Manuals / Lantronix / Lawn and Garden / Pole Saw

Lantronix 900-560 Secure Sockets Layer SSL, CipherSuites, Certificates, Key exchange, Encryption

Models: 900-560

1 152

Download 152 pages 54.85 Kb

Page 137

Secure Sockets Layer (SSL)

16 Security in Detail

Secure Sockets Layer (SSL)

SSL uses digital certificates for authentication and cryptography against eavesdropping and tampering. Sometimes only the server is authenticated, sometimes both server and client. The XPort Pro can be server and/or client, depending on the application. Public key encryption systems exchange information and keys and set up the encrypted tunnel.

Efficient symmetric encryption methods encrypt the data going through the tunnel after it is established. Hashing provides tamper detection.

Applications that can make use of SSL are Tunneling, Secure Web Server, and WLAN interface.

The XPort Pro supports SSlv3 and its successors, TLS1.0 and TLS1.1.

Note: An incoming SSlv2 connection attempt is answered with an SSlv3 response. If the initiator also supports SSLv3, SSLv3 handles the rest of the connection.

CipherSuites

The SSL standard defines only certain combinations of certificate type, key exchange method, symmetric encryption, and hash method. Such a combination is called a cipher suite.

XPort Pro currently supports the following list of cipher suites:

Certificate	Key exchange	Encryption	Hash
DSA	DHE	3DES	SHA1
RSA	RSA	128 bits AES	SHA1
RSA	RSA	Triple DES	SHA1
RSA	RSA	128 bits RC4	MD5
RSA	RSA	128 bits RC4	SHA1
RSA	1024 bits RSA	56 bits RC4	MD5
RSA	1024 bits RSA	56 bits RC4	SHA1
RSA	1024 bits RSA	40 bits RC4	MD5

Whichever side is acting as server decides which cipher suite to use for a connection. It is usually the strongest common denominator of the cipher suite lists supported by both sides.

Certificates

The goal of a certificate is to authenticate its sender. It is analogous to a paper document that contains personal identification information and is signed by an authority, for example a notary or government agency.

XPort Pro™ User Guide

137

Image 137

Lantronix 900-560 manual Secure Sockets Layer SSL, CipherSuites, Certificates, Key exchange, Encryption, Hash

