Lantronix ETS Reference Manual - 5.4.5 Automatic Logouts
Security
Ports
5-16
5.4.5 Automatic Logouts
Ports can be configured to log out automatically when the DSR signal is dropped to prevent users from
accessing other sessions by switching physical terminal lines. Ports can also be configured to log out
automatically or when they’ve been inactive for a specified period of time.
5.4.5.1 DSRlogout
When a device connected to the ETS is disconnected or powered off, the DSR signal is dropped. To
configure a port to log out when this happens, use the Set/Define Port DSRlogout command.
Figure 5-31: Enabling Dsrlogout
Normally, DSR must be enabled on a port for it to automatically log out when the device it is attached to is
turned off or disconnected. When DSRlogout is enabled, the ETS will log out the port’s user if either of
these cases occurs to prevent unauthorized users from unplugging physical terminal cables and gaining
access through other users’ still-active sessions.
DSRlogout is also useful with incoming modems. When the modem hangs up, it will log the user out and
thus force the host to prompt subsequent users to log in. For this reason, Modem Control implicitly enables
DSRlogout (although it will not show up as enabled), as well as other features. DSRlogout does not
implicitly enable Modem Control, however. DSRlogout and Modem Control are mutually exclusive
features; the same physical serial line signals are used for both features.
5.4.5.2 Inactivity Logout
To configure a port to log out after a specified period of inactivity, use the Set/Define Port Inactivity
Logout command. This command works in conjunction with the Set/Define Server Inactivity Timer
command, which defines an inactivity limit as a particular number of minutes. After the timer period has
elapsed, a port with Inactivity Logout enabled will be considered inactive and automatically logged out.
Figure 5-32: Enabling Inactivity Logout
5.4.6 Dialback Security
Depending upon the modem and its configuration, it may be possible for a determined attacker to penetrate
the system. There are two windows of vulnerability where an attacker could gain unauthorized access to the
ETS: the first exists after the ETS hangs up the modem but before the modem dials the user back, and the
second exists after a dialback attempt fails but before the ETS reaches the end of its 80-second timeout
period. Careful configuration and testing of the system during these short vulnerable periods is required to
ensure a high level of security.
To minimize potential security problems when using Dialback, configure your modem carefully. The
modem should not answer the line until the second or third ring, and never until the DTR signal is asserted.
The modem should also be configured to dial only after detecting a dial tone, and hang up otherwise.
Local>> DEFINE PORT 1 DSRLOGOUT ENABLED
Local>> DEFINE PORT 1 INACTIVITY LOGOUT ENABLED
Local>> DEFINE SERVER INACTIVITY TIMER 500