Overview Security
OVERVIEW
The JNIOR can be used with confidence on the open Internet provided that
certain security precautions are taken and consistently observed. The
product configuration as shipped is not appropriate for use in the
uncontrolled environment. There are default accounts with default login
credentials which would set you up for disaster. There are protocols, for
example MODBUS, that do not support login (without customization) and
therefore cannot be used freely. With care however, the product can exist
securely in a chaotic world like the Internet.
Even in a controlled environment such as an air gapped or sandboxed network
you would still want to control access to the JNIOR. Another trusted person
with access to the network might in a moment of curiosity accidentally
activate the JNIOR or alter configuration. Depending on what might be wired
to the product, randomly closing a relay could damage the connected equipment
or at a minimum disrupt the normal operation of things. A small accidental
configuration change might later be difficult to detect and remedy. Both
cases would be things to avoid. Proper security would limit that risk.
DEFAULT ACCOUNTS
The JNIOR ships with four (4) default user accounts two of which have full
Administrator permissions. Leaving just one of these active in an uncontrolled
situation would create a security risk.
Eliminate Unneeded User Accounts
--------------------------------
A previously used JNIOR might have several user accounts. A new JNIOR has
just 4. Those being:
1. jnior Administrator
2. admin Administrator
3. user Control
4. guest View Only
The users are configurable by administers through the Command Line Interface (CLI)
or Console. The
USERS command will display the available accounts. Typically
in a single user situation the 'jnior' account would be the primary. Log
into the 'jnior' account and then disable the other accounts with using
the following
USERMOD commands:
usermod +d admin
usermod +d user
usermod +d guest
Similarly you may disable any other accounts that may also exist on the unit
from any prior use. These commands add the Disabled flag to the accounts but
do not remove the users. This would allow you to later restore the users if
necessary.
You may also remove unnecessary user accounts using the
USERDEL command.
This command allows you to remove more than one user. It does not confirm
removal so do use this cautiously. You cannot remove the currently active
user (see
WHOAMI). Only an Administrator can make these user changes. So
you can never remove all of the administrator accounts. There is always
going to be one. The following command removes the extra accounts:
userdel admin user guest
Note that
SAFEMODE temporarily reinstates the 'jnior' account with the
default password. This is important should usernames and/or passwords be
lost and forgotten.
Change Default Passwords
------------------------
The default user accounts each have a default password consisting of the
username itself. It is highly recommended that you alter these default
passwords before putting the JNIOR into service. For each of the remaining
user accounts you would use the
PASSWD command to change the password. This
command can be used by an Administrator to both change the password for the
current user and that for any of the other accounts.
To alter the current account simply enter the command:
passwd
You will be prompted for the current password which you must properly
provide. You will then be asked for a new password and then to reenter the
password. Both must match for the command to succeed.
To change the password for any of the other accounts you must supply the
username as follows:
passwd admin
In this case you will not need to enter the current password. You will be
asked for a new password and then to reenter it. Both must match for the
command to be successful.
Passwords on the JNIOR can be as few as 4 characters and as many as 19.
These may contain any of the printable characters. Account passwords are
never displayed by the JNIOR. These are stored in secure internal memory
area.
NOTES
The command HELP U* will display the syntax for each in the collection of
user commands.
SEE ALSO
HELP Topics:
HELP,
USERS,
USERMOD,
USERDEL,
USERADD,
WHOAMI,
SAFEMODE,
PASSWD
FACTORY_RESET
[/flash/manpages/manpages.hlp:1093]