Contents

Part Number Revision A September XPort Pro User GuideContacts Copyright & TrademarkDisclaimer & Revisions Revision HistoryIntroduction ContentsUsing This Guide 4. Configuration Using Web Manager Using DeviceInstallerNetwork Settings 6. Line, Tunnel, Terminal, and Host SettingsSecurity Settings Services Settings10. VIP Settings 11. Maintenance and Diagnostics Settings13. Point to Point Protocol PPP 12. Advanced Settings14. Tunneling 15. VIPFigures Figure 6-6a. Tunnel 1 Packing Mode Mode = Disable XML Import Configuration ContentsXML Import Configuration from External File XPort Pro User GuidePurpose and Audience 1. Using This GuideSummary of Chapters Chapter15 VIP ChapterDescription Description Additional DocumentationDocument Applications Key Features2. Introduction Evolution OS Protocol SupportWeb-Based Configuration and Troubleshooting Additional FeaturesCommand-Line Interface CLI VIP AccessTerminal Server/Device Management Troubleshooting CapabilitiesEnterprise-Grade Security Addresses and Port Numbers Configuration MethodsHardware Address IP AddressPort Numbers Product Information LabelAccessing XPort Pro using DeviceInstaller 3. Using DeviceInstallerDescription Device Details SummaryCurrent Settings Description Current SettingsAccessing Web Manager through a Web Browser 4. Configuration Using Web ManagerFigure 4-1. Web Manager Home Page 4 Configuration Using Web ManagerXPort Pro User Guide Configuration and/or Status Area Footer Information and Help Area Web Manager Page ComponentsHeader Items to configure Links to subpages Menu Bar Web Manager Page Navigating the Web ManagerDescription See PageSee Page Web Manager PageDescription Figure 4-3. Device Status Device Status PageNetwork 1 eth0 Interface Status 5. Network SettingsNetwork Settings Figure 5-2. Network 1 eth0 Interface Configuration Network 1 eth0 Interface ConfigurationTo view and configure network interface settings Page Settings ConfigurationNetwork DescriptionTo view and configure the Ethernet link Network 1 Ethernet LinkNetwork 1Description Interface Configuration Page Settings Select the Ethernet link speed. Default is Auto Link Page SettingsSelect the Ethernet link duplex mode. Default is Auto Network 1-EthernetLine 1 Statistics 6. Line, Tunnel, Terminal, and Host SettingsLine Settings Configuration Line 1 ConfigurationPage Settings LineConfiguration Line 1 Command ModePage Settings LinePage Settings Command ModeFigure 6-3. Line 1 Command Mode LineCommand Mode Tunnel SettingsPage Settings LineTo configure serial settings Serial SettingsTunnel 1 - Statistics Settings Settings PageLine Settings Figure 6-5. Tunnel 1 Serial SettingsTo configure the tunnel Packing Mode Packing ModeTunnel - Packing SettingsDescription Mode PagePage Settings Accept ModeTunnel DescriptionTunnel Page SettingsDescription Accept ModeFigure 6-10. Tunnel 1 Connect Mode Connect ModeTo configure Tunnel 1 Connect Mode Reconnect Timer Page SettingsTunnel DescriptionConfiguring Additional Hosts Connecting Multiple HostsPage Settings TunnelTo promote a specific Host Host IP PromotionTo configure the tunnel Disconnect Mode Disconnect ModeModem Emulation Mode Page SettingsTunnel - Disconnect DescriptionEcho Commands SettingsError Unknown CommandsLine Terminal Configuration Terminal SettingsConfiguration Page Network Terminal ConfigurationSettings Terminal on LineSettings Configuration PageFigure 6-16. Terminal on Network Configuration Terminal on LineSettings Host ConfigurationHost Page DescriptionCPM Configurable Pins 7. Configurable Pin ManagerConfiguration Current ConfigurationCPM - CPs DescriptionNote These changes to a CP are not saved in FLASH. Instead, these CP settings are used when the CP is added to a CP Group. When the CP Group is saved, its CP settings are saved with it. Thus, a particular CP may be defined as “Input” in one group but as “Output” in another. Only one group c ontaining any particular CP may be enabled at once To configure the XPort Pro CP groups CPM GroupsGroup Status Current ConfigurationConfiguration Indicates whether the group is enabled or disabledTo delete a CP group 2. Click Submit To enable or disable a CP group3. Click Submit To set a CP group’s value 3. Click Submit To add a CP to a CP groupPPP Configuration 8. Services SettingsDNS Configuration Settings PPP Configuration PageDescription Local IP AddressPPP Configuration Page SNMP ConfigurationSettings Authentication ModeSelect On to enable SNMP SNMP Page SettingsFigure 8-3. SNMP Configuration DescriptionFTP Page Settings FTP ConfigurationFigure 8-4. FTP Configuration DescriptionTFTP Page Settings TFTP ConfigurationNote TFTP has no way to authenticate the client so the device is open to malicious updateSettings Syslog ConfigurationSyslog Page DescriptionHTTP Statistics HTTP