Security notes - SC12 @CHIP-RTOS V1.10

IPC@CHIP Documentation Index

Here some notes how to protect the IPC@CHIP against unauthorized access.
By default most of the further described security features are disabled.
This to enable every starting user to have access to them from the start
for his IPC@CHIP development.

WEB server

TELNET server

FTP server

PPP server

Chiptool UDP config server

TFTP server

General TCPIP network security

WEB server

Steps to protect the IPC@CHIP against unauthorized access via HTTP:

Webserver default drive: Set a webserver root drive at chip.ini
Webserver root directory: Set a webserver root directory at chip.ini
Remove CGI page ChipCfg: Delete this preconfigured page from the CGI table with the CGI API
PUT Method User and Password: Define User and Password if you have a @CHIP-RTOS Variant which provides the HTTP PUT method. Otherwise everyone can transfer files to your server with the standard password and user 'WEB'. The HTTP PUT method wont be provided by the standard CHIP-RTOS Variants LARGE, MEDIUM, SMALL, TINY.
Additional protection of a specified path: Access is only, if the user authenticate himself by a defined username and password.

Top of list
Index page

TELNET server

Steps to protect the IPC@CHIP against unauthorized access via Telnet:

Telnet timeout minutes: Define telnet idle timeout minutes at chip.ini
Telnet login delay: Enable telnet login delay at chip.ini
Telnet login retries: Set telnet login retries at chip.ini
Telnet user and passwords: Define both user and password names at chip.ini
Set the Stdio Focuskey to zero: at chip.ini or inside of the application with Set Stdio focus key
This disables the switching of stdio.

Comments

Since CHIP-RTOS version 1.01B telnet doesn't tell if the input of the username or the password input was wrong.

Top of list
Index page

FTP server

Steps to protect the IPC@CHIP against unauthorized access via FTP:

FTP timeout: Define FTP idle timeout seconds at chip.ini
FTP login delay: Enable FTP login delay at chip.ini
FTP user and passwords: You should define both user and password names at chip.ini
FTP user root directory: For a "normal" user you should define a root directory above "\".
FTP user drive: If you specify a rootdirectory you also must set a drive.
Hide files with int21h 0x43: Hidden files are not visible at FTP sessions or by the DIR command

Comments

Since @CHIP-RTOS version 1.01B FTP doesn't tell if the username input or the password input was wrong.

Top of list
Index page

PPP server

Steps to protect the IPC@CHIP against unauthorized access via PPP:

PPP server idle timeout: Define PPP server idle timeout seconds at chip.ini
PPP users and passwords: Define both user and password names for the the PPP server at chip.ini

Top of list
Index page

Chiptool UDP config server

Protect the IPC@CHIP against unauthorized access by using the Chiptool program:

UDP config server: Set the UDP config server security level at chip.ini

Top of list
Index page

TFTP server

Protect the IPC@CHIP against unauthorized access via TFTP:

Disable/enable TFTP: Disable/enable TFTP with shell command

Top of list
Index page

General TCPIP network security

Install System Server Connection Handlers provides the possibility to generate IP- and/or Port -filters and forbid connections to FTP, WEB or Telnet
The BIOSINT API function Suspend System Servers allows you to Supend/Resume the FTP, Web and Telnet Server while runtime.
TCPIP API function Register an IP callback filter function allows the application programmer to install a filter callback function on every incoming IP packet.
TCPIP API function Register an ARP callback filter function allows the application programmer to install a filter callback function on every incoming ARP packet.

Top of list
Index page

End of document