If the connection over https is possible, you can deactivate all other unused services like on Figure
. Ad-
ditionally, in this example only one network interface provides the https web interface. Thus, scenarios like a
dedicated configuration network are possible, too.
Figure 6.8: Deactivating services
For the next step, one other super user than root is needed. Go to section
to create one. After creation of
the new super user, log in with its credentials and disable the root login under "
→
Login/Access
→
Disable Root Login". Deactivate the front panel, USB port and local console under "Security
→
Front Panel"
if desired. In addition, you can set the remote access control to white listed IP addresses that are allowed
to connect to the web interface (Hint: The Remote Access Control does not take effect for SSH connections).
Figure
shows the menus.
Figure 6.9: Deactivation of root and front panel
The timeout for web sessions is configured on the "
" tab under "Login / Access" which is displayed in
Figure
. Shorter durations minimize the security risk.
Figure 6.10: Set timeout of web interface
From now on, the LANTIME is well configured to be managed secure. Keep in mind to check if the IP configu-
ration and remote access control work in the productive network environment.
22
Date: 2nd July 2020
LANTIME CPU Expansion Shelf