WebBrick 6 Series Security Model

WebBrick 6 Series Security Model
Posted on Saturday, August 18 @ GMT Daylight Time
 

WebBrick Security Model

This article looks at the security model for the WebBrick in a home environment.



The physical home

Lets first consider an analogy with the physical home. These tend to be protected at the perimeter with locks and keys. Once inside the home user has virtually free access. However if you want to change the configuration of a home appliance there's generally a lightweight security check to avoid accidental changes. For example a television might require a particular mode or switch to be set before it can be tuned.

The WebBrick is set up on the same principles. The controls of the WebBrick have no security, however the configuration is password protected. There's one other layer, and that's the lockout function, this stops the WebBrick state engines from acting on any new triggers.

If outputs have been set using 'ON' 'OFF' or 'TOGGLE' commands then the outputs will stay in the same state after a WebBrick has been locked out. If the outputs have been set as a result of a 'DWELL' or 'DWELL-CAN' then the outputs will follow the state engine to completion but not accept any more trigger until the lock-out is cleared.

WebBricks and the Outside World

If WebBricks are to be operated outside the house, then another layer of security is required. This layer can be provided in various ways:

  • Using Python or PHP Libraries on a server system connected to the Internet
  • Using an O2M8 HGA
  • A password protected proxy server

    If you create a page using 'PanelLib' [from the supplied open source WebBrick Libraries] you can use your web server's standard security schemes to protect them. If you are using something like apache, you can make these controls more sophistication by only requiring a password for external users, here's an example that assumes that you have an internal network of 10.0.0.0 :

    Deny from all
    Allow from 10
    AuthUserFile /etc/httpd/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Protected Controls Pages"
    AuthType Basic
    Require valid-user
    satisfy any

    Here's diagram showing HGA deployment:

    Advanced WebBrick Security

    There is an extra level of password security on a WebBrick, by default it is disabled, however once enabled it ensures that a password is required to operate the network based controls of a WebBrick [i.e. WebPages and commands from a HGA or library function]. This mechanism is not recommended for external control since the passwords are global to the WebBrick, i.e. once enabled all clients has access until logged out. See the WebBrick do*****entation for Level One passwords.

    • Published 23 July 2007 09:08 by Community.Organiser
    Filed under: ,

    Comments

    No Comments