Network Management Card Security Implementation



Similar documents
Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Chapter 7 Transport-Level Security

For the protocol access paths listed in the following table, the Sentry firmware actively listens on server ports to provide security for the CDU.

USER S GUIDE. network management card. Contents. Introduction--1. Control Console--13

2 Advanced Session... Properties 3 Session profile... wizard. 5 Application... preferences. 3 ASCII / Binary... Transfer

CTS2134 Introduction to Networking. Module Network Security

Network Management Card Wizard--1. Introduction... 1 Using the Network Management Card Wizard... 5

Network Security Essentials Chapter 5

Using sftp in Informatica PowerCenter

SSL SSL VPN

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

PowerChute TM Network Shutdown Security Features & Deployment

How To Understand And Understand The Security Of A Key Infrastructure

How to Log On Main Screen Control Console Menus How to Log On Summary Page Navigation Menu... 29

Release Notes Metered, Switched, Metered-by-Outlet, and Metered-by-Outlet with Switching Rack PDUs

Lab Configure Basic AP Security through IOS CLI

SonicWALL PCI 1.1 Implementation Guide

Administrator's Guide

Alarm Messages Clearing the Hardware Alarms How to Log On Summary Page Navigation Menu... 24

Computer Networks. Secure Systems

Management, Logging and Troubleshooting

Clearswift Information Governance

SSL VPN Technical Primer

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

DRAFT Standard Statement Encryption

USER S GUIDE Switched Rack PDU

RemotelyAnywhere. Security Considerations

Tandem Systems, Ltd. WinAgents HyperConf. User s Guide

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Scenario: IPsec Remote-Access VPN Configuration

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

Linux VPS with cpanel. Getting Started Guide

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

EXPLORER. TFT Filter CONFIGURATION

OpenVPN over SSH tunneling

Secure Shell (SSH) Protocol

SyncThru TM Web Admin Service Administrator Manual

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

USER S GUIDE. Contents. NetBotz Rack Monitor 200. Introduction--1. Control Console--8

Secure Shell. The Protocol

Network Management Card. User Manual

DRAC 5 Dell Remote Access Card 5 Security

Campus VPN. Version 1.0 September 22, 2008

File Transfer Examples. Running commands on other computers and transferring files between computers

Shipping Services Files (SSF) Secure File Transmission Account Setup

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Topics in Network Security

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

Configuring and Monitoring Bluecoat AntiVirus

After you have created your text file, see Adding a Log Source.

Network FAX Driver. Operation Guide

User s Guide. Network Management Card AP9631-IBM

Install and configure SSH server

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

McAfee Firewall Enterprise 8.2.1

Configuring Secure Socket Layer (SSL)

Title Page Web/SNMP Management SmartSlot Card

FIPS SECURITY POLICY FOR

Overview 9 Network interface watchdog mechanism 9 Resetting the network timer 9

User's Guide. Product Version: Publication Date: 7/25/2011

Exam Questions SY0-401

Using SonicWALL NetExtender to Access FTP Servers

Security Configuration Guide P/N Rev A05

NEFSIS DEDICATED SERVER

Proof of Concept Guide

APC by Schneider Electric Release Notes AP9537 Network Management Card. APC part number: Released: 26 October 2012

NeoMail Guide. Neotel (Pty) Ltd

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Securely manage data center and network equipment from anywhere in the world.

HP A-IMC Firewall Manager

Stealth OpenVPN and SSH Tunneling Over HTTPS

PrintFleet Enterprise Security Overview

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

How To Industrial Networking

LifeSize Control Installation Guide

Fundamental Principles of Network Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Environmental Management System

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

7750 SR OS System Management Guide

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Cisco ASA. Administrators

Security IIS Service Lesson 6

MFP Security Overview

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Deployment Guide Microsoft IIS 7.0

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Network Security Fundamentals

Avaya TM G700 Media Gateway Security. White Paper

Acano solution. Security Considerations. August E

Configuring SSH and Telnet

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Transcription:

[ APPLICATION NOTE #67 ] OFFER AT A GLANCE Offers Involved Network Management Card, APC Security Wizard Applications Configuration and monitoring of network managed devices Broad Customer Problem Secure access to Network managed devices from Abstract This document highlights the industry-standard security implementation on the Network Management Card from. The document should be used as a high-level overview of the Network Management Card functionality. More details on specific functionality can be referenced in the associated device s User Guide. The described features apply to Network Management Cards, embedded in a network managed device or inserted into its SmartSlot, and running AOS version 2.x and above 1. CUSTOMER BENEFITS Compliance with Industry standard security level Secure access across multiple interfaces SECURITY CERTIFICATION Certified TITANIUM level security 2012 by Tracesecurity TM Assessment of Application with about 160 hours of testing 1 For how to identify the AOS version - Refer to Appendix A. Make the most of your energy SM

