NetLinx Security with a Terminal Connection

NetLinx Security with a Terminal Connection

Overview

NetLinx Masters currently have built-in security capabilities. They require a user entering a valid username and password to access the NetLinx System’s Telnet, HTTP, ICSP, and FTP services.

The security capabilities are configured and applied via a Telnet connection or the NetLinx Master’s RS-232/ USB terminal interface (the RS232/USB Configuration Port).

Always use the RS232/USB Configuration Port when entering potentially sensitive security information. The Telnet server interface exposes this security information to the LAN in clear text format, which could be intercepted by an unauthorized LAN client. Using the RS232/USB Configuration Port offers security during the configuration of the database due to the physical proximity of the user to the system.

NetLinx Security Features

NetLinx security allows a qualified user to define access rights for users or groups.

A "User" represents a single potential client of the NetLinx Master, while a "Group" represents a logical collection of users. Any properties possessed by groups (i.e., access rights, directory associations, etc.) are inherited by all the members of the group.

The following table lists the NetLinx features that the administrator (or other 'qualified' user) may grant or deny access to.

NetLinx Security Features

NetLinx Master Security Configuration

The user has access to the security configuration commands of the

 

Master. Only those users with security configuration access rights

 

granted will have access to the security configuration

 

commands.

 

 

Telnet Security

The user has access to the Telnet server functionality. All basic

 

commands are available to the user.

 

 

Terminal (RS232/USB) Security

The user has access to the Terminal server functionality through the

 

USB connector. All basic commands are available to the user.

 

 

HTTP (web server) Security

The user has access to the HTTP server functionality. Directory

 

associations assign specific directories/files to a particular user.

 

 

FTP Security

The user has access to the FTP server functionality. Only the

 

administrator account has access to the root directory; all other

 

'qualified' clients are restricted to the /user/ directory and its 'tree'.

 

 

ICSP

The user has access to the ICSP communication functionality.

 

Communication and encryption rights are available to an authorized

 

user.

 

 

ICSP Encryption

The user has access to the ICSP data encryption functionality.

 

Enabling encryption of ICSP data requires that both:

 

- AMX hardware or software communicating with the target

 

Master provide a valid username and password.

 

- All communication is encrypted.

 

 

Initial Setup via a Terminal Connection

Security administration and configuration is done via a Terminal communication through the RS232/USB Configuration Port on the NetLinx Master. If connecting to the target Master via the TCP/IP (Winsock) option, some command sets (such as the security setup) will not be available. If a valid IP connection method

has been made to the Master, making changes to the parameters via the browser-based UI pages is highly recommended.

NI-3101-SIG Signature Series NetLinx Integrated Controller

99

 

 

Page 109
Image 109
AMX NI-3101-SIG manual NetLinx Security Features, Initial Setup via a Terminal Connection