VTS Series Firmware Version 1.8.0 Release Notes November 28, 2005 Copyright (c) 1998-2005, Sena Technologies, Inc. INTRODUCTION ============= These release notes describe new features added and bugs fixed since the firmware V1.7.0.1 release. ENHANCEMENTS ============== + Added the virtual KVM support. + Added the security profiles(Standard, custom, secure). + Added the ability to configure the web port (default port : http=80, https=443) + Added an option to disable reverse DNS lookup. + Added an option to specify a system log file name. + Added the "Radius down - Local" authentication for CLI access. + Added the time zone list. + Added the email notifications for the traps on the main SNMP page configurable per trap + Increased the max number of outlets per port. (up to 8) + Added a drop down list for UDP, TCP and ICMP protocol in IP Filtering configuration. + Added [View] button to display system logs or port logs on the pop-up window. + Added the checkbox to enable/disable the NMS configuration on the SNMP configuration page. + WEP key string for wireless PC card is stored as an encrypted form. + HTTP will be redirected to HTTPS in default configuration. + Default /etc/ldapauth file is changed to restrict searchbase only to user. BUG FIXES ========= - Fixed the problem in using SSH public-key authentication to the CLI. - Fixed the problem in setting power permission of added power outlets through the editconf. - Fixed the problem in disabling the power controller email alert and remote port email alert automatically if SMTP configuration was disabled - Fixed the problem in applying IP mode of eth0 and eth1 both as static. - Fixed the problem in changing configuration of SNMP daemon via NMS. - Fixed the problem in applying 'Set factory default a port' on a remote port. - Fixed the problem in accessing slave unit from master unit via Web UI. (Incorrect parameter initialization is caused in some cases.) - Fixed the problem in sending a log to Syslog server if there is a ¡°<¡± character in the log message. - Fixed the problem in sending a port login trap if the protocol of the port is SSH and the port is accessed from the port access menu. - Fixed the problem in accessing a remote port after resetting it. - Fixed the problem in sending port login trap/email for TCP port with none authentication. - Fixed the problems related with the power controller. - Fixed the problem with setting more than two serial ports as factory default in the editconf. - Fix the problem in displaying the log after reducing the log file size. - Fixed the problem with RawTCP delimiter option. NOTES ============ * ¡°kinit¡±(KEBEROS authentication client) and ¡°pppd¡±(PPP daemon for PPPOE mode) are removed from firmware image due to the space problem. But you can use the feature if you place them on user space.(/usr2) Please contact the Sena Support if you need these binaries. KNOWN BUGS ============ * None. REVISION HISTORY ================ 1.7.0.1 August 17, 2005 - Fixed the problem in accessing Web UI via DNS name. - Fixed the problem in logging port log if Auto port detection is turned on. - Fixed the problem in authenticating user via local database when port authentication is set to TACACS+/Local and TACACS+ server is down. - Fixed the problem in accessing a serial port when user tries continually connecting and disconnecting to a port via SSH. 1.7.0 June 22, 2005 + Added the access lists for grouping users + Added the remote ports supports + Added the VTS manager supports (Removed the HD Manager support) + Enhanced clustering features * Integrating the ports of the slave units into connection page of master unit. * Clustering slave unit web pages which are linked through clustering master unit can be accessed without prompting authentication. + Added the automated way to backup configuration + Upgraded the OpenSSH to v4.0p1 + Added the delimiter support in RawTCP protocol + Added uptime information at system status page + Enhanced security in VTS * Enhance logging(all connection to CM and Ports) * Log all changes to configuration * Add security profile configuration * Add Stealth mode * Enhanced login security ? forced to use strong password rules - Minimum password length - Maximum password age - Enforce password history - Enforce password complexity 1) Not contain all or part of the user's account name 2) Be at least eight characters in length 3) Contain characters from three of the following four categories: - English uppercase characters (A through Z) - English lowercase characters (a through z) - Base 10 digits (0 through 9) - Non-alphabetic characters (for example, !, $, #, %) 4) Six characters of a password may only occur once. 5) No null or blank characters may be used. 6) No consecutive numbers or letters. 7) Users should not use a password that is the same as the USERID or user¡¯s name. 8) May not be a password that was used within the previous nine password changes. 