Authentication, Authentication versus encryption, Md5 authentication (web interface) – APC AP9312TH User Manual

Environmental Monitoring Unit: User’s Guide

26

Security

Authentication

Authentication
versus encryption

The Environmental Monitoring Unit controls access by providing basic
authentication through user names, passwords, and

IP

addresses, but

provides no type of encryption. These basic security features are
sufficient for most environments, in which sensitive data is not being
transferred. To ensure that data and communication between the
Environmental Monitoring Unit and the client interfaces, such as Telnet
and the Web browser, cannot be captured, you can provide a greater
level of security by enabling

MD5

authentication for the Web interface.

See

MD5 authentication (Web interface) on this page

.

MD5
authentication
(Web interface)

The Web interface option for

MD5

authentication enables a higher level

of access security than the basic

HTTP

authentication scheme. The

MD5

scheme is similar to

CHAP

and

PAP

remote access protocols.

Enabling

MD5

implements the following security features:

•

The Web server requests a user name and a password phrase
(distinct from the password). The user name and password
phrase are not transmitted over the network, as they are in
basic authentication. Instead, a Java login applet combines the
user name, password phrase, and a unique session challenge
number to calculate an

MD5

hash number. Only the hash

number is returned to the server to verify that the user has the
correct login information;

MD5

authentication does not reveal

the login information.

•

In addition to the login authentication, each form post for
configuration or control operations is authenticated with a
unique challenge and hash response.

•

After the authentication login, subsequent page access is
restricted by

IP

addresses and a hidden session cookie. (You

must have cookies enabled in your browser.) Pages are
transmitted in their plain-text form, with no encryption.

If you use

MD5

authentication, which is available only for the Web

interface, disable the less secure interfaces, including Telnet,

FTP

, and

SNMP

. For

SNMP

, you can disable write-only access so that read

access and trap facilities are still available. For additional information on

MD5

authentication, see

RFC

document #

1321

at the Web site of the

Internet Engineering Task Force. For

CHAP

, see

RFC

document #

1994

.

Firewalls

Although

MD5

authentication provides a much higher level of security

than the plain-text access methods, complete protection from security
breaches is almost impossible to achieve. Well-configured firewalls are
an essential element in an overall security scheme.

Continued on next page