NetLinx Security within the Web Server

NetLinx Security within the Web Server

NetLinx Masters incorporate built-in security for HTTPS and Terminal sessions (enhanced with SSL and SSH respectively), ICSP data verification/encryption, and Server Port configuration. By using both SSL certificate verification and encryption over a secured HTTP (HTTPS) connection, this version of NetLinx firmware provides users with a more convenient web-based method of securing both the Master and its data communications. Additional features in this release are the use of both authentication protocols and the ability to perform online NetLinx Diagnostics via the web server.

Terminal setup and security configuration are still valid and supported in this build of the NetLinx Master firmware.

This NetLinx Web Server is used to power Master security, data encryption, and SSL certificate/encryption features on current AMX Masters such as the ME260/64 and NI-Series of Controllers. This web server not only provides username and password security for the target Master, but also a new level of secure encryption for ICSP data communication among the various AMX software and hardware components. New security features for the Masters include:

Enhanced Username and Password requirements HTTPS and SSL certificate interaction Use of a pre-installed AMX SSL certificate ICSP communication and encryption

The first layer of security for the Master involves prompting a user to enter a valid username and password before gaining access to a secured feature on the target Master. This data is pre-configured by the administrator within the Group and User Level pages of the Security section. If an option is enabled within the System Security page, a user is prompted to enter a valid username and password before gaining access to the corresponding feature. This access is only granted if their information matches a previously created profile assigned sufficient rights for that action. An already logged in user can enter a new profile by using the Login field to enter a new profile’s

username and profile.

This username and password information is also used by both G4 touch panels (within the System Connection firmware page) and AMX software applications such as NetLinx Studio v 2.4 (via the Master Communications dialog) to communicate securely with a Master using encrypted communication.

The second layer of security uses a combination of secure HTTP (HTTPS) communication and SSL encryption to secure data being transferred from the web server application and the target Master.

To ensure this higher degree of security on the Master, an administrator can disable the HTTP Port access, enable HTTPS Port access (both from within the same Manage System > Server page), and then alter the level of encryption on the current SSL Certificate to meet their security needs.

SSL (Secure Sockets Layer) is a protocol that works by encrypting data being transferred over an HTTPS connection. URLs that require a secure connection begin with https: instead of http: (in the browser’s Address field). These security capabilities are configured to function via a web session within your browser. The encryption level (64 or 128-bit) achieved over the HTTPS Port is done via the SSL Certificate currently in use on the target Master. Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, HTTPS is designed to transmit individual messages securely. Therefore both HTTPS and SSL can be seen as complementary and are configured to communicate over the same port on the Master.

The third layer of protection is an SSL Certificate (specifically identifying the target Master and using a unique key to encrypt data). SSL works by using a private key to encrypt data that's transferred over the SSL connection. By default, current Masters are shipped with a default AMX SSL certificate called sslexample.amx.com. This pre-configured certificate can be used as a road map to create a unique certificate. The Master’s SSL certificate can be either requested (from an external CA) or self-generated, and then installed/imported onto the target Master. This action adds the certificate to the trusted site certificate listing within the computer’s Internet browser.

A fourth layer of security enables the encryption of data communication amongst the various AMX hardware and software components (such as between NetLinx Studio and the Master, or TPDesign4 and the touch panel (communicating through the Master)). Refer to theSecurity Features section on page 38 for more information.

NI-3101-SIG Signature Series NetLinx Integrated Controller

33

 

 

Page 43
Image 43
AMX NI-3101-SIG manual NetLinx Security within the Web Server