Appendix B: Security Considerations; Security Practice; Factors Affecting Security - Lantronix SLC8 Manager User Manual

Appendix B: Security Considerations

The SLC console manager provides data path security by means of SSH or Web/SSL. Do not
assume that you have complete security, however. Securing the data path is only one way to
ensure security. This appendix briefly discusses some important security considerations.

Security Practice

Develop and document a Security Practice. For example, the Security Practice document should
state the rules to maintaining security. For example, do not leave sessions open or advertise
passwords because these actions could compromise SSH and SSL. Or, do not speculate about
the facility and network infrastructure with reference to how vulnerable the CAT 5 wiring is to
tapping.

Factors Affecting Security

External factors affect the security provided by the SLC device, for example:
Telnet sends the login exchange as clear text across Ethernet. A person snooping on a subnet

may read your password.
A terminal to the SLC console manager may be secure, but the path from the SLC device to

the end device may not be secure.
With the right tools, a person having physical access to open the SLC console manager may

be able to read the encryption keys.
There is no true test for a denial-of-service attack; there is always a legitimate reason to

request a storm. A denial-of-service filter locks out some high-performance automated/
scripted requests. The SLC device always attempts to service requests and does not filter out
potential denial–of-service attacks.
SLC™ Console Manager User Guide 265