ICDM-RX/TCP Installation and Configuration Guide
ICDM-RX/TCP Security Features
6.3. ICDM-RX/TCP Security Features
The following subsections provide information about ICDM-RX/TCP security features.
6.3.1. Secure Data and Secure Config Modes
The ICDM-RX/TCP supports Secure Data and Secure Config modes.
SSL encryption for serial port data streams for both NS-Link and SocketServer. Secure
Data mode:
•
Requires SSL encryption of TCP connections to SocketServer (Ports 8000, 8001, 8002,
and so forth).
•
Disables UDP access to SocketServer.
•
Disables RFC1006 (ISO-over-TCP) access to SocketServer.
Secure Data
•
Disables MAC-mode access to serial ports. MAC mode admin and ID commands are
still allowed.
•
Requires SSL encryption of NS-Link TCP connections (Port 4606). Not directly
supported by NS-Link drivers for Windows and Linux. The Linux driver has been tested
using stunnel, but manual setup is required.
•
Requires SSH instead of telnet connection to the diagnostic log (TCP Port 4607).
•
Two values for http READ and WRITE commands: A2: Enable.
Encrypts/authenticates configuration and administration operations (web server, IP settings,
load SW, and so forth.). Secure Config mode:
•
Disables MAC mode admin commands except for ID request†.
•
Disables TCP/IP admin commands except for ID request†.
Secure Config
•
Disables telnet console access (Port 23)†.
•
Disables unencrypted http:// access via Port 80.
•
Disables e-mail notification and SNMP features.
•
Two values for http READ and WRITE commands: A3: Enable.
† Affects both RedBoot and SocketServer/NS-Link applications.
Security Mode Information
55