Security

Authentication

Authentication

The Environmental Monitoring Unit controls access by providing basic

versus encryption

authentication through user names, passwords, and IP addresses, but

 

provides no type of encryption. These basic security features are

 

sufficient for most environments, in which sensitive data is not being

 

transferred. To ensure that data and communication between the

 

Environmental Monitoring Unit and the client interfaces, such as Telnet

 

and the Web browser, cannot be captured, you can provide a greater

 

level of security by enabling MD5 authentication for the Web interface.

 

See MD5 authentication (Web interface) on this page.

MD5

The Web interface option for MD5 authentication enables a higher level

authentication

of access security than the basic HTTP authentication scheme. The

(Web interface)

MD5 scheme is similar to CHAP and PAP remote access protocols.

 

Enabling MD5 implements the following security features:

 

• The Web server requests a user name and a password phrase

 

(distinct from the password). The user name and password

 

phrase are not transmitted over the network, as they are in

 

basic authentication. Instead, a Java login applet combines the

 

user name, password phrase, and a unique session challenge

 

number to calculate an MD5 hash number. Only the hash

 

number is returned to the server to verify that the user has the

 

correct login information; MD5 authentication does not reveal

 

the login information.

 

• In addition to the login authentication, each form post for

 

configuration or control operations is authenticated with a

 

unique challenge and hash response.

 

• After the authentication login, subsequent page access is

 

restricted by IP addresses and a hidden session cookie. (You

 

must have cookies enabled in your browser.) Pages are

 

transmitted in their plain-text form, with no encryption.

 

If you use MD5 authentication, which is available only for the Web

 

interface, disable the less secure interfaces, including Telnet, FTP, and

 

SNMP. For SNMP, you can disable write-only access so that read

 

access and trap facilities are still available. For additional information on

 

MD5 authentication, see RFC document #1321 at the Web site of the

 

Internet Engineering Task Force. For CHAP, see RFC document #1994.

Firewalls

Although MD5 authentication provides a much higher level of security

 

than the plain-text access methods, complete protection from security

 

breaches is almost impossible to achieve. Well-configured firewalls are

 

an essential element in an overall security scheme.

 

Continued on next page

Environmental Monitoring Unit: User’s Guide

26

Page 30
Image 30
APC AP9312THi manual Security, Authentication