21.1.9 Ember+ Security
To make the system more secure, the following features are supported.
Ember+ Provider Clients Whitelist (optional)
This option can be used to make sure that only devices with a defined IP can access the Ember+ providers.
The option is enabled, in the ON-AIR Designer configuration, by entering at least one IP address in the Ember+
Provider Clients Whitelist. If the list is empty, then the feature is disabled and access is permitted from
consumers with any IP address. For testing purposes, the whitelist can be temporarily disabled from the Web
UI (via the System -> Control tab).
Network Port Restrictions (optional)
This option can be used to restrict the network ports used for the different protocols: Telnet, WebUI, Netcom,
DMS, MNOPL and EmBER+. The option is set from the Web UI (via the System -> Control tab). In each case,
you can choose either any (to allow access via any control network port) or dwc0 (to restrict access to
CONTROL A only). Note that if you choose dwc0, then the restriction also applies to the local host and so
access is not permitted via 127.0.0.1. By default, all protocols are available on all interfaces.
Ember+ Denial-of-service Attack Blocker
This feature is always implemented, and protects the Ember+ provider from unwanted service requests. If there
are more than 10 "GetDir" requests from the same node in quick succession, then the connection to the
consumer is terminated. The connection can then be re-established by the consumer.
To Next Page