Access to the JNIOR is controlled by login credentials involving a username
and secret password. This assumes that you have not disabled login for any
of the services and do not use those protocols that do not support login.
It is not likely that you would allow someone to watch over your shoulder as
you enter these credentials and log into your JNIOR even if they were
trusted. But without some care others may be able to easily and remotely
observe your login compromising the security of the product. Your username
and password may be communicated from you to the JNIOR in a plain text form.
Even if no one can monitor network traffic on your closed network the JNIOR
itself performs network capturing. The NETSTAT
command can be used to
generate a network capture file that can be downloaded and analyzed offline.
Your plain text user credentials may be evident in this capture file. You can
eliminate the risk by insuring that all communications are secure and
encrypted using SSL/TLS.
Use Secure Access
By default the JNIOR has SSL enabled. You do need to elect to use the
encrypted protocols. That means accessing the JNIOR Webui using the HTTPS://
URL as opposed to the previously more typical HTTP:// protocol. In using
the secure protocol you eliminate the ability for a remote observer to not
only see your login credentials but to know anything about what you are
Browsers can utilize the AUTH DIGEST procedure for transferring login
credentials even over the plain text HTTP protocol. This does encrypt your
login credentials specifically and provides some peace of mind. This can
still be thwarted by a particularly malicious actor and it is not a sound
alternative to the more secure HTTPS connection.
Beyond the browser interface other protocols are routinely used in managing
the JNIOR. One would be the File Transfer Protocol (FTP) use to transfer
files on to and off of the JNIOR. The WebUI provides you with the ability
to move files to and from the JNIOR under the Folders tab. This securely
uses the JANOS Management Protocol (JMP) and not FTP. If you generally
would rely on the WebUI for file management it is recommended that you disable
FTP with the following command.
reg FTP/Server = disabled
The FTP server can also be disabled under the Configuration tab on the FTP
page by unchecking Server Enabled . In either case you must then reboot
the unit to change the server status. Note that you can use the NETSTAT
command to see what services are running. After disabling FTP you can confirm
that it is no longer listening.
The Support Tool currently relies on FTP for file transfer.
If you rely on the Support Tool you should not disable the
The FTP Server does have a secure mode using the STARTTLS command. The remote
FTP client must be configured to use STARTLS for transfers. In this case
once an FTP connection is made the STARTTLS FTP command is issued to convert
the connection to an encrypted channel before the credentials and anything
else is transferred. This is a configuration setting for whatever FTP client
or clients that you plan use.
The Telnet protocol is used for making Command Line Interface (CLI)
connections. Unfortunately Telnet clients (terminal programs) do not
support SSL/TLS encryption. This protocol was developed in a time where
SSH security was in use. The JNIOR does not currently support SSH.
The JNIOR does support a STARTLS capability similar to that used by FTP. To
utilize this feature you will need to obtain the client terminal program
You can disable Telnet just as you can FTP using the WebUI or by setting
the appropriate Registry key. Again the Support Tool does currently rely on
Telnet and the command connection for many of its procedures.
The WebUI uses the JMP protocol through the Websockets through the same ports
used by HTTP or HTTPS. If you have achieved a secure connection in accessing
the WebUI the background JMP connection will also be secure. The JMP protocol
also supports login. It has been integrated with the WebUI sharing the single
entry of credentials.
The JMP Protocol is also available on Port 9220. It also supports the STARTLS
capability and clients programs designed to communicate the JMP protocol
can take advantage of an encrypted connection. It is possible that you can
safely disable the JMP Protocol under the Configuration tab and Protocol page
in the WebUI.
The JNIOR Protocol is a legacy protocol still in use today. It has limited
capability and can also be elevated to an encrypted connection. It is
available on Port 9200. This can be disabled as well if it is not required in
HELP Topics: NETSTAT