3. Secure your
OTMC 100
against unauthorized access.
Display the
Security
page of the
Configuration
section (see page
and click the
Save
button to save and apply your settings.
a. Display the
Access Control
pane and set the
Access
field to "Password".
If you set the
Access
field to "Password" without defining a password, the default
password
timeserver
will be used.
b. Enter a password to the
Change password
field and repeat your password in the
Confirm
password
field. Click the
Change
button to save and apply your settings. From now on,
entering the password is required to access your
OTMC 100
.
c. In the
Protocol
field, select whether you want to allow access via the secure HTTPS protocol
only or via HTTPS and the unsecure HTTP protocol.
By default, password transmission to
OTMC 100
is performed unencrypted. By selecting
HTTPS only
you can force the use of the encrypted HTTPS protocol and thus protect your
password.
When accessing
OTMC 100
via HTTPS, an "untrusted connection" message
may appear because
OTMC 100
does not have a valid certificate. To avoid such
messages, it is necessary to provide
OTMC 100
with such a certificate. Please
refer to subsection "Generate Certificate pane" in section
on page 58 for more detailed information.
d. In the
Services
field, select whether you want to allow access to your
OTMC 100
via the web
interface (
Web
) or the Application Programming Interface API (
SOAP
) only or via both
interfaces (
Web and SOAP
).
e.
Protocol restrictions
: Disabling services that are not required or used for operation will
minimize potential points of attack and thus make
OTMC 100
safer.
•
Usually OMICRON
Device Link
is used to find
OTMC 100
in the network. However,
OMICRON
Device Browser
, the predecessor of
Device Link
may also be used to find
OTMC 100
and to change its network configuration. To protect your
OTMC 100
against
unauthorized or unintentional configuration changes using OMICRON
Device Browser
or
Device Link
, deselect the
Allow OMFIND network configuration
option.
•
If you want to prohibit standard user/password authenticated access to
OTMC 100
via
secure shell (SSH), deselect the
Allow SSH password login
option. When deselected,
access via SSH is only possible via key based authentication. This reduces the risk of
unauthorized access to
OTMC 100
through brute force attacks.
The options in the
Protocol Restrictions
pane of the
Security
page just enable
or disable protocol options. In order to completely disable a service, use the
Services
pane of the
Network
configuration page.
OTMC 100 Series User Manual
26
OMICRON