Table of Contents
Advertisement
Access Controllers
2
4101-3 (ACC-Granta)
2.4.5 Network Security
The ACC-GRANTA uses Linux as an operating system, which provides both an
increased level of security and reliability, but also requires some extra care in
security.
Summary: disable both SSH and telnet for maximum security, and set a root
password.
SSH
A SSH server is by default running on the ACC-GRANTA. This allows for access to
the linux shell console for maintenance purposes and trouble shooting, but in
normal operation should be disabled so that it is not bound to the Ethernet
interface, but instead restricted to just the local USB Ethernet interface.
Disable external access to the SSH server with the console command:
set ssh usb
SSH access can be enabled with the console command:
set ssh all
The TCP port number that the SSH server listens on us 10022. This can be
changed with the console command:
set ssh port xyz
Where xyz is a valid and unique TCP port number.
The standard port number for SSH is port 22, but many network probing tools
attack port 22 by default.
Root Password
The username for gaining access to the linux shell is "root", the password is the
default root password "spirit".
The root password can be changed within the application via telnet, using the
command:
set rootpassword Large_String
where Large_String should be long phrase that meets the requirements for a
strong password. Use double quotes if the string contains spaces, but don't use
double quotes when entering the password via SSH login.
Telnet
The ACC-GRANTA still offers a simple telnet server for allowing user access to the
application. Telnet is not encrypted, so any password used to gain access to the
ACC-GRANTA can be "seen" on the network.
It is recommended that telnet should be disabled from SiPass after the initial setup
of the ACC-GRANTA.
A6V11164550
29 | 38
Advertisement
Table of Contents
