Lantronix ETS Reference Manual - 2.13 Security
Concepts
Security
2-19
The ETS allows ports to be configured with the Dialup and/or DTRwait characteristics. Dialup will tell any
LAT service that a port is connected to a modem; the remote node may decide to disallow the connection
based on that flag for security reasons. The DTRwait characteristic will force the ETS to de-assert DTR on
a port until a user actually connects to the port. This connection can be either an interactive login from a
device on the network or a LAT or Telnet service connection. For some modems, de-asserting DTR will
prevent the modem from answering an incoming call unless someone is already connected to the port.
The ETS also provides Dialback support, which requires port users to enter a trusted username and then
allow the ETS to close the connection and attempt to reconnect via a specified modem command string. This
ensures that only trusted usernames are used, and that the usernames only log in from a particular phone
number. If an invalid username is entered or the reconnect attempt fails, the connection is assumed to be
non-secure and the port is logged out. Ports configured for Dialback have a 30-second time limit for entering
a username at login time to prevent unauthorized users from denying access to others. Dialback does not
interfere with outgoing modem connections, so a modem can be restricted for incoming logins but still allow
network users full outgoing access.
2.12.1 Remote Configuration
There are three ways to remotely configure the ETS: the Telnet console port, the NCP and TSM utilities,
and SNMP.
TCP/IP users connecting to the Telnet console port (port 7000) will be prompted for the ETS’s login
password. After entering the login password, the user can issue normal configuration commands, but will
still have to enter the privileged password to issue privileged commands. Connections to this port are not
subject to the Set/Define Server Incoming command, and thus managers can log into this port regardless
of whether regular TCP logins are enabled.
VMS users can use the NCP utility to signal remote hosts to perform specific operations across the network
or form connections to the ETS. This is especially useful for Flash-ROM ETS’s, which might not be placed
in easily accessible locations. The TSM utility uses NCP to start login sessions with the ETS and allows files
of ETS commands to be sent to the ETS. Access to remote control of the ETS can be protected by the
maintenance password.
The Telnet console, NCP, and TSM all require the correct login password to be entered. The default
password is access. It can be changed via the Set/Define Server Login Password command. See Set/
Define Server Maintenance Password on page 12-72 for information on remote access control.
SNMP allows network hosts to query other hosts for counters and network statistics. In general, one host
on a network will run an SNMP application that queries the other hosts on the network to collect statistics
and other information and signal error conditions. The ETS will not generate queries of its own; it can only
respond to queries from other hosts. See the discussion of Simple Network Management Protocol (SNMP)
on page 2-13 for more information.
2.13 Security
Several methods can be used to control access to the ETS and restrict user behavior once logged in. For
example: