MasterSwitch VM User’s Guide 29
Security
Authentication
Authentication
versus encryption
The MasterSwitch unit controls access by providing basic authentication
through user names, passwords, and
IP
addresses, but provides no
type of encryption. These basic security features are sufficient for most
environments, in which sensitive data is not being transferred. To
ensure that data and communication between the MasterSwitch unit
and the client interfaces, such as Telnet and the Web browser, cannot
be captured, you can provide a greater level of security by enabling
MD5
authentication (described below) for the Web interface.
MD5
authentication
(Web interface)
The Web interface option for
MD5
authentication enables a higher level
of access security than the basic
HTTP
authentication scheme. The
MD5
scheme is similar to
CHAP
and
PAP
remote access protocols.
Enabling
MD5
implements the following security features:
• The Web server requests a user name and a password phrase
(distinct from the password). The user name and password
phrase are not transmitted over the network, as they are in
basic authentication. Instead, a Java login applet combines the
user name, password phrase, and a unique session challenge
number to calculate an
MD5
hash number. Only the hash num-
ber is returned to the server to verify that the user has the cor-
rect login information;
MD5
authentication does not reveal the
login information.
• In addition to the login authentication, each form post for config-
uration or control operations is authenticated with a unique chal-
lenge and hash response.
• After the authentication login, subsequent page access is
restricted by
IP
addresses and a hidden session cookie. (You
must have cookies enabled in your browser.) Pages are trans-
mitted in their plain-text form, with no encryption.
If you use
MD5
authentication, which is available only for the Web
interface, disable the less secure interfaces, including Telnet,
FTP
,and
SNMP
.For
SNMP
, you can disable write-only access so that read
access and trap facilities are still available.
Although
MD5
authentication provides a much higher level of security
than the plain-text access methods, complete protection from security
breaches is almost impossible to achieve. Well-configured firewalls are
an essential element in an overall security scheme. For additional
information on
MD5
authentication, see
RFC
document #
1321
at the
Web site of the Internet Engineering Task Force. For
CHAP
,see
RFC
document #
1994
.
Continued on next page
(8 paginas)
(32 paginas)
(4 paginas)
(16 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales