User`s guide
Security Profile
Chapter 8 Users, Security, and Authentication 148
Security Profile
The Security Profile tab, available under System Administration >
Security Profile, provides a centralized access for enforcing site-
appropriate, minimum security parameters on the Passport. These are the
available control mechanisms:
• System Security
• Password Security (Force heightened)
System Security Settings
System security settings include:
• SNMP: The Digi Passport unit allows using Get and Set commands for
easy remote configuration and monitoring. Get and Set commands are
configured individually using the NetworkSNMP Configuration
interface.
This option provides a simple method for globally disabling any SNMP
queries. (Traps always can be sent if they are configured). In the Default
configuration, SNMP is disabled.
• Discovery (ADDP): Enables/disables the Advanced Digi Discovery
Protocol (ADDP). While this is convenient for initial discovery of units on
the network, this service is often disabled when the system is ready for
production, unless the system is deployed on a controlled LAN.
• Telnet: Disabled by default, this feature can be enabled afterward if the
customer does not require encrypted connections.
• SSH: Usually remains enabled; in some environments, however,
access is allowed only by a totally out-of-band connection (hard-wired
serial, dial-up modem, or both). In such situations, the Ethernet
connection is used only for reports and alerts.
• SSHv1: SSHv1 (Secure Shell Version 1). SSHv1 uses server and host
keys to authenticate systems. This service is disabled by default.
• HTTP: Enables/disables access to the Digi Passport using the Web
interface. By default, HTTP is redirected to HTTPS.
• HTTPS: Enables/disables access to the Digi Passport using the Web
interface. This service is enabled by default. If, however, the unit will be
deployed outside a controlled LAN, HTTPS is often disabled to limit the
number of services available.
• All Ports: Enables/disables access to all ports using any protocol.
• Set all ports to: Specifies the protocol to be used on all ports. The
default is Telnet.
• Stealth Mode: Makes the Digi Passport “invisible” on the network and
exposes only ports that are used to provide access. In Stealth Mode,
the Passport does not reply to pings or traceroutes and does not
respond to communication attempts on unused TCP/UDP sockets.