JANOS Help System: [Commands] [Topics] [Tech Support] [Printable Manual] [Search]
Overview Security OVERVIEW The JNIOR can be used with confidence on the open Internet provided that certain security precautions are taken and consistently observed. The product configuration as shipped is not appropriate for use in the uncontrolled environment. There are default accounts with default login credentials which would set you up for disaster. There are protocols, for example MODBUS, that do not support login (without customization) and therefore cannot be used freely. With care however, the product can exist securely in a chaotic world like the Internet. Even in a controlled environment such as an air gapped or sandboxed network you would still want to control access to the JNIOR. Another trusted person with access to the network might in a moment of curiosity accidentally activate the JNIOR or alter configuration. Depending on what might be wired to the product, randomly closing a relay could damage the connected equipment or at a minimum disrupt the normal operation of things. A small accidental configuration change might later be difficult to detect and remedy. Both cases would be things to avoid. Proper security would limit that risk. DEFAULT ACCOUNTS The JNIOR ships with four (4) default user accounts two of which have full Administrator permissions. Leaving just one of these active in an uncontrolled situation would create a security risk. Eliminate Unneeded User Accounts -------------------------------- A previously used JNIOR might have several user accounts. A new JNIOR has just 4. Those being: 1. jnior Administrator 2. admin Administrator 3. user Control 4. guest View Only The users are administers through the Command Line Interface (CLI) or Console. The USERS command will display the available accounts. Typically in a single user situation the 'jnior' account would be the primary. Log into the 'jnior' account and then disable the other accounts with using the following USERMOD commands: usermod +d admin usermod +d user usermod +d guest Similarly you may disable any other accounts that may also exist on the unit from any prior use. These commands add the Disabled flag to the accounts but do not remove the users. This would allow you to later restore the users if necessary. You may also remove unnecessary user accounts using the USERDEL command. This command allows you to remove more than one user. It does not confirm removal so do use this cautiously. You cannot remove the currently active user (see WHOAMI). Only an Administrator can make these user changes. So you can never remove all of the administrator accounts. There is always going to be one. The following command removes the extra accounts: userdel admin user guest Note that SAFEMODE temporarily reinstates the 'jnior' account with the default password. This is important should usernames and/or passwords be lost and forgotten. Change Default Passwords ------------------------ The default user accounts each have a default password consisting of the username itself. It is highly recommended that you alter these default passwords before putting the JNIOR into service. For each of the remaining user accounts you would use the PASSWD command to change the password. This command can be used by an Administrator to both change the password for the current user and that for any of the other accounts. To alter the current account simply enter the command: passwd You will be prompted for the current password which you must properly provide. You will then be asked for a new password and then to reenter the password. Both must match for the command to succeed. To change the password for any of the other accounts you must supply the username as follows: passwd admin In this case you will not need to enter the current password. You will be asked for a new password and then to reenter it. Both must match for the command to be successful. Passwords on the JNIOR can be as few as 4 characters and as many as 19. These may contain any of the printable characters. Account passwords are never displayed by the JNIOR. These are stored in secure internal memory area. NOTES The command HELP U* will display the syntax for each in the collection of user commands. SEE ALSO HELP Topics: HELP, USERS, USERMOD, USERDEL, USERADD, WHOAMI, SAFEMODE, PASSWD [/flash/manpages/manpages.hlp:685]