Ip security -53 – Western Telematic MPC-20VS16-3 User Manual

5-53

Basic Configuration

• HTTPS Port: Selects the TCP/IP port number that will be used for HTTPS

connections. (Default = 443.)

Notes:

• In the Text Interface, HTTP and HTTPS parameters reside in a separate

submenu. To enable and configure HTTP and HTTPS Access via the
Text Interface, access the Network Configuration Menu as described in
Section 5.9, then type

23, press [Enter] and use the resulting submenu

(Figure 14.1) to select parameters.

• When the Web Access parameter is accessed via the Text Interface, the

resulting submenu will also allow you to select SSL (encryption) parameters
as described in Section 14.

• SYSLOG Address: The IP Address or domain name (up to 64 characters) for the

Syslog Daemon that will receive log records generated by the MPC. For more
information, please refer to Section 11. (Default = undefined.)

• Ping Access: Enables/Disables response to the ping command. When Disabled,

the MPC will not respond to Ping commands. Note that disabling Ping Access at
the Network Port will not effect the operation of the Ping-No-Access Alarm.
(Default = On.)

5.9.3. IP Security
The IP Security feature allows the MPC to restrict unauthorized IP addresses from
establishing inbound connections to the unit via telnet or Web Browser. This allows
you to grant access to only a specific group of Telnet or Web IP addresses, or block
a particular IP address completely. In the default state, the MPC accepts incoming IP
connections from all hosts.

In the Text Interface, IP Security parameters are defined via item 5 in the Network
Configuration menu (Figure 5.17.) In the Web Browser Interface, these parameters are
found by placing the cursor over the "Network Configuration" link on the left hand side of
the screen, and then clicking on the "IP Security" link in the resulting fly-out menu. In the
default state, IP Security is disabled. The IP Security Function employs a TCP Wrapper
program which allows the use of standard, Linux operators, wild cards and net/mask
pairs to create a host based access control list.

The IP Security configuration menus include "hosts.allow" and "hosts.deny" client lists.
Basically, when setting up IP Security, you must enter IP addresses for hosts that you
wish to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny
list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can
indicate specific addresses, or a range of addresses to be allowed or denied. When the
IP Security feature is properly enabled, and a client attempts to connect, the MPC will
perform the following checks:

1. If the client’s IP address is found in the "hosts.allow" list, the client will be granted

immediate access. Once an IP address is found in the Allow list, the MPC will not
check the Deny list, and will assume you wish to allow that address to connect.

2. If the client’s IP address is not found in the Allow list, the MPC will then proceed to

check the Deny list.

3. If the client’s IP Address is found in the Deny list, the client will not be allowed to

connect.