16 Locking down the controller
49
16
Locking down the controller
16.1
Intended locking use cases
In some cases it's required to grant administrative access to multiple, possibly not completely trusted, parties. The
settings described below are designed to somewhat limit what an administrator can do to the device.
16.2
Protection bits
The following operations available to the administrator pose an increased risk and can be protected:
• changing administrator credentials;
• changing networking settings;
• changing notification settings;
• backing up private settings (passwords, keys, etc.);
• restoring settings from backup;
• upgrading firmware;
• entering maintenance mode.
16.3
Protection status indication
Overall protection status is indicated in the top right corner of
each page
:
•
— no protection bits active;
•
— some protection bits active;
•
— all protection bits active.
Clicking on the icon gives more detailed info:
Firmware protection is disabled
Notification settings protection is disabled
Private configuration protection is enabled but ineffective:
SSH is enabled, which could be used to bypass protection
Firmware upload is allowed, specially crafted firmware could be used to bypass protection
Administrator credentials protection is disabled
Maintenance mode lock is enabled but ineffective:
SSH is enabled, which could be used to bypass protection
Firmware upload is allowed, specially crafted firmware could be used to bypass protection
Protection from restore from backup is enabled but ineffective:
SSH is enabled, which could be used to bypass protection
Firmware upload is allowed, specially crafted firmware could be used to bypass protection
Network settings protection is disabled
Protection status details
DLI DIN4 User’s Guide: 20170809T111540Z
Summary of Contents for DIN4
Page 1: ...DLI DIN4 User s Guide 20170809T111540Z ...
Page 57: ......