EM1500 User’s Manual
37
Change the path name to the desired file locations. The path name must be absolute
(i.e., start with a slash). If more than one user needs to configure EM1500s, then they
may share the same key file, or have different key files. If the key file is shared (e.g.,
if everyone uses the default key files in
/etc/em1500rc
) then only one user will
be able to use the configuration program at any time. This is because the same lock
file considerations apply to Linux as they do to Windows (see above).
If the user has her own private key and lock files, then there is no sharing restriction;
however, any units that she selects for secure configuration will not be accessible by
any other user, since other users will not generally have access to her key file.
Other considerations (Secure config)
When first set to secure configuration mode, the key is sent in clear text over the net-
work. Thus, in principle, an unauthorized person may be able to capture the key. If
this is deemed to be a risk, then the unit should be initially configured on a network
that is known to be secure against snooping attacks.
The current firmware release does not support changing the key once it is set, except
by turning secure configuration off, then back on. The key is a 128-bit AES key, and
messages are protected with MD5 secure hashing. This combination is thought to be
secure against all but the most well-equipped agencies. Even so, a critical evaluation
of risk should be taken before the EM1500 is used in the field.
The security offered by secure configuration is only as good as the degree of protec-
tion afforded to the key file on the PC. Please note again that it is only the changing of
configuration data which is protected. Currently, the data links (i.e., ordinary opera-
tion) of the EM1500 are not secured.
WWW userid
User ID that must be supplied to access web-based configuration.
WWW password
Password that must be supplied to access web-based configuration.
Digest auth.
Check this option to require your browser to use digest authentication. Otherwise, the
browser will need to use basic authentication. If your browser supports it, it is more
secure to use digest authentication because passwords are not transmitted in plain-
text.
NOTE:
Digest authentication is supported by modern browsers only. In particular, Netscape
4.x does NOT support digest authentication.
Summary of Contents for EM1500
Page 14: ...10 www rabbit com Introduction...
Page 22: ...18 www rabbit com Getting Started...
Page 76: ...72 www rabbit com EM1500 Configuration...
Page 90: ...86 www rabbit com EM1500 Specifications...
Page 104: ...100 www rabbit com Serial and TCP Protocols...
Page 118: ...114 www rabbit com EM1500 FAQ...