Manualshelf

User's Manual

ManualsBrandsTrio Datacom ManualsElectronicsVHF remote data transceiver
41424344454647484950
42 Document Number: 0100SM1401 Issue: 12-16
Unsecured Network
SSH will help to prevent “man in the
middle” attacks over Insecure networks.
All traffic between the client and TUI is
encrypted.
Network Management PC
Running SSH client software (i.e. Putty) which
authenticates with the SSH server (i.e. remote
radio).
Authentication occurs by comparing device
fingerprint with fingerprint stored in client’s register.
Once the SSH server is authenticated, the SSH
client will establish an encrypted terminal session
with the TUI (Text User Interface) that allows for
configuration and diagnostics.
Remote Devices
Embedded Secure Shell (SSH) server provides
access to the text user interface.
Encryption will be used to communicate with an
SSH client during a configuration session.
Once an SSH client has established a session to
the SSH server, the client will not be granted access
to the configuration until the pre-configured user
name and password has been entered.
Secure Shell (SSH)
SSH provides a secure and authenticated method for remotely accessing the Q data radios text user interface (TUI) for
configuration and diagnostics.
To access Q data radios via SSH, the network management PC requires an SSH-capable program (i.e.: Putty).
All traffic over the SSH connection is encrypted.
During the first connection to the SSH terminal software, a “fingerprint” of the remote device is taken and stored on the
Network Management PC. This allows for authentication in the future.
The SSH session also requires the user to enter a user name and password for authorised access to the TUI.
SSH example:
Security
Password protection and User Administration
Multiple users can be created and managed with different configuration privilege levels.
The different privilege access levels include: Unrestricted, Read/Write/Security, Read/Write, Read Only.
For more detail refer to Part H ‘User Administration’.
Configuration information can be protected by a user-defined login name and password. When a password is set, the
programmer will request the password each time the radio is read. No configuration information can be displayed or changed
without the entry of the correct password.
AES encryption
The 256-bit AES encryption feature can provide an encrypted channel that helps to prevent eaves-dropping and snooping.
The effort for configuration is minimal as the radio automatically adjusts, to keep packet transport compatible (i.e.: MODBUS
messages are not broken up). Enabling encryption requires additional overhead depending on packet sizes being sent.
Part D – Feature Detail