APC Network Management Card AP9617 Podręcznik Użytkownika Pobierz pdf (Strona 128)

®®

USER’S GUIDE

network management card

122

MD5 authentication (for the Web interface)

The Web interface option for MD5 authentication enables a higher level of

access security than the basic HTTP authentication scheme. The MD5

scheme is similar to CHAP and PAP remote access protocols. Enabling

MD5 implements the following security features:

• The Web server requests a user name and a password phrase (distinct

from the password). The user name and password phrase are not

transmitted over the network, as they are in basic authentication.

Instead, a Java login applet combines the user name, password

phrase, and a unique session challenge number to calculate an MD5

hash number. Only the hash number is returned to the server to verify

that the user has the correct login information; MD5 authentication

does not reveal the login information.

• In addition to the login authentication, each form post for configuration

or control operations is authenticated with a unique challenge and

hash response.

• After the authentication login, subsequent page access is restricted by

IP addresses and a hidden session cookie. (You must have cookies

enabled in your browser.) Pages are transmitted in their plain-text form,

with no encryption.

If you use MD5 authentication, which is available only for the Web interface,

disable the less secure interfaces, including Telnet, FTP, and SNMP. For

SNMP, you can disable write-only access so that read access and trap

facilities are still available.

For additional information on MD5 authentication, see RFC document

#1321 at the Web site of the Internet Engineering Task Force, http://

www.ietf.org. For CHAP, see RFC document #1994.

1 2 ... 123 124 125 126 127 128 129 130 131 132 133 ... 149 150

Brak uwag

APC Network Management Card AP9617 Podręcznik Użytkownika Strona 128