shell prompt appears. The customer then has operating
system level access to the ZoneRanger. This level of access remains active until the technician
access session is exited.
ZoneRanger technician access security
The ZoneRanger technician access mechanism, though cumbersome, was designed according to the
following principles:
•
Technician access can only take place with the cooperation of both the ZoneRanger owner
and Tavve Support.
ZoneRanger owners cannot use technician access without contacting Tavve Support.
Technician access is possible only when using a passcode generated by Tavve Support, for
a ZoneRanger having a specific MAC address, and for a specific time period.
•
Technician access passcodes are highly secure.
The passcodes are very difficult to break, are valid only for a ZoneRanger having a specific
MAC address, and only for a specific time period. Technician access passcode generation
and verification is based on public key encryption technology. The passcode is generated
using a private key known only to Tavve and verified using the corresponding public key
that is configured in all ZoneRangers. Passcodes generated by Tavve Support are very long
and very secure.
In the unlikely event that an attacker or another ZoneRanger owner were able to obtain a
technician access passcode and access the configuration menu, the attacker could not use the
passcode on other ZoneRangers, or at any time outside the valid passcode period.
Configuration access is difficult because it requires physical to a ZoneRanger, and knowledge
of the configuration password for the ZoneRanger.
ZoneRanger 5.5 User's Guide
user ID and password, as described in
setup
, and the initially configured password is
setup
at the main screen.
technicianaccess
374
Hide quick links:
Advertisement
Table of Contents
