DeviceMaster Installation and Configuration Guide: 2000594 Rev. F DeviceMaster Security - 71
DeviceMaster Security Features
DeviceMaster Security Features
The following subsections provide information about DeviceMaster security features.
Security Modes
The DeviceMaster supports two security modes.
Security Mode Descriptions
Secure Data
SSL encryption for serial port data streams for both NS-Link and SocketServer. Secure
Data mode:
• Requires SSL encryption of TCP connections to SocketServer (Ports 8000, 8001, 8002,
and so forth).
• Disables UDP access to SocketServer.
• Disables RFC1006 (ISO-over-TCP) access to SocketServer.
• Disables MAC-mode access to serial ports. MAC mode admin and ID commands are
still allowed.
• Requires SSL encryption of NS-Link TCP connections (Port 4606). Not directly
supported by NS-Link drivers for Windows and Linux. The Linux driver has been
tested using stunnel, but manual setup is required.
• Requires SSH instead of telnet connection to the diagnostic log (TCP Port 4607).
• Two values for http READ and WRITE commands: A2: Enable.
Secure Config
Encrypts/authenticates configuration and administration operations (web server, IP
settings, load SW, and so forth.). Secure Config mode:
• Disables MAC mode admin commands except for ID request†.
• Disables TCP/IP admin commands except for ID request†.
• Disables telnet console access (Port 23)†.
• Disables unencrypted http:// access via Port 80.
• Disables e-mail notification and SNMP features.
• Two values for http READ and WRITE commands: A3: Enable.
† Affects both RedBoot and SocketServer/NS-Link applications.
To Next Page
Loading...