ConfigurationFigure 8-8. HTTP Configuration Change HTTP ConfigurationTo configure HTTP Page Settings ConfigurationHTTP DescriptionHTTP Configuration Page Settings HTTP AuthenticationFigure 8-9. HTTP Authentication DescriptionSettings HTTP AuthenticationPassword DescriptionSettings RSS SettingsRSS Page DescriptionLPD Statistics Page LPD SettingsConfiguration LPD Configuration PagePage Settings Select Enabled to print the banner even if the print job doesPage Settings ConfigurationDescription BinarySSH Server Host Keys 9. Security SettingsSSH Settings SSH Server Page SettingsDescription Host KeysSSH Server Authorized Users Page Settings SSH Client Known HostsSSH Server DescriptionPage Settings SSH Client User ConfigurationSSH Client DescriptionPassword SettingsCommand SSH ClientSettings SSL SettingsSSH Client DescriptionSSL Page SettingsDescription UploadSSL Page SettingsDescription Upload AuthoritySSL Page SettingsDescription OrganizationFigure 10-1. VIP Statistics Page 10. VIP SettingsVirtual IP VIP Statistics Line - Configuration Virtual IP VIP ConfigurationPage Settings DescriptionFigure 10-2. VIP Configuration Page 10 VIP Settings3. Click Submit XPort Pro User GuideFile System Statistics 11. Maintenance and Diagnostics SettingsFile System Configuration To browse the XPort Pro file system File System BrowserFigure 11-2. File system Browser File system Browser Page SettingsDescription CreateCAUTION Setting this flag may pose a security risk Protocol Stack ConfigurationTCP Settings Figure 11-4. IP Protocol Page IP SettingsNote Both the IP and MAC addresses are required for the ARP cache ICMP SettingsARP Settings IP Address Filter Page Settings IP Address FilterFigure 11-7. IP Address Filter Configuration DescriptionFigure 11-8. Query Port Configuration Query PortHardware DiagnosticsTo view XPort Pro MIB-II statistics MIB-II StatisticsFigure 11-11. IP Sockets IP SocketsTo display open network sockets on the XPort Pro Diagnostics Ping PingPage Settings Figure 11-12. Diagnostics PingDiagnostics TracerouteSettings Pro when issuing the traceroute commandNote A DNS server must be configured for DNS Lookup to work DNS LookupDiagnostics DNS Lookup Page SettingsTo display memory statistics for the XPort Pro MemoryFigure 11-15. Diagnostics Memory To display the XPort Pro buffer pools Buffer PoolsProcesses Note The Adobe SVG plug-in is required to view the CPU Load Graph Figure 11-17. Diagnostics ProcessesTo configure the XPort Pro system settings System ConfigurationSettings System Pagereboot SettingsSystem Page DescriptionEmail Statistics 12. Advanced SettingsEmail Configuration Figure 12-2. Email Configuration Email ConfigurationTo configure XPort Pro email settings Page Settings ConfigurationEmail DescriptionCommand Line Interface Statistics Command Line Interface SettingsCommand Line CLI ConfigurationConfiguration SettingsXML Export Configuration XML ConfigurationCommand Line ConfigurationFigure 12-5. XML Export Configuration To export a system configuration recordSettings Configuration PageXML Export DescriptionPage Settings XML Export StatusXML Status Record DescriptionPage Settings XML Import System Configuration PageXML Status Record DescriptionTo import a system configuration Import Configuration from External FileFigure 12-9. XML Import from Filesystem Import Configuration from the FilesystemSettings ConfigurationImport DescriptionImport Lines from Single Line Settings on the Filesystem Settings XML Import Lines from Single Line SettingsImport Lines Description13. Point to Point Protocol PPP pass packets through the XPort Pro, a static route must be configured on both the Connect Mode 14. TunnelingPage Disconnect Mode Accept ModeModem Emulation Command ModePacking Mode Description CommandStatistics Serial Line SettingsCommand Description15. VIP Tunneling with VIP AccessObtaining a bootstrap file Enabling VIP Importing the bootstrap fileConfiguring Tunnels to Use VIP Secure Shell SSH SSH Server Configuration16. Security in Detail To configure SSH client settings SSH Client ConfigurationCipherSuites Secure Sockets Layer SSLCertificates CertificateObtaining a Certificate and Private Key Security Certificate PrinciplesRSA or DSA Steel Belted Radius UtilitiesOpenSSL FreeRadius Web Manager Customization 17. Branding the XPort ProTo change the XPort Pro short and long names with the web manager Command ModeLoading New Firmware 18. Updating FirmwareObtaining Firmware Technical Support US A Technical SupportTechnical Support Europe, Middle East, Africa Email eutechsupp@lantronix.com or eusupport@lantronix.comConverting Binary to Hexadecimal B Binary to Hexadecimal ConversionsConversion Table DecimalScientific Calculator Manufacturer’s Name & Address C ComplianceManufacturer’s Contact XPort Pro User Guide D WarrantyIndex Page Index