Omicron Lab OTMC 100 Series User Manual page 26

OTMC 100 Series User Manual
3. Secure your OTMC 100 against unauthorized access.
Display the Security page of the Configuration section (see page 58). Select your configuration
and click the Save button to save and apply your settings.
a. Display the Access Control pane and set the Access field to "Password".
If you set the Access field to "Password" without defining a password, the default
password timeserver will be used.
b. Enter a password to the Change password field and repeat your password in the Confirm
password field. Click the Change button to save and apply your settings. From now on,
entering the password is required to access your OTMC 100.
c. In the Protocol field, select whether you want to allow access via the secure HTTPS protocol
only or via HTTPS and the unsecure HTTP protocol.
By default, password transmission to OTMC 100 is performed unencrypted. By selecting
HTTPS only you can force the use of the encrypted HTTPS protocol and thus protect your
password.
When accessing OTMC 100 via HTTPS, an "untrusted connection" message
may appear because OTMC 100 does not have a valid certificate. To avoid such
messages, it is necessary to provide OTMC 100 with such a certificate. Please
refer to subsection "Generate Certificate pane" in section
page
d. In the Services field, select whether you want to allow access to your OTMC 100 via the web
interface (Web) or the Application Programming Interface API (SOAP) only or via both
interfaces (Web and SOAP).
e. Protocol restrictions: Disabling services that are not required or used for operation will
minimize potential points of attack and thus make OTMC 100 safer.
• Usually OMICRON Device Link is used to find OTMC 100 in the network. However,
OMICRON Device Browser, the predecessor of Device Link may also be used to find
OTMC 100 and to change its network configuration. To protect your OTMC 100 against
unauthorized or unintentional configuration changes using OMICRON Device Browser or
Device Link, deselect the Allow OMFIND network configuration option.
• If you want to prohibit standard user/password authenticated access to OTMC 100 via
secure shell (SSH), deselect the Allow SSH password login option. When deselected,
access via SSH is only possible via key based authentication. This reduces the risk of
unauthorized access to OTMC 100 through brute force attacks.
The options in the Protocol Restrictions pane of the Security page just enable
or disable protocol options. In order to completely disable a service, use the
Services pane of the Network configuration page.
26
on page 58 for more detailed information.
Security configuration
OMICRON