Manual

ManualsBrandsComtrol ManualsAccessories communicationDeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 53

SSH Server

† Enable Monitoring Secure Data via Telnet must be enabled. SSH does not

support port monitoring. You can set the securemon enable option.

admin commands are disabled except for read-only ID command required by

NS-Link to identify the device.

The intention is to allow NS-Link to operate through an SSL connection to Port

4606 while is in Secure Data Mode, and to allow NS-Link to operate through a MAC

connection with Secure Config Mode enabled and Secure Data Mode disabled.

SSH Server The DeviceMaster LT SSH server h

as the following characteristics:

• Requires password authentication – even if password is empty.

• Enabled/disabled along with teln

et access independently of Secure Data and

Secure Config Modes.

• The DeviceMaster LT uses third-party

MatrixSSH library from PeerSec

tworks:

http://www.peersec.com/.

SSL Overview DeviceMaster LT SSL provides the following features:

• Provides both encryption and authentication.

- Encryption prevents a third-party eavesdropper from viewing data that is

being t

ransferred.

- Authentication allows both the client (that is, web browser) and

server

(that is. DeviceMaster LT) to ensure that only desired parties are allowed

to establish connections. This prevents both unauthorized access and

man-

in-the-middle attacks on the communications channel.

• Two slightly different SSL protocols are s

upported by the DeviceMaster LT,

SSLv3 and TLSv1.

• The DeviceMaster LT uses third-party MatrixSSL library from PeerSe

tworks:

http://www.peersec.com/matrixssl.html.

SSL Authentication DeviceMaster LT SSL authentication has the following features:

• Authentication means being able to verify th

e identity of the party at the other

end

of a communications channel. A username/password is a common example

of authentication.

• SSL/TLS protocols allow authentication u

sing either RSA certificates or DSS

certif

icates. DeviceMaster LT supports only RSA certificates.

• Each party (client and server) can prese

nt an ID certificate to the other.

• Each ID certificate is s

igned by another authority certificate or key.

• Each party can then verify the validity of the ot

her's ID certificate by verifying

hat it was signed by a trusted authority. This verification requires that ea

party ha

ve access to the certificate/key that was used to sign the other party'

D certificate.

Server

uthentication

Server Authentication is the mechanism by which the DeviceMaster LT proves its

identity.

• The DeviceMaster LT (generally an SSL server) can

be configured by

ploading an ID certificate that is to be presented to clients when they connect

to the DeviceMaster LT.

Email yes yes yes disabled disabled disabled

SNMP yes yes yes disabled disabled disabled

RFC1006 yes yes yes disabled disabled disabled

Weakest Strongest