Home » Lantronix Manuals » Electronics Accessories » Lantronix SLC 32 » Manual Viewer

Lantronix SLC 32 Lantronix SLC - User Guide - Page 265

Appendix B: Security Considerations, Security Practice, Factors Affecting Security

Add to My Manuals
Save this manual to your list of manuals

Page 265 highlights

Appendix B: Security Considerations The SLC console manager provides data path security by means of SSH or Web/SSL. Do not assume that you have complete security, however. Securing the data path is only one way to ensure security. This appendix briefly discusses some important security considerations. Security Practice Develop and document a Security Practice. For example, the Security Practice document should state the rules to maintaining security. For example, do not leave sessions open or advertise passwords because these actions could compromise SSH and SSL. Or, do not speculate about the facility and network infrastructure with reference to how vulnerable the CAT 5 wiring is to tapping. Factors Affecting Security External factors affect the security provided by the SLC device, for example:  Telnet sends the login exchange as clear text across Ethernet. A person snooping on a subnet may read your password.  A terminal to the SLC console manager may be secure, but the path from the SLC device to the end device may not be secure.  With the right tools, a person having physical access to open the SLC console manager may be able to read the encryption keys.  There is no true test for a denial-of-service attack; there is always a legitimate reason to request a storm. A denial-of-service filter locks out some high-performance automated/ scripted requests. The SLC device always attempts to service requests and does not filter out potential denial-of-service attacks. SLC™ Console Manager User Guide 265

