Table of Contents
Advertisement
Email
SNMP
RFC1006
SSH Server
SSL Overview
SSL Authentication
Server
Authentication
DeviceMaster LT User Guide: 2000586 Rev. B
Weakest
yes
yes
yes
yes
yes
yes
†
Enable Monitoring Secure Data via Telnet must be enabled. SSH does not
support port monitoring. You can set the securemon enable option.
admin commands are disabled except for read-only ID command required by
NS-Link to identify the device.
The intention is to allow NS-Link to operate through an SSL connection to Port
4606 while is in Secure Data Mode, and to allow NS-Link to operate through a MAC
connection with Secure Config Mode enabled and Secure Data Mode disabled.
The DeviceMaster LT SSH server has the following characteristics:
•
Requires password authentication – even if password is empty.
•
Enabled/disabled along with telnet access independently of Secure Data and
Secure Config Modes.
•
The DeviceMaster LT uses third-party MatrixSSH library from PeerSec
Networks: http://www.peersec.com/.
DeviceMaster LT SSL provides the following features:
•
Provides both encryption and authentication.
-
Encryption prevents a third-party eavesdropper from viewing data that is
being transferred.
-
Authentication allows both the client (that is, web browser) and server
(that is. DeviceMaster LT) to ensure that only desired parties are allowed
to establish connections. This prevents both unauthorized access and
in-the-middle
attacks on the communications channel.
•
Two slightly different SSL protocols are supported by the DeviceMaster LT,
SSLv3 and TLSv1.
•
The DeviceMaster LT uses third-party MatrixSSL library from PeerSec
Networks: http://www.peersec.com/matrixssl.html.
DeviceMaster LT SSL authentication has the following features:
•
Authentication means being able to verify the identity of the party at the other
end of a communications channel. A username/password is a common example
of authentication.
•
SSL/TLS protocols allow authentication using either RSA certificates or DSS
certificates. DeviceMaster LT supports only RSA certificates.
•
Each party (client and server) can present an ID certificate to the other.
•
Each ID certificate is signed by another authority certificate or key.
•
Each party can then verify the validity of the other's ID certificate by verifying
that it was signed by a trusted authority. This verification requires that each
party have access to the certificate/key that was used to sign the other party's
ID certificate.
Server Authentication is the mechanism by which the DeviceMaster LT proves its
identity.
•
The DeviceMaster LT (generally an SSL server) can be configured by
uploading an ID certificate that is to be presented to clients when they connect
to the DeviceMaster LT.
yes
disabled
yes
disabled
yes
disabled
SSH Server
Strongest
disabled
disabled
disabled
disabled
disabled
disabled
DeviceMaster LT Security - 53
man-
Advertisement
Table of Contents
Troubleshooting
