FUDforum
My FUDforum

Home »  » SocketServer and NS-Link » NS-Link versus SocketServer security
NS-Link versus SocketServer security [message #1056] Mon, 22 October 2018 09:46 Go to next message
BobF is currently offline  BobF
Messages: 10
Registered: October 2018
Location: Grand Forks, ND
Member
My company is using a handful of Devicemaser 32 port ethernet gateways. I was using a web browser and the device IP to log in to the Divicemaster and I was getting some different results from some of them.
A few prompted me with a username and password and when I loggedin, it showed it was running SocketServer 11.11. On a few others, it would not prompt for a password and it showed it was running NS-Link 6.12.

I need to have all my devices the same and I really need to ensure they are all password protected. Because of the fact that one shows it running SocketServer and the other NS-Link, I did not want to blindly go and try to update anything in fear of locking it up. I looked through the Firmware revision history for SocketServer but I could not see if there was a time when the Software/Firmware name changed or why exactly I see two different GUI's when I connect to these Devicemasters via a web browser.

1. Do I need to update the device to a newer version of SocketServer to get the password logon feature I want, or is there a way to have this function with the NS-Link 6.12 currently running? I do not like how I can configure ports and other options without any security at all.
2. Will updating the firmware give the more feature-rich GUI of what I see in SocketServer 11.11 that NS-Link 6.12 lacks?
3. Is it possible to update this firmware remotely over a telnet session, or will I need to do this in person directly connected to the device? I have these devices at several remote locations
Thanks



Bob F
Minnkota Power Cooperative
Re: NS-Link versus SocketServer security [message #1057 is a reply to message #1056] Mon, 22 October 2018 10:09 Go to previous messageGo to next message
Kurt is currently offline  Kurt
Messages: 245
Registered: July 2016
Location: Minnesota
Power User
Hi BobF,

Regarding your questions:

Quote:
My company is using a handful of Devicemaser 32 port ethernet gateways. I was using a web browser and the device IP to log in to the Divicemaster and I was getting some different results from some of them.

A few prompted me with a username and password and when I loggedin, it showed it was running SocketServer 11.11. On a few others, it would not prompt for a password and it showed it was running NS-Link 6.12.



SocketServer indicates that the driver is not communicating to the DeviceMaster. Usually, this happens when using "Socket Mode" to communicate (IP Address and socket port number). Or, the driver may not be configured to work with that particular DeviceMaster.

Quote:
I need to have all my devices the same and I really need to ensure they are all password protected. Because of the fact that one shows it running SocketServer and the other NS-Link, I did not want to blindly go and try to update anything in fear of locking it up. I looked through the Firmware revision history for SocketServer but I could not see if there was a time when the Software/Firmware name changed or why exactly I see two different GUI's when I connect to these Devicemasters via a web browser.


See above comment:

Quote:
1. Do I need to update the device to a newer version of SocketServer to get the password logon feature I want, or is there a way to have this function with the NS-Link 6.12 currently running? I do not like how I can configure ports and other options without any security at all.


One way to set the password that is consistent across most firmware version is via Telnet. See this article for details:
http://downloads.comtrol.com/contribs/devicemaster/help_file s/password_protect_the_devicemaster_web_page_&_telnet_se ssions.pdf

Another way to set a password is through the web page for the DeviceMaster. For firmware versions 11.x and above do the following:
1. Open the web page of the DeviceMaster.
2. Go to the Network Tab -> Password
3. Leave the Old Password blank if you don't have one previously set. Enter the new password for the DeviceMaster in the "New Password" field and "Confirm New Password" field.
4. Click on the "Save" button.
5. To test, click on the home tab. Enter 'admin' for "Username" and your new password.
6. Please note that some special characters will be a problem with older versions of the firmware (pre 11.x)

Quote:

2. Will updating the firmware give the more feature-rich GUI of what I see in SocketServer 11.11 that NS-Link 6.12 lacks?


Update Bootload as well as SocketServer. This can be found here:
http://downloads.comtrol.com/html/DM_PRO_RTS_SERIALHUB_firmw are.htm


Quote:
3. Is it possible to update this firmware remotely over a telnet session, or will I need to do this in person directly connected to the device? I have these devices at several remote locations


Yes to both. Please see above comments.

I hope I answered your questions. Please let me know if anything else comes to mind.
If a password doesn't work and needs to be removed, please follow the following steps.
Note on the removing password. This will be done in "Console Mode". Ensure the bootloader timeout is
set to a minimum of 30 seconds to allow access to the "Redboot prompt" (bootloader mode).

http://downloads.comtrol.com/contribs/devicemaster/help_file s/clearing_unknown_password.pdf

Thanks,
Kurt


Kurt Rees
www.comtrol.com
http://forum.comtrol.com/

Comtrol Corporation
100 Fifth Ave NW
Minneapolis, MN. 55112
Direct +1 763.957.6000 | +1 Fax (763) 957-6001
connect. communicate. control
Re: NS-Link versus SocketServer security [message #1058 is a reply to message #1057] Mon, 22 October 2018 10:17 Go to previous messageGo to next message
Kurt is currently offline  Kurt
Messages: 245
Registered: July 2016
Location: Minnesota
Power User

One added comment, I didn't address updating the firmware via telnet session.

