User`s guide

ManualsBrandsAPC ManualsSwitchAP9225

–45–

Security and Help Features

Security Features

continued

Authentication

versus encryption

MasterSwitch

plus

does not currently use any type of encryption. All the

data and communication between MasterSwitch

plus

and the client

interfaces, such as Telnet and the Web server, are able to be captured.

For almost all applications, however, sensitive data is not being

transferred. MasterSwitch

plus

does control access by providing basic

authentication through user names, passwords and

addresses. While

these basic security features are sufficient for most environments,

MasterSwitch

plus

can also provide a greater level of security by

enabling

MD5

authentication for the Web interface.

MD5

authentication

The Web interface option for

MD5

authentication enables a higher level

of access security than that provided by the basic

HTTP

authentication

scheme. The

MD5

scheme is similar to

CHAP

and

PAP

remote access

protocols. When MD5 is enabled, the Web server requests a user name

and a password phrase (distinct from the password). The user name

and password phrase are not transmitted over the network, as in basic

authentication. A Java login applet combines the user name, password

phrase, and a session-unique challenge number to calculate an

MD5

hash number. The hash number is then returned to the server so that it

can verify that the user has the correct login information. By passing

back only the hash number, the login information is not revealed. In

addition to the login authentication, each form post for configuration or

control operations is also authenticated with a unique challenge and

hash response. This scheme does not involve any encryption, so pages

are transmitted in their plain-text form. After the authentication login,

subsequent page access is restricted by

addresses and a hidden

session cookie. In order for

MD5

authentication to function properly, you

must have cookies enabled in your browser.

Since the MD5 authentication scheme is available only for the Web

interface, you must disable the less secure interfaces, including Telnet,

FTP

, and

SNMP

.For

SNMP

, it is possible to disable write-only access so

that read and trap facilities are still available.

Continued on next page