APC Network Management Card AP9617 Guía de usuario descargar pdf (Pagina 155)

®®

USER’S GUIDE

network management card

148

MD5 authentication (for the Web interface)

The Web interface option for MD5 authentication enables a higher level of

access security than the basic HTTP authentication scheme. The MD5

scheme is similar to CHAP and PAP remote access protocols. Enabling

MD5 implements the following security features:

• The Web server requests a user name and a password phrase (distinct

from the password). The user name and password phrase are not

transmitted over the network, as they are in basic authentication.

Instead, a Java login applet combines the user name, password

phrase, and a unique session challenge number to calculate an MD5

hash number. Only the hash number is returned to the server to verify

that the user has the correct login information; MD5 authentication

does not reveal the login information.

• In addition to the login authentication, each form post for configuration

or control operations is authenticated with a unique challenge and

hash response.

• After the authentication login, subsequent page access is restricted by

IP addresses and a hidden session cookie. (You must have cookies

enabled in your browser.) Pages are transmitted in their plain-text form,

with no encryption.

If you use MD5 authentication for the Web interface, be sure to increase the

security for other interfaces to the Management Card.

• Control console: Use SSH (which disables Telnet) for encrypted

access.

• File transfer: Disable FTP, and instead use SCP, which encrypts user

names, passwords, and files.

• SNMP: Disable SNMP or disable its write access. With read-only

access, trap facilities remain available.

1 2 ... 150 151 152 153 154 155 156 157 158 159 160 ... 189 190

Sin comentarios

APC Network Management Card AP9617 Guía de usuario Pagina 155