APC AP9312TH 用户手册
Environmental Monitoring Unit: User’s Guide
26
Security
Authentication
Authentication
versus encryption
versus encryption
The Environmental Monitoring Unit controls access by providing basic
authentication through user names, passwords, and
authentication through user names, passwords, and
IP
addresses, but
provides no type of encryption. These basic security features are
sufficient for most environments, in which sensitive data is not being
transferred. To ensure that data and communication between the
Environmental Monitoring Unit and the client interfaces, such as Telnet
and the Web browser, cannot be captured, you can provide a greater
level of security by enabling
sufficient for most environments, in which sensitive data is not being
transferred. To ensure that data and communication between the
Environmental Monitoring Unit and the client interfaces, such as Telnet
and the Web browser, cannot be captured, you can provide a greater
level of security by enabling
MD5
authentication for the Web interface.
See
.
MD5
authentication
(Web interface)
authentication
(Web interface)
The Web interface option for
MD5
authentication enables a higher level
of access security than the basic
HTTP
authentication scheme. The
MD5
scheme is similar to
CHAP
and
PAP
remote access protocols.
Enabling
MD5
implements the following security features:
•
The Web server requests a user name and a password phrase
(distinct from the password). The user name and password
phrase are not transmitted over the network, as they are in
basic authentication. Instead, a Java login applet combines the
user name, password phrase, and a unique session challenge
number to calculate an
(distinct from the password). The user name and password
phrase are not transmitted over the network, as they are in
basic authentication. Instead, a Java login applet combines the
user name, password phrase, and a unique session challenge
number to calculate an
MD5
hash number. Only the hash
number is returned to the server to verify that the user has the
correct login information;
correct login information;
MD5
authentication does not reveal
the login information.
•
In addition to the login authentication, each form post for
configuration or control operations is authenticated with a
unique challenge and hash response.
configuration or control operations is authenticated with a
unique challenge and hash response.
•
After the authentication login, subsequent page access is
restricted by
restricted by
IP
addresses and a hidden session cookie. (You
must have cookies enabled in your browser.) Pages are
transmitted in their plain-text form, with no encryption.
transmitted in their plain-text form, with no encryption.
If you use
MD5
authentication, which is available only for the Web
interface, disable the less secure interfaces, including Telnet,
FTP
, and
SNMP
. For
SNMP
, you can disable write-only access so that read
access and trap facilities are still available. For additional information on
MD5
authentication, see
RFC
document #
1321
at the Web site of the
Internet Engineering Task Force. For
CHAP
, see
RFC
document #
1994
.
Firewalls
Although
MD5
authentication provides a much higher level of security
than the plain-text access methods, complete protection from security
breaches is almost impossible to achieve. Well-configured firewalls are
an essential element in an overall security scheme.
breaches is almost impossible to achieve. Well-configured firewalls are
an essential element in an overall security scheme.
Continued on next page