GE 1019071 Network Card User Manual


 
Modifications reserved Page 44/58
OPM_CNT_SNM_BAS_CRD_1GB_V012.doc Operating Manual SNMP/Web Adapter
7 SECURITY
As any other device connected to a network, the adapters are exposed to security threats. This section
details the advanced security features provided by the SNMP/Web adapters. Users should use the
information provided in this section to correctly configure the cards and implement all security features
deemed appropriate to the installation environment.
7.1 USER AUTHENTICATION & AUTHORISATION
In this context, authentication means establishing the digital identity of anyone attempting to access
the adapters though one of the available interfaces. Most of the supported protocols implement a
username/password pair as a mean for user identification.
This is different from authorisation, which means verifying whether a user is allowed to have access to
data or specific services.
The SNMP/Web adapters allow making full use of both protection mechanisms.
7.1.1 User Management
The adapters come with a predefined supervisor user, whose default username and password are ge
and ge. New users can then be created using either the console or the web interface.
NOTE Only the supervisor user can create new users.
To create a new user, the following information shall be specified:
Username / password
User class (access rights)
Available services
7.1.2 User class
Users are divided in three separate classes based on access rights.
Supervisor Predefined user; it can be renamed but not deleted; it cannot be created
(only one supervisor user is allowed).
This user has all access rights. It is the only user who can perform user
management (creation/deletion of users).
Read/write access
(rw)
Access with read/write rights. Can access and modify all setting with the
exception of user management.
These access rights should be restricted to professional users (e.g. Network
Administrators).
Read-only access
(ro)
Access only for reading. Can access most settings but cannot modify them.
Most users are expected to be created with this profile.
7.1.3 Selective service activation
The SNMP/Web adapters allow selective service activation – that is, the various interfaces can be
enabled on a user basis. For each user, access to the following services can be enabled:
http Web interface Controls access with HTTP and HTTPS protocols
telnet Remote console interface Controls access with Telnet and SSH (Secure SHell) protocols
ftp File transfer Controls access with FTP and SFTP (Secure FTP) protocols