55
Expert Power Control 1104 / 1105
© 2022 GUDE Systems GmbH
Specifications
SNMP v1 and v2c authenticates the network requests by so-called communities. The
SNMP request has to send along the so-called community public for queries (read ac-
cess) and the community private for status changes (write access)
. The SNMP
communities are read and write passwords. In SNMP v1 and v2 the communities are
transmitted unencrypted on the network and can be easily intercepted with IP sniffers
within this collision domain. To enforce limited access we recommend the use of DMZ or
IP-ACL.
SNMP v3
Because the device has no multiuser management, only one user (default name "stand-
ard") is detected in SNMP v3. From the User-based Security Model (USM) MIB vari-
ables, there is a support of "usmStats ..." counter. The "usmUser ..." variables will be
added with the enhancement of additional users in later firmware versions. The system
has only one context. The system accepts the context "normal" or an empty context.
Authentication
The algorithms "HMAC-MD5-96" and "HMAC-SHA-96" are available for authentication. In
addition, the "HMAC-SHA-2" variants (RFC7630) "SHA-256", "SHA-384" and "SHA-512"
are implemented.
"SHA-384" and "SHA512" are calculated purely in software. If "SHA-384" or "SHA-
512" is set on the configuration page, the time for the key generation may take once up
to approx. 45 seconds.
Encryption
The methods "DES", "3DES", "AES-128", "AES-192" and "AES-256" are supported in
combination with "HMAC-MD5-96" and "HMAC-SHA-96." For the "HMAC-SHA-2" proto-
cols, there is currently neither RFC nor draft that will allow for cooperation with an en-
cryption.
While in the settings "AES-192" and "AES256" the key calculation is based on
"draft-blumenthalphoto-aes-usm-04", the methods "AES 192-3DESKey" and "AES 256-
3DESKey" utilize a key generation, which is also used in the "3DES" configuration
("draft-reeder-snmpv3-usm-3desede-00"). If one is not an SNMP expert, it is recommen-
ded to try in each case the settings with and without "...- 3DESKey".
Passwords
The passwords for authentication and encryption are stored only as computed hashes
for security reasons. Thus it is, if at all, very difficult to infer the initial password.
However, the hash calculation changes with the set algorithms. If the authentication or
privacy algorithms are changed, the passwords must be re-entered in the configuration
dialog.
Security
The following aspects should be considered:
·
If encryption or authentication is used, then SNMP v1 and v2c should be turned off.
Otherwise the device could be accessed with it.
·
If only authentication is used, then the new "HMAC-SHA-2" methods are superior to
the MD5 or SHA-1 hashing algorithms. Since only SHA-256 is accelerated in hard-
Summary of Contents for Expert Power Control 1104
Page 2: ...2 Expert Power Control 1104 1105 2022 GUDESystems GmbH...
Page 5: ...Device Description...
Page 12: ...Operating...
Page 22: ...Configuration...
Page 49: ...Specifications...
Page 95: ...Support...