9) Differ from the old password by at least three characters. - Add Enable/disable option for SNMP daemon(get/set) - Configure use of SSH v1/v2 (default SHOULD BE v2 if Java applet supports v2) - Option to use JTA on /usr2 - Disable account after 2 wrong password attempts + Upgraded the TACACS+ implementation using PAM module + Added the support for user customizable PAM module + Extended the hash file format for automatic firmware upgrade to add a "run command" + Added Radius down local authentication option for Web UI + Changed to accept a hostname in syslog server configuration + Added the notification if NFS mounted partition was disconnected (server down) + Added the firmware upgrade option from CF card. + Disable the assigned IP of serial ports by default. + Added an option to disable the port escape menu. + Added the support the Active Directory in LDAP authentication. + Added the built-in JTA option with SSH1 and SSH2. + Added an option to make a back-up log files on log storage location. + Added the feature to confirm callback phone number in Dial-in modem connection + Added the power status and control MIB. + Added the support in connecting the slave port through ssh port(22th) of master unit + Moved case sensitive option to port event handling configuration page + Enhanced the method to disconnect port user in Port Escape Menu so that user can receive a message to confirm the disconnection. - Fixed the problem with displaying message window to another user when there are more than two users on Web UI. - Fixed the problem with logging out another user when the same user logs out on another Web browser. - Fixed the problem with updating the route table immediately by changing the gateway configuration. - Changed the unit of "memoryTotalMemory" variable on VTS SNMP MIB to Bytes from Kbytes. - Fixed the problem in sending system logs via e-mail when user changes the system log storage location. - Fixed the problem with port lock up after disconnecting sniff session - Fixed the problem with SNMP crashes when running some SNMP test suites - Fixed the problem in keeping IP filtering rules when upgrading firmware - Fixed the problem in receiving large response messages in Active Detection feature - Fixed the problem in making a port the factory default using SNMP agent. - Fixed the problem in saving SNMP configuration using Web UI. (Access control settings or Trap receiver settings which follows 0.0.0.0 IP address are not applied) - Fixed the problem in running saveconf and applyconf repeatedly. - Fixed the problem in automatic detection notification. (Automatic detection email alert which contains none ASCII bytes is not sent) - Fixed the problem of downing Web server while running scan test using NeWT. - Fixed the problem in applying enable port in all port configuration. - Fixed the problem in displaying user name and source address in case of port access menu though login/logout information is recorded - Fixed the problem in using master authentication when slave unit is set master authentication and slave port is connected through port acces menu of master unit 1.6.5 February 22, 2005 + Added system and port configuration via SNMP. + [IP address] of [Access control settings] tab at [SNMP configuration] page is allowed to have [default]. All NMS access is allowed if correct community is entered. + Added a method of sending the port escape sequence to the serial port. * If you send ^z once the port escape menu opens, and if you sent ^z on the escape menu, ^z is sent on to the device and the port escape menu is closed. * If you send ^z twice within 0.5 sec interval, ^z is sent on to the device without opening the port escape menu. + Added an option for accessing ports without login on the Port Access Menu * "Login on port access" option in Port access menu configuration. (default = enable) + Added an option for the case insensitive keyword notification * "Case sensitive checking in keyword" (default = enable) + Changed the default option of SSH daemon. (UseDNS yes => UseDNS no) + Removed double quotation marks in SNMP Trap message. - Some typo errors are corrected - Fixed the problem with changing the gateway. It does not flush the route table. - Fixed the problem with refreshing the Power management page automatically when web page refresh rate is set as 0. - Fixed the problem in controlling the Power control outlets, which are linked to the serial ports at [Power control configuration] tab on [Serial port configuration] page. - Fixed the problem with occurring abnormal port disconnection when port is accessed through SSH console. - Fixed the problem with generating zombie process when port is accessed through SSH console with enabling login trap option. - Fixed the memory leak problem in case of automatic detection without script. - Fixed the problem with writing log for sending email-log in case of log location