Specifications
NetLinx Security within the Web Server
64
NetLinx Security - Web Server
To ensure this higher degree of security on the Master, an administrator can disable the HTTP Port
access, enable HTTPS Port access (both from within the same Manage System > Server page),
and then alter the level of encryption on the current SSL Certificate to meet their security needs.
SSL (Secure Sockets Layer) is a protocol that works by encrypting data being transferred
over an HTTPS connection. URLs that require a secure connection begin with https:
instead of http: (in the browser’s Address field). These security capabilities are
configured to function via a web session within your browser. The encryption level (64 or
128-bit) achieved over the HTTPS Port is done via the SSL Certificate currently in use on
the target Master. Whereas SSL creates a secure connection between a client and a server,
over which any amount of data can be sent securely, HTTPS is designed to transmit
individual messages securely. Therefore both HTTPS and SSL can be seen as
complementary and are configured to communicate over the same port on the Master.
The third layer of protection is an SSL Certificate (specifically identifying the target Master and
using a unique key to encrypt data). SSL works by using a private key to encrypt data that's
transferred over the SSL connection. By default, current Masters are shipped with a default AMX
SSL certificate called sslexample.amx.com. This pre-configured certificate can be used as a
road-map to create your own certificate. The Master’s SSL certificate can be either requested (from
an external CA) or self-generated, and then installed/imported onto the target Master (this action
adds the certificate to the trusted site certificate listing within the computer’s Internet browser).
A fourth layer of security enables the encryption of data communication amongst the various AMX
hardware and software components (such as between NetLinx Studio and the Master, or TPDesign4
and the touch panel (communicating through the Master)). Refer to the Security Features section on
page 70 for more information.
NetLinx Security Terms
The following table lists some commonly used NetLinx Security terms:
NetLinx Security Terms
User A user is a single potential client of the NetLinx Master.
Administrator An administrator has privileges to modify existing NetLinx Master access
groups, users, and their rights. The administrator can also assign NetLinx
communication access rights for different users or groups (ex: Telnet and
HTTP access) and configure the Master’s SSL server certificate.
Group A group is a logical collection of users. Note that any properties possessed by
a group (ex: access rights, directory associations, etc.) are inherited by all
members of that group.
Username A username is a valid character string (4 - 20 alpha-numeric characters)
defining the user. This string is case sensitive and each username must be
unique.
Group name A group name is a valid character string (4 - 20 alpha-numeric characters)
defining the group. This string is case sensitive and each group name must be
unique.
Password A password is a valid character string (4 - 20 alpha-numeric characters) to
supplement the username in defining the potential client. This string is also
case sensitive.
Access Rights Each of the NetLinx Master’s features has pre-defined security procedures.
The access right for a particular feature determines if a user or group has
access to that feature by entering a valid username and password.