Table of Contents
Advertisement
OTMC 100 Series User Manual
3. Secure your OTMC 100 against unauthorized access.
Display the Security page of the Configuration section (see page 62).
a. Password (Access Control tab): Set up a password and select the Web Interface
authentication enabled option. Click the Change button to save and apply your settings. From
now on, entering the password is required to access the OTMC 100.
b. Insecure HTTP (Access Control tab): By default, password transmission to the OTMC 100 is
performed unencrypted. By deselecting the Insecure HTTP enabled option you can force the
use of the encrypted HTTPS protocol and thus protect your password. Click the Change button
to save and apply your settings.
When accessing the OTMC 100 via HTTPS, an "untrusted connection" message
may appear because the OTMC 100 does not have a valid certificate. To avoid
such messages, it is necessary to provide the OTMC 100 with such a certificate.
Please refer to subsection "Generate Certificate tab" in section "Security
Configuration Page" on page 62 for more detailed information.
c. Protocol restrictions: Disabling services that are not required or used for operation will
minimize potential points of attack and thus make the OTMC 100 safer. Click the corresponding
check box to select or deselect an option. Click the Save button to save and apply your settings.
•
Usually the OMICRON Device Browser is used to find the OTMC 100 in the network.
However, the OMICRON Device Browser may also be used to change the network
configuration of the OTMC 100. To protect your OTMC 100 against unauthorized or
unintentional configuration changes using the OMICRON Device Browser, deselect the
Allow OMFIND network configuration option.
•
If PTP management messages are not used in your network, deselect the Allow PTP SET/
COMMAND management messages option. This will prevent modification of the PTP
settings. Reading the PTP settings is still possible then. In order to completely deactivate the
PTP management interface, deselect the PTP management interface enabled option in the
General Settings tab on the PTP page of the Configuration section (see page 67).
•
If you do not want to use the SNMP management interface to configure the OTMC 100,
deselect the Allow SNMPv2c community write access option.
•
If you want to prohibit standard user/password authenticated access to the OTMC 100 via
secure shell (SSH), deselect the Allow SSH password login option. When deselected,
access via SSH is only possible via key based authentication. This reduces the risk of
unauthorized access to the OTMC 100 through brute force attacks.
The options in the Protocol Restrictions tab of the Security page just enable or
disable protocol options. In order to completely disable a service, open the
Services tab of the Network configuration page.
26
Advertisement
Table of Contents
