Devicemaster lt security features, Security modes – Comtrol DeviceMaster LT User Manual

Page 51

DeviceMaster LT User Guide: 2000586

Rev. B

DeviceMaster LT Security - 51

DeviceMaster LT Security Features

The following subsections provide information about DeviceMaster LT security
features.

Security Modes

The DeviceMaster LT supports two security modes.

Security

Mode

Description

Secure Data

SSL encryption for serial port data streams for both NS-Link and
SocketServer. Secure Data mode:

•

Requires SSL encryption of TCP connections to SocketServer
(Ports 8000, 8001, 8002, and so forth).

•

Disables UDP access to SocketServer.

•

Disables RFC1006 (ISO-over-TCP) access to SocketServer.

•

Disables MAC-mode access to serial ports. MAC mode admin
and ID commands are still allowed.

•

Requires SSL encryption of NS-Link TCP connections (Port
4606). Not directly supported by NS-Link drivers for Windows
and Linux. The Linux driver has been tested using stunnel,
but manual setup is required.

•

Requires SSH instead of telnet connection to the diagnostic
log (TCP Port 4607).

•

Two values for http READ and WRITE commands: A2:
Enable.

Secure Config

Encrypts/authenticates configuration and administration
operations (web server, IP settings, load SW, and so forth.). Secure
Config mode:

•

Disables MAC mode admin commands except for ID request†.

•

Disables TCP/IP admin commands except for ID request†.

•

Disables telnet console access (Port 23)†.

•

Disables unencrypted http:// access via Port 80.

•

Disables e-mail notification and SNMP features.

•

Two values for http READ and WRITE commands: A3:
Enable.

† Affects both RedBoot and SocketServer/NS-Link applications.