Power Core - Network Security
To make the system more secure, the following features are supported.
User Login for the Web UI
To open the Web UI, you must login as a User, Supervisor or Administrator. In User mode, all fields are visible but cannot be edited. Thus, settings can only be changed by entering Supervisor or Administrator mode. For security reasons, it is recommended to change the Administrator and Supervisor passwords from the defaults once the device is set up. This can be done from the System -> Control tab once you are logged in as Administrator.
"https" for the Web UI (optional)
This option allows you to use a secure connection for the Web UI. It can be achieved by storing the required SSL certificates on the Power Core device. The steps required to prepare the device are described later. Once the certificates are in place, the Web UI can be opened using a "https" connection. Apart from the connection method, there is no difference in the functionality.
Ember+ Provider Clients Whitelist (optional)
This option can be used to make sure that only devices with a defined IP can access the Ember+ providers. The option is enabled, in the ON-AIR Designer configuration, by entering at least one IP address in the Ember+ Provider Clients Whitelist. If the list is empty, then the feature is disabled and access is permitted from consumers with any IP address. For testing purposes, the whitelist can be temporarily disabled from the Web UI (via the System -> Control tab).
Network Port Restrictions (optional)
This option can be used to restrict the network ports used for the different protocols: Telnet, WebUI, Netcom, DMS, MNOPL and EmBER+. The option is set from the Web UI (via the System -> Control tab). In each case, you can choose either any (to allow access via any control network port) or dwc0 (to restrict access to the first control port). Note that if you choose dwc0, then the restriction also applies to the local host and so access is not permitted via 127.0.0.1. By default, all protocols are available on all interfaces.
Ember+ Denial-of-service Attack Blocker
This feature is always implemented, and protects the Ember+ provider from unwanted service requests. If there are more than 10 "GetDir" requests from the same node in quick succession, then the connection to the consumer is terminated. The connection can then be re-established by the consumer.
Please note: encryption adds calculation time and so some parameters are updated more slowly than without encryption. A difference will be noticed if the stream destinations are monitored with and without SSL (as Packet Increase is updated more frequently without SSL).