19
SECURITY CONFIGURATION (CONTINUED)
SECURITY MODES OFFER DIFFERENT LEVELS OF SUPPORT AND CONTROL
Turtle Mode
This optional mode enables the Unit to shut down when it feels that its security may
be under attack. For example, if more than five password failures are detected in a
certain time frame, the Unit will shut down and disconnect itself from the network. The
only way to recover operation of the Unit is to log in from the local control port (the
keyboard connected to the “thru” connector) and give the appropriate reset command.
Remote access to the Unit is completely locked out. The operation of the attached
server is not affected. Clearly, Turtle mode opens the Unit to denial-of-service attacks,
which could be rather annoying to legitimate users. Therefore, this mode is not
enabled by default. There is an optional Turtle timeout duration (in hours) that by
default is set to 24 hours.
Stealth Mode
In Stealth mode, the Unit deliberately violates certain TCP/IP protocol standards in
order to conceal its presence on the network. For example, it will not respond to any
ICMP ping requests. A TCP/IP connection request (or UDP packet) to any unused port
will go unanswered and will not solicit the normal “connection refused” response. The
goal is to make the Unit invisible to a “port scan” attack, by acting as if it was not
there. For optimum security, the web server port number should be changed from the
default as well (user-configurable). Operation of the Unit by legitimate users who know
both the IP address and web server port number will be as normal. However, outsiders
who might be searching for the Unit will not be able to detect it on the network unless
they correctly guess both the IP address and port number.
SECURITY SETTINGS
1. Change Overall Security Mode
There are three security modes to choose from: “Relaxed” (default), “Internal LAN
with Snoopers”, and “For Use on the Public Internet”. For an explanation of these
modes, please see page 18.
2. Admin Password
The master (or root) password can be changed here. The user name for the master
account cannot be changed; the system will accept either “root” or “administrator”
as the name of this account.
3. Turtle Mode
To enable Turtle mode, change the default setting of “Disabled” to “Enabled”. For a
complete description of this security setting, please see above.
4. Turtle Reset Timeout
Change this value to set the number of hours the Unit stays in Turtle mode after
an attack.
5. Reset Turtle Protection Now
The “shell” of protection can be manually reset at the local console.
6. Stealth Mode
To enable Stealth mode, change the default setting of “Disabled” to “Enabled”. For a
complete description of this security setting, please see above.
7. Require Encryption (HTTPS): No, Yes
Use this command to require HTTPS encryption for all activities through the Unit.
8. Require Client SSL Certificate: No, Yes
Use this command to require a client SSL certificate for all activities through
the Unit.
P74045-B-F1DE101N-man.qxd 5/21/02 4:11 PM Page 19