User's Manual
Table Of Contents
- PremierWave XC HSPA+ User Guide
- 1: Using This Guide
- 2: Introduction
- 3: Installation of PremierWave XC HSPA+
- 4: Using DeviceInstaller
- 5: Configuration Using Web Manager
- 6: Network Settings
- Network 1 (eth0) Interface Settings
- Network 1 (Link) Settings
- Network 1 (Failover)
- Network 2 (Cellular) Settings
- Network 2 (Link) Settings
- Gateway
- 7: Cellular
- 8: Action Settings
- 9: Line and Tunnel Settings
- Line Settings
- Tunnel Settings
- Serial Settings
- To Configure Tunnel Serial Settings
- Packing Mode
- To Configure Tunnel Packing Mode Settings
- Accept Mode
- To Configure Tunnel Accept Mode Settings
- Connect Mode
- To Configure Tunnel Connect Mode Settings
- Disconnect Mode
- To Configure Tunnel Disconnect Mode Settings
- Modem Emulation
- To Configure Tunnel Modem Emulation Settings
- Relay Output
- 10: Terminal and Host Settings
- 11: Services Settings
- 12: Security Settings
- 13: Maintenance and Diagnostics Settings
- Filesystem Settings
- Protocol Stack Settings
- SMTP Settings
- Diagnostics
- Threads
- Clock
- System Settings
- Discovery and Query Port
- 14: Advanced Settings
- 15: Security in Detail
- 16: Updating Firmware
- 17: Branding the PremierWave XC HSPA+
- Appendix A: Technical Specifications
- Appendix B: Compliance
- Appendix C: Technical Support
- Appendix D: Binary to Hexadecimal Conversions
- Appendix E: USB-CDC-ACM Device Driver File for Windows Hosts
PremierWave XC HSPA+ User Guide 66
12: Security Settings
The PremierWave XC HSPA+ device supports Secure Shell (SSH) and Secure Sockets Layer
(SSL). SSH is a network protocol for securely accessing a remote device. SSH provides a secure,
encrypted communication channel between two hosts over a network. It provides authentication
and message integrity services.
Secure Sockets Layer (SSL) is a protocol that manages data transmission security over the
Internet. It uses digital certificates for authentication and cryptography against eavesdropping and
tampering. It provides encryption and message integrity services. SSL is widely used for secure
communication to a web server. SSL uses certificates and private keys.
Note: The device supports SSLv3 and its successors, TLS1.0 and TLS1.1. An incoming
SSLv2 connection attempt is answered with an SSLv3 response. If the initiator also
supports SSLv3, SSLv3 handles the rest of the connection.
SSH Settings
SSH is a network protocol for securely accessing a remote device over an encrypted channel. This
protocol manages the security of internet data transmission between two hosts over a network by
providing encryption, authentication, and message integrity services.
Two instances require configuration: when the PremierWave is the SSH server and when it is an
SSH client. The SSH server is used by the CLI (Command Mode) and for tunneling in Accept
Mode. The SSH client is for tunneling in Connect Mode.
To configure the PremierWave as an SSH server, there are two requirements:
Defined Host Keys: both private and public keys are required. These keys are used for the
Diffie-Hellman key exchange (used for the underlying encryption protocol).
Defined Users: these users are permitted to connect to the PremierWave SSH server.
SSH Server Host Keys
The SSH Server Host Keys are used by all applications that play the role of an SSH Server.
Specifically Tunneling in Accept Mode. These keys can be created elsewhere and uploaded to the
device or automatically generated on the device.
If uploading existing keys, take care to ensure the Private Key will not be compromised in transit.
This implies the data is uploaded over some kind of secure private network.
Note: Some SSH Clients require RSA Host Keys to be at least 1024 bits in size.
Table 12-1 SSH Server Host Keys
RSS Settings Description
Private Key Enter the path and name of the existing private key you want to upload. In
WebManager, you can also browse to the private key to be uploaded. Be sure the
private key will not be compromised in transit. This implies the data is uploaded over
some kind of secure private network.
PRELIMINARY DRAFT
PRELIMINARY DRAFT