Security tab

This tab is used to:

Change the user's Web server account password.
See Change the User's Web server Account Password.
Manage remote access to the controller via SSH.
See SSH Connection.
Manage non-secure connection access via HTTP.
See HTTP Configuration.

Figure 1: Security tab

Change the Password

This area is used to manage the Remote Access to the PCMM2G controller via SSH (Secure Shell).

SSH is a network protocol that gives the users a secure way to access an external system remotely.
- It provides a text-based interface by spawning a remote shell.
By default, the SSH access is disabled on the PCMM2G to enhance security.
- By keeping SSH access off, the PCMM2G controller minimizes the risk of external attacks.
- SSH may need to be enabled in certain advanced troubleshooting scenarios.
- SSH access allows diagnostic commands and access to system logs.
See Using SSH.

Setting	Description
Enable SSH check box	Changing the state of the check box immediately changes the configuration on the controller. A checked box indicates that remote access to the controller via SSH is supported. An unchecked box indicates the controller can not be accessed remotely via SSH. All existing SSH connections are terminated when SSH access is disabled. Save your work and complete any necessary tasks before disabling SSH.

Setting

Description

Enable SSH check box

Changing the state of the check box immediately changes the configuration on the controller.

A checked box indicates that remote access to the controller via SSH is supported.
An unchecked box indicates the controller can not be accessed remotely via SSH.

All existing SSH connections are terminated when SSH access is disabled.
Save your work and complete any necessary tasks before disabling SSH.

This area is used to manage the non-secure connection to the PCMM2G using Hypertext Transfer Protocol (HTTP).

HTTP is a communication protocol that transfers unencrypted data between the user’s browser and the webserver.
Hypertext Transfer Protocol Secure (HTTPS) is a secure extension of HTTP that provides encrypting and verification to the data transferred between the user’s browser and the webserver.
By default, HTTP connections are disabled and will redirect to HTTPS on the PCMM2G to enhance security.
- By keeping HTTP disabled, the PCMM2G minimizes the risk of vulnerable data being exposed.
- HTTP may need to be enabled in certain legacy configurations that do not support HTTPS.

Setting	Description
Enable Non-Secure Connection (HTTP) check box	Changing the state of the check box changes the HTTP configuration on the controller and reboots the controller. An unchecked box indicates the controller: Has disabled non-secure (HTTP) connections. Automatically redirects connections to an HTTPS. A checked box indicates that non-secure (HTTP) connections on the controller are enabled.

Setting

Description

Enable Non-Secure Connection (HTTP) check box

Changing the state of the check box changes the HTTP configuration on the controller and reboots the controller.

An unchecked box indicates the controller:
- Has disabled non-secure (HTTP) connections.
- Automatically redirects connections to an HTTPS.
A checked box indicates that non-secure (HTTP) connections on the controller are enabled.

This area is used to configure and manage the KAS-IDE connection settings with the controller.

When authentication is enabled, KAS-IDE requires valid user credentials to connect to the controller.
By default, unauthenticated connections from KAS-IDE to the controller are disabled to improve system security.
- Disabling unauthenticated access helps reduce the risk of unauthorized or unintended controller access.
- Allowing unauthenticated connections may be useful in specific, controlled, troubleshooting scenarios and should be enabled only when necessary.
See Security – Authentication Access and Control - Authenticated KAS-IDE Access to PCMM2G
- for a detailed description of the KAS‑IDE operations that are protected by this authentication mechanism.

Setting	Description
Allow unauthenticated connections from KAS-IDE check box.	Changing the state of the check box immediately changes the configuration on the controller. A checked box indicates that unauthenticated KAS-IDE connections to the controller are supported. An unchecked box indicates the controller must require account authentication to connect to the KAS-IDE.

Setting

Description

Allow unauthenticated connections from KAS-IDE check box.

Changing the state of the check box immediately changes the configuration on the controller.

A checked box indicates that unauthenticated KAS-IDE connections to the controller are supported.
An unchecked box indicates the controller must require account authentication to connect to the KAS-IDE.

To maintain the security of the device, always disable SSH access, HTTP connections, and unauthenticated connections when they are no longer needed.

Ensure that only authorized personnel have access to the web interface and change security settings.

File transfer using SFTP (Secure File Transfer Protocol) is not supported when SSH is disabled.
SFTP relies on SSH for secure file transfer, so you will need to enable SSH to use SFTP.