APC AP9606 manual Security, Authentication

Page 68

Security

Authentication

Authentication

The Management Card controls access by providing basic

versus encryption

authentication through user names, passwords, and IP addresses, but

 

provides no type of encryption. These basic security features are

 

sufficient for most environments, in which sensitive data is not being

 

transferred. To ensure that data and communication between the

 

Management Card and the client interfaces, such as Telnet and the

 

Web browser, cannot be captured, you can provide a greater level of

 

security by enabling MD5 authentication (described below) for the Web

 

interface.

MD5

The Web interface option for MD5 authentication enables a higher level

authentication

of access security than the basic HTTP authentication scheme. The

(Web interface)

MD5 scheme is similar to CHAP and PAP remote access protocols.

 

Enabling MD5 implements the following security features:

 

• The Web server requests a user name and a password phrase

 

(distinct from the password). The user name and password

 

phrase are not transmitted over the network, as they are in

 

basic authentication. Instead, a Java login applet combines the

 

user name, password phrase, and a unique session challenge

 

number to calculate an MD5 hash number. Only the hash num-

 

ber is returned to the server to verify that the user has the cor-

 

rect login information; MD5 authentication does not reveal the

 

login information.

 

• In addition to the login authentication, each form post for config-

 

uration or control operations is authenticated with a unique chal-

 

lenge and hash response.

 

• After the authentication login, subsequent page access is

 

restricted by IP addresses and a hidden session cookie. (You

 

must have cookies enabled in your browser.) Pages are trans-

 

mitted in their plain-text form, with no encryption.

 

If you use MD5 authentication, which is available only for the Web

 

interface, disable the less secure interfaces, including Telnet, FTP, and

 

SNMP. For SNMP, you can disable write-only access so that read

 

access and trap facilities are still available. For additional information on

 

MD5 authentication, see RFC document #1321 at the Web site of the

 

Internet Engineering Task Force. For CHAP, see RFC document #1994.

Firewalls

Although MD5 authentication provides a much higher level of security

 

than the plain-text access methods, complete protection from security

 

breaches is almost impossible to achieve. Well-configured firewalls are

 

an essential element in an overall security scheme.

 

Continued on next page

Web/SNMP Management SmartSlot Card User’s Guide

68

Page 67 Page 69
Image 68
Page 67 Page 69
Contents Title Thank You Contents Web/SNMP Management SmartSlot CardContents System Menu Events Menu Index American Power Conversion’s Web/SNMP Management SmartSlot Product DescriptionCard APC part number AP9606 is a web-based UPS Management Snmp Management SmartSlot Card, which is referred to asIntroduction Figure below identifies and describes the network management Through a Management CardInternal Management Features Password and User Name settings, see User Manager onFront Panel Watchdog Features Control Console IntroductionHow to Log See How to Recover from a Lost Password onControl Console Console, see Main Screen onHow to Recover from a Lost Password Main Screen Into the Control ConsoleUPS model and name field reports the status of the UPS Two fields identify when you logged in, by Date and TimeStatus field reports the Management Card status Control Console Menu Menus onWeb Interface You can use a supported Web browser to manage a UPS, anServer, Telnet, and Web on Netscape Navigator 3.0 or laterTion, see Email on Web InterfaceWeb interface, see Status Summary Page on Status Summary Menu Frame Device Manager Menus onUser-definable links on Being powered by the UPS AccessPages at the APC Web site Click on Links in the System menuNetwork Menu Option Settings Gateway plays, see The role of the Default GatewayResetting the network timer on page 13 for infor Network MenuDownload configuration files 0.0.0.0, by default Used to protect FTP accessSettings are 21 FTP, 23 Telnet, and 80 Web interface APC Web/SNMP Management Card utility CD ./docSetting Definition System Menu System Menu Web interfaceHhmmss format used by the Management Card For file transfers, do the followingDefine the file name in the Filename field, and click Apply Screen instructionsThree User Links, the URL address used by the APC logo, URL address used by the various Interactive Assistant linksDevice Manager Menus Environment Menu Options onDevice Manager Menus UPS Status OptionsStatus Field Definition Status for a Symmetra Power Array or Silcon DP300E seriesVoltage Load Power Output VoltageOutput FrequencyOutput Power PercentagePeak Output CurrentRemaining is shared by all UPS models Displayed above the UPS MenuUPS Diagnostics Options UPS Control Options Action DefinitionTest UPS Alarm options, see UPS Diagnostics Options on Table in Shutdown parameters onUPS Configuration Options Utility line settings on thisAlarm thresholds Symmetra Power Array on General settings onThreshold Definition Option to access the Return Battery Capacity setting Last Battery ReplacementAudible Alarm UPS NameModule Status Option Symmetra Power Array UPS PowerChute network shutdown Option For more information about PowerChute network shutdown, seeFollowing table describes the PowerChute network shutdown Snmp Management Card utility CDSee Probe settings below Environment Menu OptionsDescribed in How to Configure Individual Events Events MenuActions Web Interface only on Events MenuEvent Log FTP Or disabled for events with a specified severity level Event Actions Web Interface onlyEvents are recorded Assigned will still be loggedBy their specific IP addresses Recipients onEvent Recipients As described in Event Actions Web Interface only onTo which traps will be sent Snmp option in the Network menu See Email on the nextTing in Email recipients on Option. See Optimal Email Configuration Issues on Events Menu How to Configure Individual Events Example, to configure the UPS on battery event, as follows To log the event, and send traps to trap receivers 1Change the 2nd character to B Ents 1 and 2, change the 3rd character toManagement Card and Device Events Actions associated with an event, see Event Actions WebInterface only on System events in the table’s descriptionsEvents are generated by all UPS models Events Menu Events Menu Events Menu Environmental Monitoring SmartSlot Card events Security Features SecurityAuthentication SecurityInterface Security Access MethodsManagement Card TroubleshootingProblem Solution Troubleshooting Following table describes known Snmp problemsHow to Correct Communication Lost Problems Technical Support on page 74 for information about how toIf Problems Persist APC Worldwide Technical Support Persist on Warranty InformationProduct Information Product Information Life-Support PolicySpecifications Following table identifies the electrical specificationsFollowing table identifies the physical specifications Following table identifies the environmental specificationsAccept Changes option, 14 Access IndexIndex Device Manager menu optionsFTP Events, 23 24, 51, 53 Snmp UPS events, listed and described W. a p c c . c o m
Top Page Image Contents