You can update the firmware via tftp:
http://downloads.comtrol.com/contribs/devicemaster/help_file s/tftp_firmware_update_instructions_cmtl_v2.pdf

You can update the firmware via PortVision if the DeviceMasters are on the same Network Segment.
http://downloads.comtrol.com/html/DM_PRO_RTS_SERIALHUB_pvpx. htm

You can also upload the firmware through our stand-alone firmware update tool (beta).
http://downloads.comtrol.com/contribs/devicemaster/beta/DM-F irmware-Updater-Setup-2.02.exe

Once your firmware is at 11.x, you should be able to update the firmware via the DeviceMaster Webpage:
Go to the "System Tab" -> "Update Firmware"

Thanks,
Kurt


Kurt Rees
www.comtrol.com
http://forum.comtrol.com/

Comtrol Corporation
100 Fifth Ave NW
Minneapolis, MN. 55112
Direct +1 763.957.6000 | +1 Fax (763) 957-6001
connect. communicate. control
Re: NS-Link versus SocketServer security [message #1059 is a reply to message #1056] Mon, 22 October 2018 10:56 Go to previous messageGo to next message
BobF is currently offline  BobF
Messages: 10
Registered: October 2018
Location: Grand Forks, ND
Member
Thanks for the information. The first reply you gave about the driver raises a few questions that I need answers on so I can better understand the security:
I assume the driver you are referring to is one in the Devicemaster (DM) itself? Or is it something on the computer that is being used to connect to the DM? I was using the same computer to log into all of my Devicemasters when some showed NS-Link and others showed SocketServer. I like how on the DM's that showed SocketServer, it asked for the user and password. In your replies above, it almost seems as if I had the correct driver, it should show up as NS-Link and there would be no prompt for a password?

My concern is if someone had the IP address of my DM and they tried connecting, that they could then immediately see my config and port info if they had the "correct driver". I don't want to assume the ones that are prompting me for a username and password are secure if I am only being prompted because of a lack of a proper driver. The ones that are not prompting for a password are apparently using the proper driver since they show NS-Link.

In the end I am hoping that there is a way to make the DM prompt for a user/password no matter the way you choose to connect to it. Using PuTTY via Telnet does prompt for a password on the ones I set up that way, but over a common web browser there is no password for those same DM's with the driver that allows it to show NS-Link.




Bob F
Minnkota Power Cooperative
Re: NS-Link versus SocketServer security [message #1060 is a reply to message #1059] Mon, 22 October 2018 12:58 Go to previous message
Kurt is currently offline  Kurt
Messages: 245
Registered: July 2016
Location: Minnesota
Power User

Hi BobF,

Quote:
I assume the driver you are referring to is one in the Devicemaster (DM) itself? Or is it something on the computer that is being used to connect to the DM? I was using the same computer to log into all of my Devicemasters when some showed NS-Link and others showed SocketServer. I like how on the DM's that showed SocketServer, it asked for the user and password. In your replies above, it almost seems as if I had the correct driver, it should show up as NS-Link and there would be no prompt for a password?


The driver referred to is for the DeviceMaster, see here:
http://downloads.comtrol.com/html/DM_PRO_RTS_SERIALHUB_drive rs.htm

If you configured a password it should ask for a password regardless of using a driver or when using Socket mode.




Quote:
My concern is if someone had the IP address of my DM and they tried connecting, that they could then immediately see my config and port info if they had the "correct driver". I don't want to assume the ones that are prompting me for a username and password are secure if I am only being prompted because of a lack of a proper driver. The ones that are not prompting for a password are apparently using the proper driver since they show NS-Link.


Within the web page of the new firmware v11.x, you can go to "Network" -> "Security" create your password and select 'Enable Secure Config Mode'. Next, reboot.
This will enable https:// functionality and will require a password.

If using PortVision, you will be required to enter the username / password to get to the Properties GUI.

Telnet would require SSH on port 22. You will be asked the username and password


Quote:
In the end I am hoping that there is a way to make the DM prompt for a user/password no matter the way you choose to connect to it. Using PuTTY via Telnet does prompt for a password on the ones I set up that way, but over a common web browser there is no password for those same DM's with the driver that allows it to show NS-Link.


You should be ok with the above suggestions.

If you want to do this via telnet, the command would be:

Command to set your password
password <your_password>

Command to set secureconf:
secureconf enable

Kurt



Kurt Rees
www.comtrol.com
http://forum.comtrol.com/

Comtrol Corporation
100 Fifth Ave NW
Minneapolis, MN. 55112
Direct +1 763.957.6000 | +1 Fax (763) 957-6001
connect. communicate. control
Previous Topic: Older Versions
Next Topic: SocketServer and NS-Link Firmware Combined
Goto Forum:
  


Current Time: Wed Nov 25 11:05:08 CST 2020

Total time taken to generate the page: 0.01200 seconds