Section	Page
SLC Console Manager User Guide	1
Copyright and Trademark	2
Warranty	2
Open Source Software	2
Contacts	2
Disclaimer and Revisions	2
Revision History	3
Table of Contents	4
List of Figures	11
List of Tables	14
1: About This Guide	15
Chapter Summaries	15
Conventions	17
Additional Documentation	17
2: Overview	18
SLC Models and Part Numbers	18
System Features	20
Protocols Supported	21
Access Control	21
Device Port Buffer	21
Configuration Options	21
Hardware Features	22
Serial Connections	22
Network Connections	23
PC Card Interface	23
USB Port	24
3: Installation	25
What’s in the Box	25
Product Information Label	26
Technical Specifications	26
Physical Installation	27
Connecting to Device Ports	27
Connecting to Network Ports	28
Connecting to Terminals	28
Power	28
AC Input	28
DC Input	29
4: Quick Setup	30
Recommendations	30
IP Address	30
Front Panel LCD Display and Pushbuttons	31
Navigating	32
Entering the Settings	32
Restoring Factory Defaults	34
Next Step	39
5: Web and Command Line Interfaces	40
Web Interface	40
Logging In	42
Logging Off	42
Web Page Help	42
Command Line Interface	42
Logging In	43
Logging Out	43
Command Syntax	43
Command Line Help	44
Tips	44
General CLI Commands	45
6: Basic Parameters	47
Requirements for IP Address Assignment	47
Network Settings	48
Ethernet Bonding	48
Ethernet Interfaces	50
Gateway	51
Hostname & Name Servers	52
Ethernet Counters	52
Network Commands	53
IP Filters	53
Enabling IP Filters	53
Configuring IP Filters Rulesets	54
Rule Parameters	55
Viewing IP Filter Rulesets and Mapping	57
IP Filter Commands	58
Routing	58
Routing Commands	60
7: Services	61
SSH/Telnet/Logging	61
System Logging	62
SSH	63
Telnet	63
Audit Log	64
Web SSH/Web Telnet	64
SMTP	64
Phone Home	64
SSH, Telnet, and Logging Commands	64
SNMP	65
Communities	66
Version 3	66
V3 Read-Only User	67
V3 Read-Write User	67
SNMP Commands	67
NFS and SMB/CIFS	67
NFS Mounts	68
SMB/CIFS Share	69
NFS and SMB/CIFS Commands	69
Secure Lantronix Network	69
Secure Lantronix Network Commands	72
Date and Time	72
Date and Time Commands	74
Web Server	74
Web Server Commands	77
Google Gadgets	77
8: Devices	79
Connection Methods	79
Permissions	80
Device Status	80
Device Ports	81
IP Settings	86
Data Settings	86
Hardware Signal Triggers	87
Modem Settings	88
Modem Settings: Text Mode	89
Modem Settings: PPP Mode	89
Port Status and Counters	91
Device Port – SLP Power Manager	92
SLP Status/Info	93
SLP Commands	94
Device Port – Sensorsoft Device	94
Device Port Commands	96
Device Ports – Logging	96
Local Logging	96
NFS File Logging	96
PC Card Logging	97
USB Port Logging	97
Email/SNMP Notification	97
Syslog Logging	97
Local Logging	98
Email Traps	99
Log Viewing Attributes	100
NFS File Logging	100
PC Card Logging	100
USB Logging	101
Syslog Logging	101
Logging Commands	101
Console Port	102
Console Port Commands	103
Host Lists	103
Host Parameters	104
Host List Commands	105
Scripts	105
Batch Script Syntax	108
Interface Script Syntax	108
Definitions	109
Primary Commands	109
Secondary Commands	111
Control Flow Commands	112
Sample Scripts	114
Interface Script—Monitor Port	114
Batch Script—SLC CLI	116
9: PC Cards	118
Set Up of PC Card Storage	118
Modem Settings	120
Data Settings	123
ISDN Settings	123
GSM/GPRS Settings	123
Text Mode	124
PPP Mode	124
IP Settings	125
PC Card Commands	126
10: USB Port	127
Set Up of USB Storage	127
Manage Firmware and Configuration Files	129
USB Commands	130
11: Connections	132
Types of Endpoints and Connections	132
Typical Configurations of SLC Connections	132
Terminal Server	132
Remote Access Server	133
Reverse Terminal Server	133
Multiport Device Server	134
Console Server	134
Connection Configuration	136
Connection Commands	138
12: User Authentication	139
Overview of Authentication	139
User Rights	140
Authentication Methods	141
Authentication Commands	143
Local and Remote Users	143
Local/Remote User Settings	145
Local/Remote Users Commands	148
NIS	149
NIS Commands	152
LDAP	152
Schema Permissions versus Default User Rights	153
User Attributes and Permissions from LDAP Schema	157
LDAP Commands	157
RADIUS	157
RADIUS Commands	161
Kerberos	161
Kerberos Commands	164
TACACS+	164
TACACS+ Commands	167
SSH Keys	168
Imported Keys	168
Exported Keys	168
Imported Keys (SSH In)	170
SSH Commands	173
Custom User Menus	173
Custom User Menus Commands	175
13: Maintenance	177
Firmware and Configurations	177
General	179
SLC Firmware	179
Load Firmware Via Options	179
Boot Banks	180
Configuration Management	180
Firmware and Configurations Commands	182
System Logs	183
System Logs Commands	185
Audit Log	185
Audit Log Commands	186
Email Log	186
Email Log Commands	186
Diagnostics	187
Diagnostics Commands	190
Status/Reports	190
View Report	191
Status/Reports Commands	193
Events	193
Events Commands	194
Banners	195
Banner Commands	196
LCD and Keypad	196
LCD/Keypad Commands	197
14: Application Examples	198
Telnet/SSH to a Remote Device	198
Dial-in (Text Mode) to a Remote Device	200
Local Serial Connection to Network Device via Telnet	201
15: Command Reference	203
Introduction to Commands	203
Command Syntax	203
Command Line Actions and Categories	204
Tips	204
Deprecated Commands	205
Administrative Commands	205
Audit Log Commands	213
Authentication Commands	213
CLI Commands	214
Connection Commands	216
Console Port Commands	219
Custom User Menu Commands	219
Date and Time Commands	221
Device Commands	222
Device Port Commands	223
Diagnostic Commands	227
Email Log Commands	229
Events Commands	229
Host List Commands	231
IP Filter Commands	232
Kerberos Commands	234
LDAP Commands	234
Local Users Commands	235
Log Commands	238
Network Commands	240
NFS and SMB/CIFS Commands	242
NIS Commands	244
PC Card Commands	245
RADIUS Commands	248
Remote Users Commands	249
Routing Commands	250
Script Commands	251
Services Commands	252
SLC Network Commands	254
SSH Key Commands	254
Status Commands	257
System Log Commands	257
TACACS+ Commands	258
Temperature Commands	258
USB Commands	259
User Permissions Commands	262
Appendix A: Bootloader	263
Accessing the Bootloader	263
Bootloader Commands	263
Administrator Commands	264
Appendix B: Security Considerations	265
Security Practice	265
Factors Affecting Security	265
Appendix C: Safety Information	266
Cover	266
Power Plug	266
Input Supply	266
Grounding	267
Fuses	267
Rack	267
Port Connections	268
Appendix D: Sicherheitshinweise	269
Geräteabdeckung	269
Netzstecker	269
Stromversorgung	270
Anschluß an die Schutzerde	270
Gerätesicherung	270
Rack / Einbauschrank	270
Signalverbindungen	271
Appendix E: Adapters and Pinouts	272
Appendix F: Protocol Glossary	277
Appendix G: Compliance Information	282
Appendix H: DC Connector Instructions	285
Appendix I: LDAP Schemas	288
Installing Schema Support in Window AD Server	288
Creating the SLC Schema Attribute	292
Adding the Attribute to the Users Group in Windows	293
Adding the Permissions to the Individual User	296
Values to Use	298

Match case Limit results 1 per page

SLC™ Console Manager User Guide

265

Appendix B:

Security Considerations

The SLC console manager provides data path security by means of SSH or Web/SSL. Do not

assume that you have complete security, however. Securing the data path is only one way to

ensure security. This appendix briefly discusses some important security considerations.

Security Practice

Develop and document a Security Practice. For example, the Security Practice document should

state the rules to maintaining security. For example, do not leave sessions open or advertise

passwords because these actions could compromise SSH and SSL. Or, do not speculate about

the facility and network infrastructure with reference to how vulnerable the CAT 5 wiring is to

tapping.

Factors Affecting Security

External factors affect the security provided by the SLC device, for example:



Telnet sends the login exchange as clear text across Ethernet. A person snooping on a subnet

may read your password.



A terminal to the SLC console manager may be secure, but the path from the SLC device to

the end device may not be secure.



With the right tools, a person having physical access to open the SLC console manager may

be able to read the encryption keys.



There is no true test for a denial-of-service attack; there is always a legitimate reason to

request a storm. A denial-of-service filter locks out some high-performance automated/

scripted requests. The SLC device always attempts to service requests and does not filter out

potential denial–of-service attacks.