Datasheet
®
®®
®
USER’S GUIDE
masterswitch vm
MD5 authentication (for the Web interface)
The Web interface option for MD5 authentication enables a higher level of
access security than the basic
HTTP authentication scheme. The MD5
scheme is similar to
CHAP and PAP remote access protocols. Enabling MD5
implements the following security features:
The Web server requests a user name and a password phrase (distinct
from the password). The user name and password phrase are not
transmitted over the network, as they are in basic authentication. Instead, a
Java login applet combines the user name, password phrase, and a unique
session challenge number to calculate an
MD5 hash number. Only the hash
number is returned to the server to verify that the user has the correct login
information;
MD5 authentication does not reveal the login information.
In addition to the login authentication, each form post for configuration or
control operations is authenticated with a unique challenge and hash
response.
After the authentication login, subsequent page access is restricted by
IP
addresses and a hidden session cookie. (You must have cookies enabled in
your browser.) Pages are transmitted in their plain-text form, with no
encryption.
If you use
MD5 authentication, which is available only for the Web interface,
disable the less secure interfaces, including Telnet,
FTP, and SNMP. For
SNMP, you can disable write-only access so that read access and trap
facilities are still available.
For additional information on
MD5 authentication, see RFC document #1321
at the Web site of the Internet Engineering Task Force, http://www.ietf.org.
For
CHAP, see RFC document #1994.