Security issues, Configuring encryption of traffic, Welcome banner configuration – Raritan Computer DOMINION DSX-0N-E User Manual
Page 120: Defining ssl security certificates, Enabling firewall protection, Enabling security profiles
102
D
OMINION
SX
U
SER
G
UIDE
security
Switch to the security menu.
Sends the local event log to a remote FTP server.
Show configuration options.
Switch to the TACACS+ Configuration Menu.
Enable telnet communication and specify the port.
top
Return to the root menu.
traceroute
Print the route to a remote system
System command to upgrade the firmware.
System command to show the upgrade history.
userlist
List users.
Displays the local event log.
Security Issues
There are a number of elements to consider when addressing security for console servers:
• Encrypting the data traffic sent between the operator console and the DSX unit.
• Providing authentication and authorization for users.
• Logging data relevant to the operation for later viewing and auditing purposes. In some
cases, this data is required for compliance with governmental or company regulations.
• Encryption of port data log sent to a remote nfs server.
• Security profile
• “Man in the Middle”
Dominion SX supports each of these elements; however, they must be configured prior to general
use.
Configuring Encryption of Traffic
Encryption of traffic between the operator console and the DSX unit is determined by the access
methodology being used. SSH and encrypted browser access (HTTPS) are enabled by default.
SSH and HTTPS, by definition, support 128-bit encryption of the traffic between the two ends of
the link. To accept unencrypted connections, the user must manually enable the HTTP and Telnet
services.
Dominion SX optionally supports a customizable (maximum 6000 words) welcome banner that is
displayed after login. The banner identifies where the user has logged into. In addition, there is
the ability to add a consent banner that forces the user to accept the stated conditions prior to
advancing into operation of the console server.
Defining SSL Security Certificates
SSL Security certificates are used in browser access to ensure that the device you are attaching to
is the device that is authorized to be connected. This section describes only how to configure the
certificates on the console server. See Appendix C for details on SSL Certificates.
Dominion SX provides a firewall function to provide protection for the IP network and to control
access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces.
Dominion SX provides the ability to define security profiles which simplify the assigning of
permissions to users and groups. There are three types of profiles. Two are predefined: standard
and secure. The third allows for the definition of custom profiles; this allows assignment of all
permissions by assigning one security profile. Multiple custom security profiles may be defined.