Ssh (Secure Shell) Management - Proxim ORiNOCO AP-4000M User Manual

Introduction
Management and Monitoring Capabilities
Enterprise MIB for more information; the MIB can be opened with any text editor, such as Microsoft Word, Notepad, or
WordPad.
SNMPv3 Secure Management
SNMPv3 is based on the existing SNMP framework, but addresses security requirements for device and network
management.
The security threats addressed by Secure Management are:
• Modification of information: An entity could alter an in-transit message generated by an authorized entity in such a
way as to effect unauthorized management operations, including the setting of object values. The essence of this
threat is that an unauthorized entity could change any management parameter, including those related to
configuration, operations, and accounting.
• Masquerade: Management operations that are not authorized for some entity may be attempted by that entity by
assuming the identity of an authorized entity.
• Message stream modification: SNMP is designed to operate over a connectionless transport protocol. There is a
threat that SNMP messages could be reordered, delayed, or replayed (duplicated) to effect unauthorized
management operations. For example, a message to reboot a device could be copied and replayed later.
• Disclosure: An entity could observe exchanges between a manager and an agent and thereby could learn of notifiable
events and the values of managed objects. For example, the observation of a set command that changes passwords
would enable an attacker to learn the new passwords.
To address the security threats listed above, SNMPv3 provides the following when secure management is enabled:
• Authentication: Provides data integrity and data origin authentication.
• Privacy (a.k.a Encryption): Protects against disclosure of message payload.
• Access Control: Controls and authorizes access to managed objects.
The default SNMPv3 username is administrator, with SHA authentication, and DES privacy protocol.

SSH (Secure Shell) Management

You may securely also manage the AP using SSH (Secure Shell). The AP supports SSH version 2, for secure remote
CLI (Telnet) sessions. SSH provides strong authentication and encryption of session data.
The SSH server (AP) has host keys - a pair of asymmetric keys - a private key that resides on the AP and a public key
that is distributed to clients that need to connect to the AP. As the client has knowledge of the server host keys, the client
can verify that it is communicating with the correct SSH server.
NOTE: The remainder of this guide describes how to configure an AP using the HTTP Web interface or the CLI interface.
For information on how to manage devices using SNMP or SSH, see the documentation that came with your
SNMP or SSH program. Also, see the MIB files for information on the parameters available via SNMP and SSH.
The remainder of the User Guide discusses installing your AP and managing it using the Web and CLI
interfaces only.
IMPORTANT!
AP-4000/4000M/4900M User Guide
16