JANOS Help System: [Commands] [Topics] [Tech Support] [Printable Manual] [Search]

Encryption Security SECURE COMMUNICATIONS Access to the JNIOR is controlled by login credentials involving a username and secret password. This assumes that you have not disabled login for any of the services and do not use those protocols that do not support login. It is not likely that you would allow someone to watch over your shoulder as you enter these credentials and log into your JNIOR even if they were trusted. But without some care others may be able to easily and remotely observe your login compromising the security of the product. Your username and password may be communicated from you to the JNIOR in a plain text form. Even if no one can monitor network traffic on your closed network the JNIOR itself performs network capturing. The NETSTAT command can be used to generate a network capture file that can be downloaded and analyzed offline. Your plain text user credentials may be evident in this capture file. You can eliminate the risk by insuring that all communications are secure and encrypted using both SSL/TLS and Secure Shell (SSH). Use Secure Access ----------------- By default the JNIOR has SSL enabled. You do need to elect to use the encrypted protocols. That means accessing the JNIOR WebUI using the HTTPS:// URL as opposed to the previously common HTTP:// protocol. In using the secure protocol you eliminate the ability for a remote observer to see your login credentials and to know anything about what you are doing. Browsers can utilize the AUTH DIGEST procedure for transferring login credentials even over the plain text HTTP protocol. This does encrypt your login credentials specifically and provides some peace of mind. This can still be thwarted by a particularly malicious actor and it is not a sound alternative to the more secure HTTPS connection. FTP Beyond the browser interface other protocols are routinely used in managing the JNIOR. One would be the File Transfer Protocol (FTP) used to transfer files onto and off of the JNIOR. The WebUI provides you with the ability to move files to and from the JNIOR under the Folders tab. This securely uses the JANOS Management Protocol (JMP) and not FTP. If you generally would rely on the WebUI for file management it is recommended that you disable FTP with the following command. reg FTP/Server = disabled The FTP server can also be disabled under the Configuration tab on the FTP page by unchecking Server Enabled . In either case you must then reboot the unit to change the server status. Note that you can use the NETSTAT command to see what services are running. After disabling FTP you can confirm that it is no longer listening. NOTE The Support Tool currently relies on FTP for file transfer. If you rely on the Support Tool you should not disable the FTP Server. The FTP Server does have a secure mode using the STARTTLS command. The remote FTP client must be configured to use STARTLS for transfers. In this case once an FTP connection is made the STARTTLS FTP command is issued to convert the connection to an encrypted channel before the credentials and anything else is transferred. This is a configuration setting for whatever FTP client you plan use. TELNET The Telnet protocol is used for making Command Line Interface (CLI) connections. Unfortunately Telnet clients (terminal programs) typically do not support SSL/TLS encryption. Users prefer to utilize Secure Shell (SSH) when a secure connection is needed. The JNIOR does support a STARTLS capability similar to that used by FTP. To utilize this feature you would need to obtain the client terminal program from INTEG as the feature is not generally supported. You can disable Telnet just as you can FTP using the WebUI or by setting the appropriate Registry key. Again the Support Tool does currently rely on Telnet and the command connection for many of its procedures. Secure Shell (SSH) Starting with JANOS v2.5 the JNIOR supports the Secure Shell (SSH) protocol. SSH uses cyrptography to authenticate and secure a connection to the JNIOR over which you may access the Command Line Interface (CLI) similar to using Telnet or the WebUI Console tab. In addition to a terminal connection the SSH protocol may be used to execute individual commands on a remote JNIOR. As with other protocols, SSH may be disabled through the Registry. JMP PROTOCOL The WebUI uses the JNIOR Management Protocol (JMP) through the Websocket facility supported by the same ports used by HTTP or HTTPS. If you have achieved a secure connection in accessing the WebUI the background JMP connection will also be secure. The JMP protocol requires a login. It has been integrated with the WebUI sharing the single entry of credentials. The JMP Protocol is available on Port 9220. It also supports the STARTLS capability and client programs designed to communicate using the JMP protocol can take advantage of an encrypted connection. JNIOR PROTOCOL The JNIOR Protocol is a legacy binary protocol still in use today. It has limited capability and can also be elevated to an encrypted connection. It is available on Port 9200. This can be disabled as well if it is not required in your application. SEE ALSO HELP Topics: NETSTAT [/flash/manpages/manpages.hlp:1731]