Security
Authentication
Authentication | The Environmental Monitoring Unit controls access by providing basic |
versus encryption | authentication through user names, passwords, and IP addresses, but |
| provides no type of encryption. These basic security features are |
| sufficient for most environments, in which sensitive data is not being |
| transferred. To ensure that data and communication between the |
| Environmental Monitoring Unit and the client interfaces, such as Telnet |
| and the Web browser, cannot be captured, you can provide a greater |
| level of security by enabling MD5 authentication for the Web interface. |
| See MD5 authentication (Web interface) on this page. |
MD5 | The Web interface option for MD5 authentication enables a higher level |
authentication | of access security than the basic HTTP authentication scheme. The |
(Web interface) | MD5 scheme is similar to CHAP and PAP remote access protocols. |
| Enabling MD5 implements the following security features: |
| • The Web server requests a user name and a password phrase |
| (distinct from the password). The user name and password |
| phrase are not transmitted over the network, as they are in |
| basic authentication. Instead, a Java login applet combines the |
| user name, password phrase, and a unique session challenge |
| number to calculate an MD5 hash number. Only the hash |
| number is returned to the server to verify that the user has the |
| correct login information; MD5 authentication does not reveal |
| the login information. |
| • In addition to the login authentication, each form post for |
| configuration or control operations is authenticated with a |
| unique challenge and hash response. |
| • After the authentication login, subsequent page access is |
| restricted by IP addresses and a hidden session cookie. (You |
| must have cookies enabled in your browser.) Pages are |
| transmitted in their |
| If you use MD5 authentication, which is available only for the Web |
| interface, disable the less secure interfaces, including Telnet, FTP, and |
| SNMP. For SNMP, you can disable |
| access and trap facilities are still available. For additional information on |
| MD5 authentication, see RFC document #1321 at the Web site of the |
| Internet Engineering Task Force. For CHAP, see RFC document #1994. |
Firewalls | Although MD5 authentication provides a much higher level of security |
| than the |
| breaches is almost impossible to achieve. |
| an essential element in an overall security scheme. |
| Continued on next page |
Environmental Monitoring Unit: User’s Guide | 26 |