NETGEAR ProSafe GSM7212 Application Note page 5

Application Note: Configuring and Enabling Management Security
Chapter 1
Introduction
In the past, network communications were simply a matter of packaging frames of
information and shipping them over the wire to their destination. Protocols gave
little thought to who might be viewing the frames as they crossed the wire, or
what illegitimate parties might do with the information so gleaned. More and
more, security has become an ever-present concern amongst the members of the
networking community. Networking infrastructure is far too important to risk
abuse by hackers, whether they are malevolent or simply mischievous. As a
whole, the community has turned to encryption as a means of ensuring the
security of network transactions.
Interactive login is a mainstay for providing a means to control and/or configure
an entity across the network. For decades the telnet protocol has provided this
capability for devices wishing to provide interactive login over a network.
However, these protocols are chief culprits with regard to the transmission of
sensitive information (e.g. passwords) over the network unprotected. The current
de facto standard for providing interactive login in a secure fashion is the Secure
Shell (SSH). SSH provides a number of services in a secure manner. These
include port forwarding, file transfer, X11 forwarding, and interactive login. Of
these, currently only interactive login is of interest for the NETGEAR managed
switch software.
Managing devices with a web browser has been standard practice for several
years. Unfortunately, standard HTTP transactions are no more secure than telnet.
This was one of the original barriers to the success of "e-commerce". The solution
(then and now) is the use of the Secure Sockets Layer (SSL) protocol. SSL
provides a means of abstracting an encrypted connection between two stations.
Once established, such a connection is virtually no different to use than an
unsecured connection. This allows an established protocol (e.g. HTTP) to operate
in a secure manner on an open network.
A third component of management on a modern networking appliance is SNMP.
The SNMP protocol has it own security mechanisms outside of SSH and SSL.
Consequently discussion of security for SNMP transactions is outside the scope of
this document.
Introduction 1-1
v1.0, February 2006