Manualshelf

User Manual

ManualsBrandsSilver Spring Networks ManualsElectronicsGateway/Telco
12345678910
10
Monitoring can be defeated through encryption of the data
stream, including any interactions in which passwords are
passed.
Password guessing, dictionary or exhaustive scan (particularly if
driven by a computer program). Password choice rules plus the
use of a reasonably large salt (to complicate reverse dictionary
construction by an insider) should make this very difficult.
Note some part of the enforcement of good password choices
(e.g., don’t use your wife’s maiden name) must be addressed by
internal utility processes.
A legitimate user attempts operations that he or she is not
authorized to perform. This is addressed by access control
permissions.
A legitimate user attempts operations from a suspicious
location (e.g., a disgruntled former employee who was a network
administrator tries to shut down the Innovatec communications
network by deregistering all the meters from the gateways and
erasing them from the utility database from his home
computer). This is addressed using host identification in
addition to passwords. Note that internal utility processes are
responsible for making sure that only correct hosts are
identified as legitimate sources to the ENICS system.
A computer cracker attempts to gain access to the ENICS
system by running an applet or application that claims to be a
standard ENICS applet. This is handled by keeping password
and host identification contained on the server (any
authentication contained in a client would have been bypassed
because a real ENICS client isn’t being used).
A computer cracker attempts to gain access to the ENICS
system by running an applet or application that claims to be an
ENICS configuration server portal. This is handled by host
identification. The cracker may attempt to defeat host
identification by assigning his machine the same host address
as a legitimate ENICS server. This can be defeated by
configuring a firewall to refuse incoming packets from a host
that has the same address as an internal ENICS server.
A computer cracker attempts to gain access to meter data and
some alarm configuration capability by running an applet or
application that claims to be a ENICS server that is set up for
external data distribution. This is handled using host
identification. The cracker may attempt to defeat host
identification by assigning his machine the same host address
as a legitimate machine that is the target for external data
distribution. This cannot be defeated using firewall
configuration, since external access for on-demand reads and