Digital Alert Systems DASDEC-II MANUAL User Manual

Digital Alert Systems: DASDEC User Manual

29

Setup > Network > Server Network Configuration (bottom section of web page)

4.2.2 Security: Server Network Security Configuration

This page provides controls for managing network security. Two features are configurable for network security.
You can switch web access between secure mode (https) and regular mode (http). You can also use this page to
manage Secure Shell (SSH) keys across multiple platforms.

Web Interface Access Security
Use the Web Interface Access Security checkbox to force http SSL based communication to the Web Server.
The box is labeled Check To Only Allow https Secured Web Access to this server. If the box is checked,
browser access is forced to be via http. The change is immediate. All communications to the server will be
encrypted. Digital Alert Systems strongly recommends using this setting if the DASDEC II will be on a public
network

SSH Key Management Interface

WARNING: DO NOT MODIFY any SSH Keys without consulting with the factory!

Secure Shell is used for EAS NET network communication/control between a DASDEC II and other EAS NET
compatible platforms (including other DASDEC II's). SSH is a secure communications method that relies on
public/private key encryption. For a DASDEC II to communicate with another platform via SSH, the public key
from the DASDEC II's public/private key pair must be "authorized" on the remote platform.

Authorization usually is achieved by copying the public key into a file on the remote host. The DASDEC II uses
the open source package OpenSSH for SSH features. This package has a file called "authorized_keys2" under
/root/.ssh/ to hold the authorized public keys from remote platforms. Authorization allows secure access only
from the holder of the public key's corresponding private key. Even though this method of encryption and secure
access is very safe, it is still as a good idea to update the public/private keys from time to time. This can be
tedious to do manually between a set of servers that already intercommunicate. The DASDEC II SSH Key
Management interface greatly simplifies this process. It allows a group of remote hosts offering SSH connections
to have all of the encryption keys updated from the current DASDEC II location. This updates and maintains
secure SSH based network interoperability for EAS NET across each platform with a single operation.