Comtrol DeviceMaster LT User Manual page 48

Understanding Security Methods and Terminology
Term or
Issue
TLS
(Transport
Layer
Security)
Secure Data
Mode
Secure Config
Mode
Secure Monitor
Data Mode via
Telnet
Man in the
Middle attack
How Public
and Private
Key
Cryptography
Works
48 - DeviceMaster LT Security
Transport Layer Security (TLS) is a protocol that ensures privacy between
communicating applications and their users on the Internet. When a server
and client communicate, TLS ensures that no third party may eavesdrop or
tamper with any message. TLS is the successor to the Secure Sockets Layer
(SSL).
TLS and SSL are not interoperable. The TLS protocol does contain a
mechanism that allows TLS implementation to back down to SSL 3.0.
TCP connections that carry data to/from the DeviceMaster LT serial ports are
encrypted using SSL or TLS security protocols. See
and Configure/Enable Security Features Overview
information.
Unencrypted access to administrative and diagnostic functions are disabled.
See Security Modes on Page 51 and
Overview on Page 58 for more information.
Allows monitoring of a single serial port on the DeviceMaster LT while the
port is configured for Secure Data Mode. For more information see, the Enable
Monitoring Secure Data via Telnet option on Page 59.
A man in the middle attack is one in which the attacker intercepts messages
in a public key exchange and then retransmits them, substituting his own
public key for the requested one, so that the two original parties still appear to
be communicating with each other.
The attack gets its name from the ball game where two people try to throw a
ball directly to each other while one person in between them attempts to catch
it. In a man in the middle attack, the intruder uses a program that appears to
be the server to the client and appears to be the client to the server. The attack
may be used simply to gain access to the message, or enable the attacker to
modify the message before retransmitting it.
In public key cryptography, a public and private key are created
simultaneously using the same algorithm (a popular one is known as RSA) by
a certificate authority (CA).
The private key is given only to the requesting party and the public key is
made publicly available (as part of a digital certificate) in a directory that all
parties can access.
The private key is never shared with anyone or sent across the Internet. You
use the private key to decrypt text that has been encrypted with your public
key by someone else (who can find out what your public key is from a public
directory).
Thus, if User A sends User B a message, User A can find out User B's public
key (but not User B's private key) from a central administrator and encrypt a
message to User B using User B's public key. When User B receives it, User B
decrypts it with User B's private key. In addition to encrypting messages
(which ensures privacy), User B can authenticate User B to User A (so User A
knows that it is really User B who sent the message) by using User B's private
key to encrypt a digital certificate. When User A receives it, User A can use
User B's public key to decrypt it.
Explanation
Security Modes
on Page 58 for more
Configure/Enable Security Features
DeviceMaster LT User Guide: 2000586 Rev. B
on Page 51