American Power Conversion Master Switch manual Security, Authentication

Page 34

Security

Authentication

Authentication

The MasterSwitch unit controls access by providing basic authentication

versus encryption

through user names, passwords, and IP addresses, but provides no

 

type of encryption. These basic security features are sufficient for most

 

environments, in which sensitive data is not being transferred. To

 

ensure that data and communication between the MasterSwitch unit

 

and the client interfaces, such as Telnet and the Web browser, cannot

 

be captured, you can provide a greater level of security by enabling

 

MD5 authentication (described below) for the Web interface.

MD5

The Web interface option for MD5 authentication enables a higher level

authentication

of access security than the basic HTTP authentication scheme. The

(Web interface)

MD5 scheme is similar to CHAP and PAP remote access protocols.

 

Enabling MD5 implements the following security features:

 

• The Web server requests a user name and a password phrase

 

(distinct from the password). The user name and password

 

phrase are not transmitted over the network, as they are in

 

basic authentication. Instead, a Java login applet combines the

 

user name, password phrase, and a unique session challenge

 

number to calculate an MD5 hash number. Only the hash num-

 

ber is returned to the server to verify that the user has the cor-

 

rect login information; MD5 authentication does not reveal the

 

login information.

 

• In addition to the login authentication, each form post for config-

 

uration or control operations is authenticated with a unique chal-

 

lenge and hash response.

 

• After the authentication login, subsequent page access is

 

restricted by IP addresses and a hidden session cookie. (You

 

must have cookies enabled in your browser.) Pages are trans-

 

mitted in their plain-text form, with no encryption.

 

If you use MD5 authentication, which is available only for the Web

 

interface, disable the less secure interfaces, including Telnet, FTP, and

 

SNMP. For SNMP, you can disable write-only access so that read

 

access and trap facilities are still available.

 

Although MD5 authentication provides a much higher level of security

 

than the plain-text access methods, complete protection from security

 

breaches is almost impossible to achieve. Well-configured firewalls are

 

an essential element in an overall security scheme. For additional

 

information on MD5 authentication, see RFC document #1321 at the

 

Web site of the Internet Engineering Task Force. For CHAP, see RFC

 

document #1994.

 

Continued on next page

MasterSwitch VM User’s Guide

29

Page 33 Page 35
Image 34
Page 33 Page 35
Contents MasterSwitch VM Thank You MasterSwitch VM ContentsContents Specifications Warranty InformationTroubleshooting Life-Support PolicyIntroduction Feature DescriptionProduct Description MasterSwitch VM Controller IntroductionLEDs Status DescriptionOperating MasterSwitch VM Configuring outlets for operation Is turned on When these two delays expire, the outlet will be turned on Outlet will be turned on Threshold has been exceeded Outlets do not turn on when the Overload WarningOutlets always turn on Overload Warning and the load exceeds the Overload WarningManaging MasterSwitch VM Management InterfacesInterface Managing MasterSwitch VMControl Console Telnet, for remote managementManaging MasterSwitch VM Account, and up to 16 Outlet User accounts Password-Protected AccountsAccount access to Outlets and menuMenu Items OutletsMenu Items OutletsMasterSwitch VM Unit ConfigurationOutlet Configuration Links Interface or by pressing C TRL + L in the Control Console Event LogDir. You will see a listing similar to the following ftpdir Similar to the following MasterSwitch VM unit always uses four-digit yearRepresentation when logging and displaying event data However, you may need to select a four-digit date formatNetwork TCP/IPTelnet/Web Snmp Access ControlDefinition Snmp Trap Receiver Trap Receiver IP toUser Manager SystemItems Manager Outlet UserFor Outlet User Manager Date/Time IdentificationFile Transfer Enable Bootp ToolsHelp Security Features SecurityAuthentication SecurityInterface Security Access MethodsWarranty Information Product InformationTroubleshooting Product InformationLife-Support Policy MasterSwitch VM power distribution unit AP9221X166 SpecificationsFollowing table shows the product specifications for ProductMasterSwitch VM Controller AP9221NX166 AP9221NX166Help Features IndexOutlet Access Outlet operations IndexAPC Worldwide Customer Support Regional centers
Top Page Image Contents