Multicast Router - Security
Security Features
ZYTRAX Routers provide many security features some of which depend on the type of link supported.
PAP or CHAP (MD5) authentication
mandatory on all Physical connections.
WarpTwo
mandates the use of either PAP (Password Authentication Protocol) or CHAP
(Challenge Handshake Authentication Protocol) using the MD5 (Message Digest type
5) encryption. CHAP MD5 is not compatible with Microsoft's standard
implementation of CHAP, but the Microsoft server can be configured to support
MD5.
Optional mutual authentication on link
connection.
A Link is typically authenticated by one end, WarpTwo can be configured for mutual
Authentication (where BOTH ends of the Link initiate and respond to
Authentication requests). This provides an extra measure of security for
vulnerable links.
User configurable periodic re-authentication.
For Links where it is vital to maintain security WarpTwo may be configured for re-authentication at user defined intervals. This guards against Link 'stealing' after
establishment of a connection.
Access Lists (GoodGuys) define (by IP
address, net mask and type of service) the hosts that are permitted access to router
management and diagnostic features.
The GoodGuys list (a.k.a an Access List) defines those Hosts (or Host ranges) that are
permitted access to Router features. The access list may be further defined to
allow access to any or any combination of features (Configuration, Monitoring
and Reset/Load). In low security environments a Telnet password is used to deter
and stop accidental access to the router.
