System security access options – AMX NI-2100/3100/4100 User Manual
Page 38
WebConsole - Security Options
30
NI Series WebConsole & Programming Guide
System Security Access Options
System Security Access Options
Option
Description
Enabled:
This option enables the Access options this page.
If the Master Security checkbox is not enabled, all subordinate options are
greyed-out and not selectable, meaning that the Master is completely unsecured
and can be altered by any user (regardless of their rights).
Terminal (RS232) Access: If selected, a valid username and password is required for Terminal communica-
tion via the Master’s RS232 Program port.
HTTP Access:
If selected, a valid username and password is required for communication over
HTTP or HTTPS Ports, including accessing the WebConsole.
Telnet Access:
If selected, a valid username and password is required for Telnet Access. Telnet
access allows communication over either the Telnet and/or SSH Ports.
Note: SSH version 2 (only) is supported.
To establish a secure Telnet connection, an administrator can decide to disable
the Telnet Port and then enable the SSH Port. Refer to the Port Settings section
on page 51 for details.
Configuration:
If selected, a valid username and password is required before allowing a group/
user to alter the current Master’s security and communication settings via
NetLinx Studio.
This includes such things as: IP configuration/Reset, URL list settings, Master
communication settings, and security parameters.
ICSP Connectivity:
If selected, a valid username and password is required to communicate with the
NetLinx Master via an ICSP connection (TCP/IP, UDP/IP, and RS-232).
• This feature allows communication amongst various AMX hardware and
software components. This feature works in tandem with the Require
Encryption option (see below) to require that any application or hardware
communicating with the Master must provide a valid username and password.
• In a Master-to-Master system, the Master which accepts the IP connection
initiates the authentication process. This configuration provides compatibility
with existing implementations and provides more flexibility for the
implementation of other devices.
Note: The ICSP Connectivity option is required to allow authenticated and/or
secure communication between the Master and other AMX hardware/software.
To establish an authenticated ICSP connection (where the external AMX hard-
ware/software has to provide a valid username and password), this option must
be enabled.
Encrypt ICSP Connection: If selected, this option requires that any data being transmitted or received via an
ICSP connection (among the various AMX products) be encrypted, and that any
application or hardware communicating with the Master over ICSP must provide
a valid username and password.
Note: When enabled, this option requires more processor cycles to maintain.
ICSP uses a proprietary encryption based on RC4 and also requires CHAP-type
authentication including username and password.
CHAP (Challenge Handshake Authentication Protocol) authentication is an
access control protocol for dialing into a network that provides a moderate
degree of security.
• When the client logs onto the network, the network access server (NAS) sends
the client a random value (the challenge).
• The client encrypts the random value with its password, which acts as an
encryption key. It then sends the encrypted value to the NAS, which forwards it
along with the challenge and username to the authentication server.
• The CHAP server encrypts the challenge with the password stored in its
database for the user and matches its results with the response from the client.
If they match, it indicates the client has the correct password, but the password
itself never left the client's machine.