Filter
Top Products
102 DOMINION SX USER GUIDE
security
Switch to the security menu.
sendeventlog
Sends the local event log to a remote FTP server.
show
Show configuration options.
tacacsplus
Switch to the TACACS+ Configuration Menu.
telnet
Enable telnet communication and specify the port.
top
Return to the root menu.
traceroute
Print the route to a remote system
upgrade
System command to upgrade the firmware.
upgradehistory
System command to show the upgrade history.
userlist
List users.
vieweventlog
Displays the local event log.
Security Issues
There are a number of elements to consider when addressing security for console servers:
• Encrypting the data traffic sent between the operator console and the DSX unit.
• Providing authentication and authorization for users.
• Logging data relevant to the operation for later viewing and auditing purposes. In some
cases, this data is required for compliance with governmental or company regulations.
• Encryption of port data log sent to a remote nfs server.
• Security profile
• “Man in the Middle”
Dominion SX supports each of these elements; however, they must be configured prior to general
use.
Configuring Encryption of Traffic
Encryption of traffic between the operator console and the DSX unit is determined by the access
methodology being used. SSH and encrypted browser access (HTTPS) are enabled by default.
SSH and HTTPS, by definition, support 128-bit encryption of the traffic between the two ends of
the link. To accept unencrypted connections, the user must manually enable the HTTP and Telnet
services.
Welcome Banner Configuration
Dominion SX optionally supports a customizable (maximum 6000 words) welcome banner that is
displayed after login. The banner identifies where the user has logged into. In addition, there is
the ability to add a consent banner that forces the user to accept the stated conditions prior to
advancing into operation of the console server.
Defining SSL Security Certificates
SSL Security certificates are used in browser access to ensure that the device you are attaching to
is the device that is authorized to be connected. This section describes only how to configure the
certificates on the console server. See Appendix C for details on SSL Certificates.
Enabling Firewall Protection
Dominion SX provides a firewall function to provide protection for the IP network and to control
access between the internal router and the LAN 1, LAN 2 and the dial modem interfaces.
Enabling Security Profiles
Dominion SX provides the ability to define security profiles which simplify the assigning of
permissions to users and groups. There are three types of profiles. Two are predefined: standard
and secure. The third allows for the definition of custom profiles; this allows assignment of all
permissions by assigning one security profile. Multiple custom security profiles may be defined.