R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l
43
"Smarter Timing Solutions"
Appendix
D
Security
Your RTM3204 incorporates several important security features to prevent unauthorized tampering
with its operation. Many of these are standard multiple-user access control features of the underlying
Linux operating system which controls the RTM3204. Others are provided by the additional protocol
servers selected for inclusion in your RTM3204, and the way that they are configured.
Secure user authentication and session privacy while performing routine monitoring and mainte-
nance tasks are provided by the OpenSSH implementations of the “secure shell” daemon,
sshd
and
its companion “secure copy” utility,
scp
. The UCD-SNMP implementation of the Simple Network
Management Protocol (SNMP) daemon,
snmpd
. conforms to the latest Internet standard, known as
SNMPv3, which also supports secure user authentication and session privacy. This appendix de-
scribes these security measures and gives the advanced network administrator information that will
allow custom configuration to fit specific security needs.
Linux Operating System
Note: The RTM3204 is a derivative of our standard product, the Tycho GPS Frequency Reference.
As such, the operating system software will refer to the Tycho.
The embedded Linux operating system running in the RTM3204 is based on kernel version 2.4.26
and version 7 of the Slackware Linux distribution. As such it supports a complete set of security
provisions:
•
System passwords are kept in an encrypted file,
/etc/shadow
which is not accessible by users other
than
root
.
•
Direct
root
logins are only permitted on the local RS-232 console or via SSH.
•
The secure copy utility,
scp
, eliminates the need to use the insecure
ftp
protocol for transferring
program updates to the RTM3204.
•
Access via SNMP is configurable to provide the security of the latest version 3 Internet standard
which supports both view-based access control and user-based security using modern encryption
techniques. Previous versions v1 and v2c supported access control essentially via passwords trans-
mitted over the network in plain text. Refer to
Appendix C – Simple Network Management Protocol
which is dedicated to configuration of SNMP for details.
•
Individual host access to protocol server daemons such as
in.telnetd, snmpd
or
sshd
may be
controlled by the
tcpd
daemon and
/etc/hosts.allow
and
/etc/hosts.deny.
•
Risky protocols like TIME, DAYTIME and TELNET may be completely disabled by configura-
tion of the
inetd
super-server daemon.
Содержание RTM3204
Страница 1: ...Smarter Timing Solutions RTM3204 GPS Timing Module User Manual...
Страница 2: ......
Страница 6: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l...
Страница 26: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 16 C H A P T E R T W O...
Страница 40: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 30 A P P E N D I X A...
Страница 46: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 36 A P P E N D I X B...
Страница 52: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 42 A P P E N D I X C...
Страница 56: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 46 A P P E N D I X D...
Страница 62: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 52 A P P E N D I X F...
Страница 64: ...R T M 3 2 0 4 G P S T i m i n g M o d u l e U s e r M a n u a l 54 S P E C I A L M O D I F I C AT I O N S...
Страница 65: ......
