ConnectPort LTS features
Security features in Digi devices
This section covers ConnectPort LTS security features.
Secure access and authentication
Security features include the following:
Provide customized permissions controls to locally defined users. The local definitions apply
n
irrespective of whether Radius is used for authentication.
Unique default password for each device.
n
Issue passwords for device users.
n
Selectively enable/disable network services such as ADDP, RealPort, Encrypted RealPort,
n
HTTP/HTTPS, LPD, remote login, remote shell, SNMP, telnet, and Secure Shell (SSH).
Control access to inbound ports.
n
Secure sites for configuration: HTML pages for configuration have appropriate security.
n
Control user and user group access permissions. These permissions control user access to
n
various features and the level of control they have over them (view settings or change
settings).
Enable secure remote login through Remote Authentication Dial-In User Service (RADIUS) and
n
Lightweight Directory Access Protocol (LDAP).
Encryption
Encrypted RealPort offers encryption for the Ethernet connection between the COM/TTY port and the
ConnectPort LTS product. Encryption prevents internal and external snooping of data across the
network by encapsulating the TCP/IP packets in an SSL connection and encrypting the data using the
Advanced Encryption Standard (AES) security algorithm.
Encryption methods are as follows:
Strong TLS V1.0/V1.2-based encryption:
n
DES (58/64-bit)
l
3DES (168/192-bit)
l
AES (128/156/192/256-bit)
l
SNMP security
SNMP security options include:
You can configure SNMP set commands to use SNMP read-only. Digi recommends changing the
n
public and private community names to prevent unauthorized access to the Digi device
(SNMPv1/v2c).
You can use SNMPv3 support for enhanced security through SNMP.
n
Digi ConnectPort LTS User Guide
Security features in Digi devices
18