JANOS Help System: [Commands] [Topics] [Tech Support] [Printable Manual] [Search]
Encryption Security SECURE COMMUNICATIONS Access to the JNIOR is controlled by login credentials involving a username and secret password. This assumes that you have not disabled login for any of the services and do not use those protocols that do not support login. It is not likely that you would allow someone to watch over your shoulder as you enter these credentials and log into your JNIOR even if they were trusted. But without some care others may be able to easily and remotely observe your login compromising the security of the product. Your username and password may be communicated from you to the JNIOR in a plain text form. Even if no one can monitor network traffic on your closed network the JNIOR itself performs network capturing. The NETSTAT command can be used to generate a network capture file that can be downloaded and analyzed offline. Your plain text user credentials may be evident in this capture file. You can eliminate the risk by insuring that all communications are secure and encrypted using SSL/TLS. Use Secure Access ----------------- By default the JNIOR has SSL enabled. You do need to elect to use the encrypted protocols. That means accessing the JNIOR Webui using the HTTPS:// URL as opposed to the previously more typical HTTP:// protocol. In using the secure protocol you eliminate the ability for a remote observer to not only see your login credentials but to know anything about what you are doing. Browsers can utilize the AUTH DIGEST procedure for transferring login credentials even over the plain text HTTP protocol. This does encrypt your login credentials specifically and provides some peace of mind. This can still be thwarted by a particularly malicious actor and it is not a sound alternative to the more secure HTTPS connection. FTP Beyond the browser interface other protocols are routinely used in managing the JNIOR. One would be the File Transfer Protocol (FTP) use to transfer files on to and off of the JNIOR. The WebUI provides you with the ability to move files to and from the JNIOR under the Folders tab. This securely uses the JANOS Management Protocol (JMP) and not FTP. If you generally would rely on the WebUI for file management it is recommended that you disable FTP with the following command. reg FTP/Server = disabled The FTP server can also be disabled under the Configuration tab on the FTP page by unchecking Server Enabled . In either case you must then reboot the unit to change the server status. Note that you can use the NETSTAT command to see what services are running. After disabling FTP you can confirm that it is no longer listening. NOTE The Support Tool currently relies on FTP for file transfer. If you rely on the Support Tool you should not disable the FTP Server. The FTP Server does have a secure mode using the STARTTLS command. The remote FTP client must be configured to use STARTLS for transfers. In this case once an FTP connection is made the STARTTLS FTP command is issued to convert the connection to an encrypted channel before the credentials and anything else is transferred. This is a configuration setting for whatever FTP client or clients that you plan use. TELNET The Telnet protocol is used for making Command Line Interface (CLI) connections. Unfortunately Telnet clients (terminal programs) do not support SSL/TLS encryption. This protocol was developed in a time where SSH security was in use. The JNIOR does not currently support SSH. The JNIOR does support a STARTLS capability similar to that used by FTP. To utilize this feature you will need to obtain the client terminal program from INTEG. You can disable Telnet just as you can FTP using the WebUI or by setting the appropriate Registry key. Again the Support Tool does currently rely on Telnet and the command connection for many of its procedures. JMP PROTOCOL The WebUI uses the JMP protocol through the Websockets through the same ports used by HTTP or HTTPS. If you have achieved a secure connection in accessing the WebUI the background JMP connection will also be secure. The JMP protocol also supports login. It has been integrated with the WebUI sharing the single entry of credentials. The JMP Protocol is also available on Port 9220. It also supports the STARTLS capability and clients programs designed to communicate the JMP protocol can take advantage of an encrypted connection. It is possible that you can safely disable the JMP Protocol under the Configuration tab and Protocol page in the WebUI. JNIOR PROTOCOL The JNIOR Protocol is a legacy protocol still in use today. It has limited capability and can also be elevated to an encrypted connection. It is available on Port 9200. This can be disabled as well if it is not required in your application. SEE ALSO HELP Topics: NETSTAT [/flash/manpages/manpages.hlp:1152]