Security Implementation Overview The Network Management Card-based devices have four interfaces for remote configuration and control. Each of these interfaces has different methods of user authentication and data encryption. The interfaces are: Web (HTTP, HTTPS) interface Telnet, Secure SHell (SSH) interface File Transfer Protocol (FTP), Secure CoPy (SCP) interface Simple Network Management Protocol (SNMP) interface All devices produced by that contain the Network Management platform have user authentication capabilities in the form of username and password. The user access can also be determined through the use of RADIUS. Additionally, the SNMP service fully supports SNMPv1 and SNMPv3. In addition to these features, the user has the ability to disable any or all interfaces, and can also change the standard access port on the Telnet/SSH, Web, FTP, Syslog interfaces. To ensure that communication between the device and the client interfaces cannot be interpreted in-stream, a greater level of security can be established by using one or more of the listed encryption algorithms. On the Network Management platform running AOS versions 2.x through 3.x, the user can select from a list of available encryption methods, with lower encryption complexity translating to faster information processing times. On the Network Management platform running AOS 5.x and above, all encryption is done through hardware and has no adverse affect on processing times. Web Interface SSL provides a secure mechanism to access a Web interface. The Network Management Card supports SSL version 3.0 and TLS version 1.0. Most Web browsers allow you select the version of SSL to enable. When SSL is enabled, your browser displays the lock icon, usually at the bottom of the screen. Encryption methodologies supported by Schneider Electric devices are listed in table 1 below. Table 1 SSL Security Options Encryption Algorithms 56-bit DES 168-bit 3DES 128-bit RC4 AOS v2.x through AOS v3.x 768- or 1024-bit RSA 1 Public Key Algorithm AOS v5.x and above 1024- or 2048-bit RSA 2 Message Authentication HMAC MD5 HMAC SHA HMAC MD5 or HMAC SHA 1 768-bit if generated by the Network Management Card; 1024-bit if generated by the APC Security Wizard 2 2048-bit if generated by the Network Management Card; 1024-bit or 2048-bit if generated by the APC Security Wizard

SSL Certificates for Server Authentication There are many different methods of implementing specific security standards. provides three different ways to manage certificates for SSL so that our products integrate with many different user environments. The Network Management Card devices allow you to: Use the Network Management Card auto-generated, unique default certificate Use the APC Security Wizard to create a Certificate Authority (CA) and server certificate Use the APC Security Wizard to create a certificate-signing request to be signed by the root certificate of an external Certificate Authority and to create a server certificate Telnet Interface SSH provides a secure mechanism for Telnet access. Various SSH clients that have been evaluated in conjunction with released products from are listed in table 2 below. The corresponding SSH security parameters are listed in table 3 below. FTP Interface Secure CoPy (SCP) is a secure file transfer application that you can use instead of FTP. SCP uses the SSH protocol as the underlying transport protocol for encryption of user names, passwords and files. SCP is automatically enabled when SSH is enabled, but FTP is not disabled automatically and should be disabled for secure applications. List of evaluated SCP functionality with SSH clients are in table 4. Table 2 SSH Client Support Matrix SSH Security Parameters Client Version 1 Version 2 OpenSSH PuTTY F-Secure SSH Client SSH Secure Shell SecureCRT x x TTSSH x x Key: = supported x = not supported Table 3 SSH Security Parameters Encryption Algorithms 56-bit DES 128-bit Blowfish 168-bit 3DES 128-bit AES 256-bit AES AOS v2.x through AOS v3.x 768- or 1024-bit RSA 1 Public Key Algorithm AOS v5.x and above 1024- or 2048-bit RSA 2 Message Authentication HMAC MD5 or HMAC SHA 1 768-bit if generated by the Network Management Card; 1024-bit if generated by the APC Security Wizard 2 2048-bit if generated by the Network Management Card; 1024-bit or 2048-bit if generated by the APC Security Wizard

Table 4 SCP Client Support Matrix Client Version 1 OpenSSH PuTTY F-Secure SSH Client SSH Secure Shell SecureCRT TTSSH x x Key: = supported x = not supported SNMP Interface SNMPv1, SNMPv2 and SNMPv3 are supported on all Network Management platform devices. SNMPv1 does not support encryption, but supports loose authentication in the form of community names and network management system (NMS) IP filtering. supported on platform running AOS v3.x and above. SMTP Interface In network management cards running AOS 6.0.6 or above, SMTP supports SSL/TLS encryption, for secure email. SNMPv2 introduces new message formats incompatible with SNMPv1. New party based security system in SNMPv2 is not widely accepted and is not supported by Network Management platform devices. Of the options provided, SNMPv3 configuration is to be enabled in order to use SNMPv2. SNMPv3 is more secure. It allows for authentication of traffic, prevents packet replay by utilizing engine time and system boot counts, and encrypts the payload of the packets (if desired). SNMPv3 is fully Conclusion The landscape of network security continues to grow and change in the fast paced IT industry. User requirements for security solutions are becoming a requirement for system delivery. The interfaces are implemented to allow user as much flexibility as possible. Industry standard security implementation coupled with flexibility of the Network Management Card enables products to exist in different user environments.

Appendix A How to identify the AOS version of the Network Management Card firmware? The Network Management Card is browser and command line interface accessible. The 2 distinct browser interfaces that the user would experience based on the AOS version of the Network Management Card firmware are as below, User Interface 1 In case of User Interface 1, please follow the below steps to identify the AOS version of the Network Management Card firmware, Navigate to the Network Management Card IP using a browser supporting HTTP protocol Login using the default user name & password (in case its not changed, else use the modified user name & password) Navigate to Administration -> General -> About AOS version is listed in the APC OS (AOS) section.

User Interface 2 In case of User Interface 2, please follow the below steps to identify the AOS version of the Network Management Card firmware, Navigate to the Network Management Card IP using a browser supporting HTTP protocol Login using the default user name & password (in case its not changed, else use the modified user name & password) Navigate to About -> Network AOS version is listed in the APC OS (AOS) section.

Command Line Interface In case of Command line interface, please follow the below steps to identify the AOS version of the Network Management Card firmware, Login using the default user name (with either administrator or device level access) & password (in case its not changed, else use the modified user name & password) Execute about command at the prompt AOS version is listed in the APC OS (AOS) section.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information