Netlinx Security Within The Web Server - AMX NetLinx NI-3101-SIG Operation/Reference Manual

NetLinx Security within the Web Server

NetLinx Masters incorporate built-in security for HTTPS and Terminal sessions (enhanced with SSL and
SSH respectively), ICSP data verification/encryption, and Server Port configuration. By using both SSL
certificate verification and encryption over a secured HTTP (HTTPS) connection, this version of
NetLinx firmware provides users with a more convenient web-based method of securing both the Master
and its data communications. Additional features in this release are the use of both authentication
protocols and the ability to perform online NetLinx Diagnostics via the web server.
Terminal setup and security configuration are still valid and supported in this build of the NetLinx
Master firmware.
This NetLinx Web Server is used to power Master security, data encryption, and SSL certificate/
encryption features on current AMX Masters such as the ME260/64 and NI-Series of Controllers. This
web server not only provides username and password security for the target Master, but also a new level
of secure encryption for ICSP data communication among the various AMX software and hardware
components. New security features for the Masters include:
The first layer of security for the Master involves prompting a user to enter a valid username and
password before gaining access to a secured feature on the target Master. This data is pre-configured by
the administrator within the Group and User Level pages of the Security section. If an option is enabled
within the System Security page, a user is prompted to enter a valid username and password before
gaining access to the corresponding feature. This access is only granted if their information matches a
previously created profile assigned sufficient rights for that action. An already logged in user can enter a
new profile by using the Login field to enter a new profile's
username and profile.
The second layer of security uses a combination of secure HTTP (HTTPS) communication and SSL
encryption to secure data being transferred from the web server application and the target Master.
To ensure this higher degree of security on the Master, an administrator can disable the HTTP Port
access, enable HTTPS Port access (both from within the same Manage System > Server page), and then
alter the level of encryption on the current SSL Certificate to meet their security needs.
NI-3101-SIG Signature Series NetLinx Integrated Controller
Enhanced Username and Password requirements
HTTPS and SSL certificate interaction
Use of a pre-installed AMX SSL certificate
ICSP communication and encryption
This username and password information is also used by both G4 touch panels (within the
System Connection firmware page) and AMX software applications such as NetLinx Studio v
2.4 (via the Master Communications dialog) to communicate securely with a Master using
encrypted communication.
SSL (Secure Sockets Layer) is a protocol that works by encrypting data being transferred over
an HTTPS connection. URLs that require a secure connection begin with https: instead of
http: (in the browser's Address field). These security capabilities are configured to function
via a web session within your browser. The encryption level (64 or 128-bit) achieved over the
HTTPS Port is done via the SSL Certificate currently in use on the target Master. Whereas
SSL creates a secure connection between a client and a server, over which any amount of data
can be sent securely, HTTPS is designed to transmit individual messages securely. Therefore
both HTTPS and SSL can be seen as complementary and are configured to communicate over
the same port on the Master.
NetLinx Security within the Web Server
41