Security - Access Controls |
The Web-Browser and Programmatic interfaces to the NetRS provide methods for modifying the controls and accessing the information in the NetRS, using the network based HTTP and HTTPS protocols. Without restrictions, these methods could be used by anyone with access to the NetRS's network. That may be undesirable, especially if the NetRS is plugged directly into the Internet. To solve this problem, the NetRS allows you to restrict access to the HTTP/HTTPS interfaces using a system of accounts and passwords. You can use this mechanism to set up accounts that restrict or allow access to several classes of controls and information.
The NetRS is shipped without HTTP/HTTPS security being enabled. This is not the recommended mode of operation. A security strategy that uses one or more accounts is recommended. This can protect not only against malicious attacks on receiver operation, but also against the accidental change of critical receiver settings that can affect day-to-day operation.
The HTTP/HTTPS security mechanism allows the creation of Accounts, each of which is associated with a name and a password. Each account also has a set of Access rights which provide permissions to use various parts of the HTTP/HTTPS interface. For example, an account might created that allows the user to access logged data files, but prevents that user from changing any of the control settings of the NetRS. A different account could be set up that would provide full access to all data and controls.
In addition to the account structure, the security system implements a set of global controls over the access rights. For example, your system could be configured to allow any user to access logged data files, without the need for an account name and password, while requiring a specific account and password to change system controls. Each of the three access groups can be restricted in this way. By default none of the access levels are restricted.
Three different levels of Access rights are defined in the NetRS. Click on any of the access level links below to see a complete list of the functions that are restricted to users with access rights to that level.
Note that viewing most pages on the NetRS Web Browser interface is not prevented by the access restrictions. Thus, for example, any unverified user can view the receiver status or satellite tracking pages. In fact, they can view most of the configuration setup pages. Generally, the access restrictions only come into effect when an attempt is made to modify a restricted control, or download restricted information.
Security access rights are controlled using the
EXTREMELY IMPORTANT: If access to System Controls is set to Restricted, then many important controls will be locked out unless you know an account and password with System Controls permissions. In particular, you won't be able to turn off the System Controls restriction without this knowledge. Don't set System Controls to Restricted unless you have already set up such an account name and password. At the very least, you should have set the password on the sysadmin account to a known value.
Accounts with access to System Controls can view and modify the most
important system controls. These include setting up security accounts,
modifying internet configurations and upgrading the NetRS firmware.
Access to System Controls is also required to use ANY
functions through the Programmatic Interface.
The following pages and functions will require access to a System Controls enabled account:
Accounts with access to GPS Controls can view and modify control settings that affect basic GPS receiver operations, including satellite tracking modes, data logging operations, and Input/Output stream setup.
The following pages and functions will require access to a GPS Controls enabled account:
Accounts with File Access rights are allowed to view, download and delete collected data files using the web browser.
The following pages and functions will require access to a File Access enabled account: