Terminal Emulators: SSH and SSL
The Inet terminal emulators support the SSL/TLS and SSH protocols for secure connections providing encryption and authentication.
TLS was formally defined in RFC2246 in January 1999. For SSL one or more Certificate Authority certificates can be installed to verify certificates presented by servers. A client certificate can also be installed to be presented to a server. If the private key part of the client certificate is protected by a pass-phrase, the user has to enter it every time a connection is established. It uses the SSLeay library written and copyrighted by Eric Young (firstname.lastname@example.org) with parts written by Tim Hudson (email@example.com).
SSH was designed in Finland to circumvent the USA laws restricting export of strong encryption techniques. SSH servers are available for most popular platforms. A variety of commercial server implementations of SSH are available – some early versions include a bug that has to be supported by clients. SSH specifications are found in the IETF’s Internet-draft draft-ietf-secsh-*.txt documents of June 1999.
Setting up of SSL or SSH configuration is performed by selecting the Setup | Security property pageHIDD_SECURITY.
BTW: SSL and SSH does not mean Set Security Low and Set Security High!
Single Point SignOn (SPS or SSO)
Various SPS and SSO schemes can be supported using Visual Basic or other OLE enabled programs to communicate between your authentication server and the Inet terminal emulators.
Print and FTP Servers
The Inet servers have built-in firewalls and automatically “black list” IP addresses trying brute force attacks. The servers can be hidden in the system tray and can be locked to prevent users from closing them and thus disabling required services.
- Set the “run minimized” option in the shortcut in the StartUp group.
- Set View | Minimize to system trayHID_MIN_TO_SYSTRAY.
- Add trusted IP addresses and enable the firewall at Setup | FirewallHIDD_FIREWALL.
- Use the /a command line switchLCmdLineOption to disable the normal close and exit options.
By default, an IP address that tried more than 20 times to gain FTP access without a valid username/password, will be blocked until the FTP server is rebooted.
Support Issues and Hints
The function key dialog is by default in “View” mode. It is often a pain when changing key definitions but saves a lot of hassles by preventing accidental changes by users.
A system administrator may create a custom.reg file that can be entered at any user’s PC to repair damaged registry settings. In severe cases you might need to delete the GPvNO keys in both HKCU and HKLM to remove settings not covered in your custom.reg file.
By setting customized icons on users’ desktops with the /h= and /n command line optionsCmdLineParam, very little may be changed by users.
A system administrator may hide selected buttons by editing the Toolbar entries in the registry. (There is no other interface to this facility.) The idea is to hide the menu with the /n command line optionCmdLineParam and only display selected buttons on the toolbar.
The menu displayed with a mouse Right-Click can be removed from the Setup | Settings menuemulSetupMenu by disabling the Show Right Click Menu option.
We can supply you with information to disable the following facilities: Copy, Paste, ScreenPrint (not the Windows PrintScreen facility), Write Log, Trace, Script and Read input file. Please contact us!ContactUs This information will only be supplied to system administrators.
Locking Registry Settings
We do provide a method to lock certain registry settings to values specified in a read only file on a file server. Most system administrators prefer to use policies to achieve the same effect. We do not document our method here since it would allow clever users to circumvent the system. Please contact the suppliers for more information if you need this facility. We love to assist clients in developing efficient systems.
Remote commandsRemCmdGenInf – Some programs may execute remotely issued commands.