Security notes - SC12 @CHIP-RTOS V1.10
IPC@CHIP Documentation Index
Introduction
- Here some notes how to protect the IPC@CHIP against unauthorized access.
By default most of the further described security features are disabled.
This to enable every starting user to have access to them from the start
for his IPC@CHIP development.
WEB server
- Steps to protect the IPC@CHIP against unauthorized access via HTTP:
- Webserver default drive:
Set a webserver root drive at chip.ini
- Webserver root directory:
Set a webserver root directory at chip.ini
- Remove CGI page ChipCfg:
Delete this preconfigured page from the CGI table with the CGI API
- PUT Method User and Password:
Define User and Password if you have a @CHIP-RTOS Variant which provides the HTTP PUT
method. Otherwise everyone can transfer files to your server with the standard
password and user 'WEB'. The HTTP PUT method wont be provided by the standard
CHIP-RTOS Variants LARGE, MEDIUM, SMALL, TINY.
- Additional protection of a specified path:
Access is only, if the user authenticate himself by a defined username
and password.
Top of list Index page
TELNET server
- Steps to protect the IPC@CHIP against unauthorized access via Telnet:
- Telnet timeout minutes:
Define telnet idle timeout minutes at chip.ini
- Telnet login delay:
Enable telnet login delay at chip.ini
- Telnet login retries:
Set telnet login retries at chip.ini
- Telnet user and passwords:
Define both user and password names at chip.ini
- Set the Stdio Focuskey to zero:
at chip.ini or inside of the application with Set Stdio focus key
This disables the switching of stdio.
Comments
- Since CHIP-RTOS version 1.01B telnet doesn't tell if the input of the username or the
password input was wrong.
Top of list Index page
FTP server
- Steps to protect the IPC@CHIP against unauthorized access via FTP:
- FTP timeout:
Define FTP idle timeout seconds at chip.ini
- FTP login delay:
Enable FTP login delay at chip.ini
- FTP user and passwords:
You should define both user and password names at chip.ini
- FTP user root directory:
For a "normal" user you should define a root directory above "\".
- FTP user drive:
If you specify a rootdirectory you also must set a drive.
- Hide files with int21h 0x43:
Hidden files are not visible at FTP sessions or by the DIR command
Comments
- Since @CHIP-RTOS version 1.01B FTP doesn't tell if the username input or the
password input was wrong.
Top of list Index page
PPP server
- Steps to protect the IPC@CHIP against unauthorized access via PPP:
- PPP server idle timeout:
Define PPP server idle timeout seconds at chip.ini
- PPP users and passwords:
Define both user and password names for the the PPP server at chip.ini
Top of list Index page
Chiptool UDP config server
- Protect the IPC@CHIP against unauthorized access by using the Chiptool program:
- UDP config server:
Set the UDP config server security level at chip.ini
Top of list Index page
TFTP server
- Protect the IPC@CHIP against unauthorized access via TFTP:
- Disable/enable TFTP:
Disable/enable TFTP with shell command
Top of list Index page
General TCPIP network security
- Install System Server Connection
Handlers provides the possibility to generate IP- and/or Port -filters and
forbid connections to FTP, WEB or Telnet
- The BIOSINT API function Suspend
System Servers allows you to Supend/Resume the FTP, Web and Telnet Server
while runtime.
- TCPIP API function Register an IP callback filter function
allows the application programmer to install a filter callback function on every incoming IP packet.
- TCPIP API function Register an ARP callback filter function
allows the application programmer to install a filter callback function on every incoming ARP packet.
Top of list Index page
End of document
|