EndRun Sonoma D12 - Chapter Five - Security; Linux Operating System

To Next Page

To Previous Page

S o n o m a U s e r M a n u a l

"Smarter Timing Solutions"

Chapter

Five

Security

Your Sonoma incorporates several important security features to prevent unauthorized tampering

with its operation. Many of these are standard multiple-user access control features of the underlying

Linux operating system which controls the Sonoma. Others are provided by the additional protocol

servers selected for inclusion in your Sonoma, and the way that they are congured.

Secure user authentication and session privacy while performing routine monitoring and maintenance

tasks are provided by the OpenSSH implementations of the “secure shell” daemon, sshd and its com-

panion “secure copy” utility, scp. The Apache implementation of the Hyper Text Transport Protocol

(HTTP) with Secure Sockets Layer (SSL) daemon (httpd) provides for a secure, encrypted session

with a digital certicate. The NET-SNMP implementation of the Simple Network Management

Protocol (SNMP) daemon, snmpd conforms to the latest Internet standard, known as SNMPv3, which

also supports secure user authentication and session privacy. In addition, the Network Time Proto-

col daemon, ntpd supports client-server authentication security measures to deter spoong of NTP

clients by rogue NTP servers. This chapter describes these security measures and gives the advanced

network administrator information that will allow custom conguration to t specic security needs.

SSH, Telnet, SNMP and HTTP are all enabled with default passwords. To ensure security, change the pass-

words or disable the protocols. To change the passwords for SSH, Telnet and HTTP use the passwd com-

mand. To change the passwords/community strings for SNMP see Chapter 6 - SNMP.

By default all hosts are allowed access via SSH, Telnet and SNMP. To restrict access via these protocols to

specific hosts, see Restrict Access - Telnet, SSH and SNMP below. All hosts are allowed access via

HTTP as well. To restrict access via HTTP, see Restrict Access - HTTP below.

To completely disable any or all of these protocols see Disable Protocols below.

Linux Operating System

The Linux operating system versions are shown in Appendix H - Specifications. Linux supports a

complete set of security provisions:

• System passwords are kept in an encrypted le, /etc/shadow which is not accessible by users other

than root.

IMPORTANT

Related product manuals