Specifications
Table Of Contents
- About This Document
- Understanding Networking and IP Addressing
- Introduction to Networking
- Networking using IP
- Niagara Considerations
- Additional Information
- Configuration and Troubleshooting Tools
- Connecting on a LAN
- Connecting with Direct Dial
- Connecting to an ISP
- Using Security Technologies
- Configuration Files Used for Communication
- Glossary
- Index
Chapter 6 Using Security Technologies
Security Considerations
Niagara Release 2.3
Niagara Networking & Connectivity Guide Revised: May 22, 2002
6–3
Guidelines for VxWorks-based Niagara Hosts
• Do not enable FTP or telnet—FTP and telnet are standard Internet protocols
with well-documented attack points. If you must enable FTP or telnet on an
VxWorks host, consider changing the port to keep the novice attacker out. This
may not stop a more sophisticated attacker who uses port scanning software to
learn about all the open ports on a host.
Guidelines for Windows-based Niagara Hosts
• Implement and maintain virus protection on any Web Supervisor that will
connect to non-Niagara resources on the Internet—If your Web Supervisor
connects to other Internet resources (i.e., web pages, e-mail) you should
implement and maintain virus protection. Viruses can make your Web
Supervisor inoperable.
• On a JACE-NP with the full version of the OS, stop the RCMD service and
set its startup status to Manual—RCMD provides command-line access by
an administrator account to this model of JACE for maintenance purposes. It
is a widely available Microsoft utility. However, if you stop RCMD and need
to maintain the JACE-NP, you would need to attach a keyboard, mouse, and
monitor to the device in order to maintain it.
• Do not share folders on any Windows-based host—Windows shares
provide file-level access to the Windows host. Since they advertise themselves,
once an attacker has deciphered a host password they are very vulnerable. If
you must use Windows shares, make sure to assign permissions only to
accounts using strong passwords.
• Implement any security patches available from the OS vendor—Be sure to
periodically review and update patches when new vulnerabilities are patched.
For more information on securing Windows-based hosts, see the Microsoft
Security Resource Center at http://www.microsoft.com/security/default.asp
.
For more information on securing hosts on the Internet, see http://www.cert.org/
.
Creating a Strong Password
The best secure password is difficult to guess and difficult to crack, but easy for you
to remember. To provide the highest level of security, the password should challenge
password cracking software so that it takes more time to crack than most people
would be willing to devote to it.
The following types of passwords are insecure because they are easy to guess by
people you know or easy to crack by people you do not know:
• Any word, common or not, even one in a foreign language
• Any name (yours, your spouse or children, your boss, your pet)
• Any password made up of all numbers (bank card number, house numbers,
telephone numbers, US Social Security number, or car license plate number)
A secure password should contain at least
three of the following elements: