Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

 A  B  C  D  E  F  G  H  I  L  M  N  O  P  R  S  T  U  V  W

 

A

access control lists    
adding, MySQL database
displaying, MySQL database
removing, MySQL database
access security    
CTPView server, managing
accounts    
creating CTPView server nonroot
default CTPOS
default CTPView server
address filter, IP     See IP access filter    
Admin Center    
accessing
groups    
adding
deleting
modifying affiliation
modifying properties
monitoring
passwords    
changing requirements
excluding from use
limiting use
managing user
reinstating excluded
users    
adding
automatic logout
counters
deleting active
deleting inactive
deleting prohibited
displaying prohibited
IP access filters, creating
IP access filters, removing
locked-out IP addresses
lockout period
logging out selected
login attempts
login properties
managing access
modifying properties
monitoring
prohibiting
reinstating prohibited
administrative passwords    
changing
administrative settings    
configuring
Apache daemon    
restarting    12
archive file    
complete, upgrading CTPView software with
web, upgrading CTPView software with
authentication    
CTPView software users with Steel-Belted RADIUS
 

B

bandwidth throttling
banner    
CTPView start-up (log-in)
setting    
CTPView server menu
BIOS menu    
changing the password    12
booting CTPView server from CD
browser    
logging in
restarting Apache daemon on CTPView server
restoring access
 

C

Circuit to Packet network    
clock options
overview
receive packet processing
serial stream processing
software overview
transmit packet processing
clock options
CompactFlash card    
burning a CTPOS image to
changing read/write state
configuration settings    
restoring (CTPView server menu)    12
saving CTPView software    12
configuration, server    
restoring overview (CTPView GUI)    12
CTP devices    
unlocking user accounts with expired passwords    12
CTP platforms    
adding and removing
adding comments to monitoring status
automatically collecting statistical data
changing display settings for network monitoring
checking connections to the CTPView server
displaying network statistics
displaying reports
displaying runtime query results
host groups, adding and removing
managing    
monitoring
manually overriding monitoring status
monitoring (CTPView GUI)
passwords    
changing user
port forwarding    
clearing open sockets
configuring the platform
configuring the server
restoring configuration
saving configuration automatically
setting audible status alert
SNMP communities, adding and removing
SSH connections    
clearing open sockets
configuring the platform
configuring the server
understanding network reports
updating CTPOS
CTPOS    
burn CTPOS flash image    12
burning image to a CompactFlash card
default accounts and passwords
updating
upgrade files
CTPView    
menu, accessing
TACACS+, configuring
TACACS+, query
TACACS+, settings
CTPView Admin Center     See Admin Center    
CTPView GUI    
adding comments to platform monitoring status
Admin Center, accessing
automatically removing outdated files
automatically synchronizing servers
bandwidth throttling
browser settings
browser, logging in
changing default user password
checking network connections
configuring automatic functions
creating more server disk space
CTP platform reports
display settings
display settings help
displaying platform and port runtime query results
email notifications
Global_Admin account, creating
groups    
adding
deleting
modifying affiliation
modifying properties
monitoring
host groups, adding and removing
managing users and groups
manually overriding platform monitoring status
monitoring the CTP platform network
network monitoring display settings
network reports    1
field descriptions
network statistics
NTP servers, managing
passwords    
changing requirements
excluding from use
limiting user
managing user
reinstating excluded
platforms, adding and removing
port forwarding, managing
restoring configuration    
CTP platform
CTPView server, by synchronizing servers    12
restoring server configuration    
overview    12
saving configuration    
CTP platform
server clock, setting
setting audible platform status alert
SNMP communities, adding and removing
start-up (log-in) banner
support for tabbed or nontabbed browsers
synchronizing servers    
automatically
manually
network configuration
overview
user properties, modifying
users    
adding
automatic logout
counters
deleting active
deleting inactive
deleting prohibited
displaying prohibited
IP access filters, creating
IP address access filters, removing
locked-out IP addresses
lockout period
logging out selected
login attempts
login properties
managing access
monitoring
prohibiting
reinstating prohibited
validating server configuration    12
verifying server OS installation
CTPView server    
access security, managing    12
account    
creating nonroot
acquiring shell access
booting from CD
clock, setting
configuring guidelines on a virtual machine
configuring on a Hyper-V server
configuring on an ESXi server
creating disk space    
CTPView GUI
data file permissions, resetting
default accounts and passwords
determining free disk space
disk space, creating    
CTPView server menu    12
firewall defaults, restoring
installation log
installing OS (CTPView server CLI)
installing the software overview
log-in banner, setting
logging level, setting
logs, managing
MySQL server, restarting
network access, configuring
on a Hyper-V server
on a Hyper-V server, overview
on a virtual machine, overview
on an ESXi server
on an ESXi server, overview
password    
creating nonroot
setting new nonroot
setting new root
password requirements    12
port forwarding, configuring
preparing a new
restoring browser access
restoring configuration by synchronizing servers    12
restoring configuration overview    
CTPView GUI    12
restoring configuration settings    
CTPView server menu    12
restoring shell access
software installation and upgrade    
overview
start-up (log-in) banner
synchronizing to restore configuration    12
system administrator account, resetting
system file defaults, restoring
TACACS+ settings
TACACS+, configuring
third-party software on
upgrade files
upgrading the software overview
user passwords, managing
users, managing shell account
validating configuration    12
verifying OS installation
web certificate, creating
CTPView server CLI    
BIOS menu password    12
burning CTPOS image to a CompactFlash card
changing default user password
changing root account password    12
installing server OS
reviewing the installation log
CTPView server menu    
access security, managing
accessing
creating more server disk space    12
GRUB boot loader password    12
log-in banner, setting
logging level, setting
logs, managing
MySQL Apache account password    12
MySQL IP access lists
MySQL root account password    12
MySQL server, restarting
network access, configuring
OpenSSL authenticaton, creating and self-signing web certificate
port forwarding, managing
restoring server configuration settings    12
saving CTPView configuration settings    12
TACACS+, configuring
user passwords, managing
users, managing shell account
web certificate, creating
CTPView server OS    
software installation and upgrade    
overview
tasks
verifying installation
CTPView server, OpenSSL    
web certificate, creating
CTPView software    
configuring administrative settings
saving configuration settings    12
updating CTPOS
upgrade files
upgrading    
overview
with complete archive file
with web archive file
user security levels
 

D

data file permissions    
CTPView server, resetting
 

E

email notifications    
configuring
ESXi server    
configuring CTPView server
configuring guidelines CTPView server
overview of CTPView server on
 

F

files    
removing (CTPView GUI)
removing (CTPView server menu)    12
firewall    
CTPView server defaults, restoring
 

G

Global_Admin account    
creating CTPView GUI
groups, user    
adding
deleting
managing
modifying affiliation
modifying properties
monitoring
GRUB boot loader    
changing the password    12
 

H

host groups    
adding and removing
Hyper-V server    
configuring CTPView server
configuring guidelines CTPView server
overview of CTPView server on
 

I

installation    
reviewing log for errors
software overview
IP access filter
IP address filter     See IP access filter    
 

L

limiting CTP network bandwidth
log-in banner    
configuring
setting    
CTPView server menu
logging level    
CTPView server, setting
login security    
CTPView software
logs    
managing CTPView server
 

M

menu    
accessing CTPView server
MySQL database    
automatically backing up
changing the Apache account password    12
changing the root account password    12
configuring IP access control lists
MySQL server    
restarting
 

N

native authentication with Steel-Belted RADIUS
network access    
configuring server
network reports    
displaying CTP platform
understanding CTP platform
nonroot account    
creating
nonroot passwords    
creating
setting new
NTP servers    
managing
 

O

OpenSSL authentication    
web certificate, creating
OS, CTPView server    
installing (CTPView server CLI)
software installation and upgrade    
overview
tasks
verifying installation on server
outdated files    
automatically removing
removing (CTPView GUI)
removing (CTPView server menu)    12
overview    
Circuit to Packet network
CTP network software
restoring configuration    12
restoring server configuration    
CTPView GUI    12
software installation and upgrade    
CTPView server
synchronizing servers (CTPView)    
CTPView GUI
 

P

passwords    
BIOS menu changing    12
changing administrative
changing requirements
CTP platform user    
changing
CTPOS    
default
CTPView GUI    
changing default
CTPView server    
changing default
changing root    12
creating nonroot
default
recovering lost
requirements    12
setting new nonroot
setting new root
excluding from use
expiration of user
Global_Admin account
GRUB boot loader changing    12
limiting use
managing user
MySQL database changing    1234
reinstating excluded
requirements of user
port forwarding    
configuring on CTP platforms
configuring on the CTPView server
 

R

receive packet processing
redundant files    
removing (CTPView GUI)
removing (CTPView server menu)    12
remote host     See CTP platforms    
root passwords    
setting new CTPView server
RSA SecurID authentication with Steel-Belted RADIUS
 

S

security levels    
user
serial stream processing
setting user password    
resetting password
shell access to CTPView server    
acquiring
restoring
SNMP communities     See adding and removing    
software    
installation and upgrade    
CTPView server OS tasks
CTPView server overview
network management only
upgrade files
SSH    
connections to CTP platforms    
configuring on the platform
persistent connections to CTP platforms    
configuring on the server
start-up banner    
configuring
setting    
CTPView server menu
Steel-Belted RADIUS    
authentication for CTPView software users
synchronization of CTPView servers    
automatic method
configuring the synchronization network
manual method
overview
to restore configuration    12
system administrator account    
CTPView server, resetting
system file    
CTPView server defaults, restoring
 

T

third-party software    
using on the CTPView server
transmit packet processing
troubleshooting    
installation issues
two factor authentication with Steel-Belted RADIUS
 

U

upgrade    
CTPView Network Management Software
software overview
user accounts, unlocking    
expired passwords    12
user groups     See groups, user    
user passwords    
changing CTP platform
changing CTPView GUI default
changing server’s default
changing server’s root    12
expiration
requirements
users    
adding
authentication with Steel-Belted RADIUS
automatic logout
counters
deleting active
deleting inactive
deleting prohibited
displaying prohibited
IP access filters    
creating
removing
locked-out IP addresses
lockout period
logging out selected
login attempts
login properties
managing
managing access
managing passwords
modifying properties
monitoring
password requirements    12
prohibiting
reinstating prohibited
security levels    12
shell account, classification
shell account, managing
 

V

virtual machine    
CTPView server, configuring guidelines
CTPView server, overview
 

W

web certificate    
creating

Related Documentation

    NTP Authentication Overview on CTP Devices

    Network Time Protocol (NTP) is a UDP protocol for IP networks. It is a protocol designed to synchronize the clock on client machines with the clock on NTP servers. NTP uses Coordinated Universal Time (UTC) as the reference time.

    The implementation of NTP requires separate client and server applications. Superficially, NTP is a software daemon operating in a client mode and server mode. Using NTP packets, the client and server exchange time stamp data, ultimately setting the clock on the client machine similar to that of the NTP server. Starting with CTPOS Release 7.2R1, NTP authentication is supported. NTP authentication checks the authenticity of NTP server before synchronizing local time with server. This phenomenon helps you to identify secure servers from unauthorized or illegal servers. NTP authentication works with a symmetric key configured by user. The key is shared by the client and an external NTP server. The servers and clients must agree on the key to authenticate NTP packets. Currently NTP is already supported in CTP devices but NTP authentication is not supported. Authentication support allows the NTP client to verify that the server is in fact known and trusted and not an intruder intending accidentally or on purpose to masquerade as that server.

    The following are the different operating modes used by NTP:

    • Client/Server—In a common client/server model, a client sends an NTP message to one or more servers and processes the replies as received. The server interchanges addresses and ports, overwrites certain fields in the message, recalculates the checksum, and returns the message immediately. Information included in the NTP message allows the client to determine the server time with respect to local time and adjust the local clock.
    • Symmetric Active/Passive—Configuring a peer in symmetric-active mode indicates remote server that one wish to obtain time from the remote server and that one is also willing to supply time to the remote server if necessary. This mode is appropriate in configurations involving a number of redundant time servers interconnected through diverse network paths. Symmetric modes are most often used between two or more servers operating as a mutually redundant group.
    • Broadcast—The advantage is that clients do not need to be configured for a specific server, as this mode is intended for configurations involving one or a few servers and a possibly very large client population. Broadcast mode requires a broadcast server on the same subnet. Since broadcast messages are not propagated by routers, only broadcast servers on the same subnet are used. Since an intruder can impersonate a broadcast server and inject false time values, this mode should always be authenticated.

    In the CTPView server, the Client/Server mode is implemented, which is the use case of the CTP device and CTPView or any other Linux machine within the same network as that of the CTP device will act as NTP servers for authentication.

    Although you can configure NTP using the CTPView server in CTPView releases earlier than Release 7.2, you can configure NTP authentication starting from CTPView Release 7.2R1. NTP can only be configured from the CTPView server by using the System Configuration > Node Settings page of the CTPView server. NTP authentication allows the NTP client to verify that servers are known and trusted. Symmetric key authentication will be used to authenticate the packets. It is assumed that the shared secret key is already being communicated between client and server and it is the responsibility of the server to have the shared secret keys already configured in their configuration and keys files. The client then adds the required key id and shared secret key to their configuration and keys files through CTPView or through syscfg commands. The Key ID and Key Value fields must be left blank in CTPView to disable NTP authentication.

    NTP Authentication Procedure

    It is assumed that the shared secret key is already being communicated between client and server and it is the responsibility of the server to have the shared secret keys already configured in their configuration and keys files. Also, the “trustedkey keyid” attribute must be mentioned in the server’s ntp.conf file and the NTP process (ntpd) must be started in the server side for successful authentication.

    The user provides the communicated key id and key values through the CTPView server or syscfg commands. The CTPView server adds the key value and key id to the conf and keys files of the CTP device and starts the NTP daemon. The NTP servers and clients involved must agree on the key, key ID, and key type to authenticate the NTP packets.

    When the NTP daemon is started, it reads the key file specified by the keys command and installs the keys in the key cache. It then exchanges packets with its configured servers at poll intervals. The NTP authentication packet adds the key ID and the MAC address in its header, and the packets are accepted by the server only if the key ID matches a trusted key and the message digest is verified with this key. After authentication is successful, the NTP server stores its own timestamp and a transmit timestamp into the packet and send it back to the client. In the case of authentication failure, time is not synchronized.

    The following is the example of NTP authentication assuming that the key received from NTP server is 12345 and the key number and corresponding key value is added to the conf and key files of the CTP device.

    Command - ntpdate -d –a <Key Id> -k /etc/ntp/keys <Server Ip>
    
    Example - ntpdate -d –a 12345 -k /etc/ntp/keys 10.216.118.101
    
    
    [root@ctp_74 ctp_cmd 36]# ntpdate -d -a 12345 -k /etc/ntp/keys 10.216.118.101
    27 May 16:13:41 ntpdate[11935]: ntpdate 4.2.8@1.3265-o Tue Jan  6 05:50:59 UTC 2015 (3)
    Looking for host 10.216.118.101 and service ntp
    host found : 10.216.118.101
    transmit(10.216.118.101)
    receive(10.216.118.101)
    receive: authentication passed
    transmit(10.216.118.101)
    receive(10.216.118.101)
    receive: authentication passed
    transmit(10.216.118.101)
    receive(10.216.118.101)
    receive: authentication passed
    transmit(10.216.118.101)
    receive(10.216.118.101)
    receive: authentication passed
    server 10.216.118.101, port 123
    stratum 11, precision -21, leap 00, trust 000
    refid [10.216.118.101], delay 0.02577, dispersion 0.00006
    transmitted 4, in filter 4
    reference time:    d9101e66.08f2fe3d  Wed, May 27 2015 10:43:50.034
    originate timestamp: d9101e68.fbd8b5c6  Wed, May 27 2015 10:43:52.983
    transmit timestamp:  d9106bbb.82aca793  Wed, May 27 2015 16:13:47.510
    filter delay:  0.02580  0.02579  0.02577  0.02579
             0.00000  0.00000  0.00000  0.00000
    filter offset: -19794.5 -19794.5 -19794.5 -19794.5
             0.000000 0.000000 0.000000 0.000000
    delay 0.02577, dispersion 0.00006
    offset -19794.526903
    
    27 May 16:13:47 ntpdate[11935]: step time server 10.216.118.101 offset -19794.526903 sec
    
    

    The preceding command, when run without “-d” option, synchronizes the time of CTP device with the NTP server. The “-d” option runs in debug mode, prints the intermediate results, and does not adjust the clock. If the key number or key value are not correct, then the message “authentication passed” is replaced with “authentication failed” and time is not synchronized.

    Modified: 2016-02-04