How to secure your NAM Probe installation

To secure the NAM Probe, you can configure OpenSSH and enable/disable the non-secure data transfer (disabled by default).

Configuring OpenSSH

To configure the OpenSSH on your NAM Probe, you must modify the sshd_config file located in /etc/ssh folder. This configuration file contains keyword-argument pairs.

Lines starting with a hash are considered comments.

Disable X11 forwarding by changing the X11 Forwarding setting from yes to no.

X11Forwarding no

Update ciphers by appending the following line to the configuration file:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

Update MACs by appending the following line to the configuration file:

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com

(optional) You can enable Protocol version 2 by uncommenting the #Protocol 2 line:

Protocol 2

To apply your changes, restart the sshd service:

[root@NAM Probe ~]# service sshd stop
[root@NAM Probe ~]# service sshd start

Enable or disable non secure data transfer

To enable or disable the non secure data transfer vie the HTTP (port 9091), use the rtminst command.

Execute the rtminst command from the operating system prompt to start the rtminst setup program.

From the rtminst menu, select the NAM Probe setup.

Enable or disable HTTPS communication between the NAM Probe and the report server.
To enable the HTTP communication, select Enabling non-secure data transfer over HTTP then, Enable non-secure data transfer.

Options:
       1 - Data memory limit
       2 - Driver parameters set
       3 - RTM classic SHM driver parameters
       4 - Enabling non-secure data transfer over HTTP
       X - Exit
Select an option and press `Enter`: 4

Non-secure data transfer: DISABLED

Options:
       1 - Enable non-secure data transfer
       2 - Disable non-secure data transfer
       X - Exit
Select an option and press `Enter`: 1

Non-secure data transfer: ENABLED

To disable the HTTP communication, select Enabling non-secure data transfer over HTTP then, Disable non-secure data transfer.

Options:
       1 - Data memory limit
       2 - Driver parameters set
       3 - RTM classic SHM driver parameters
       4 - Enabling non-secure data transfer over HTTP
       X - Exit
Select an option and press `Enter`: 4

Non-secure data transfer: ENABLED

Options:
       1 - Enable non-secure data transfer
       2 - Disable non-secure data transfer
       X - Exit
Select an option and press `Enter`: 2

Non-secure data transfer: DISABLED

Press [X] to exit the current screen and validate your changes.