changes. - Fixed the problem with displaying correct statistics for network interfaces. - Fixed the problem with exporting a configuration to the local machine via the console menu. - Fixed the problem with displaying the continuous system logs when enabling port auto detection - Fixed the problem with setting the "all" port option while setting user access control via the console menu. - Fixed the problem with using other control characters for software flow control except ctrl-s and ctrl-q. - Fixed the problem with receiving correct SNMP notification trap when 1 character keyword is specified in Port event handling. - Fixed the problem with applying the changed device name on SYSLOG without system reboot. - Fixed the problem in changing hostmode settings using All Ports if some ports have Apply All port settings disabled. - Fixed the problem with making the IP filtering options factory defaults. 1.6.0.1 January 20, 2005 - Correct the wrong fix for software flow control problem. 1.6.0 November 02, 2004 + Added the multiple concurrent continues access to serial port. + Added disconnection message if a second connection is tried to a port that is in use. (Without sniffing) + OpenSSH package is upgraded from 3.7.1p2 to 3.8.1p1 + Nekit-Telnet package is upgraded from 0.17 to 0.17-9. + Added the support for the VTS PM. + Added the MD5 support for system password. (Long passwords more than 8 characters are now possible.) + Syslog logging is separated from other logging functions. + Hostname and port title is included in the Syslog log message. + Added an option to remove ^M from Syslog log message + The device monitoring feature is enhanced so that SNMP trap will be sent out if the response to the active probing changes or no response is detected any more. + Size of following OIDs are increased up to 256 characters sysContact, sysName, sysLocation + Added a ssh option to "quick connection via" menu. (Telnet option is changed to "local client" and JTA will call an appropriate client according to the protocol.) + Permission for power management is added to everyone by default when user attaching an outlet to a port. + Keberos package is upgraded to v1.3.5 + Changed the one clustering policy. (Connecting directly to the slave will not be authenticated from the master) + Default rc.user will be copied if there is no rc.user file on /usr2 at boot time. + Quick menu to enable/disable Telnet/SSH/Web port of system is added on IP filtering Page. + Added the Radius down -> local authentication option. + Added a new parameter for web login timeout on Web server configuration page. + Added a ldapauth script on /etc directory so that user can modify this script in case of LDAP authentication. + Email alert for active detection will be sent once in case of no response from the device. + Email alert for active detection will contain the response from the device. - Fixed the incorrect keywordMatched trap OID. - Fixed the problem in sending LoginFailure trap in case of access with invalid user name. - Added fixes for CAN-2003-0001 in all PC LAN(wired and wireless) card drivers. - Fixed the kernel panic problem with some special console cable. - Fixed the problem in accessing serial port set to remote auth via the Port Access Menu. - Fixed the problem with modem initialization problem in Dial-in Terminal server mode. - Fixed the problem in supporting modem connection on serial console - Fixed the problem in disabling "Assigned IP" of port access menu through configmenu. - Fix the problem in authenticating slave port accessed through port access menu 1.5.3 July 21, 2004 + Added the auto detection of connected device using user defined format string and script. + Added the modem tests for two dial-in modem mode ports. + Added the automatic firmware or configuration update through TFTP or DHCP. + Added the logout SNMP trap. + Added the TACACS+ support in PAM. + Added the shell program menu in terminal server mode. + Added the DHCP option, ¡°Reuse old IP at bootup time on DHCP failure", on IP configuration page, for reusing old IP address if DHCP server is not responding at DHCP mode starting. + Added the callback option in Dial-in modem mode. + Added the Buffalo Airstation wireless LAN card(WLI-PCM-L11) support - Login Vulnerability fixed. - Deleting message direction arrow("<") of port log when the log is sent to Syslog server - Fixed the problem in taking over the main session when concurrent connections to a port are over 16. - Fixed the problem in applying IP filtering rule repeatedly(adding and then removing) using Web UI. - Fixed the problem in changing modem init string in Dial-in Modem TS mode using Web UI. - Fixed the problem in accessing Web UI using Mozilla Web Browser. - Fixed the problem for the monitoring only user to access connection page of Web UI. - Fixed the problem in accessing serial ports using following tool or page on Web UI through eth1 interface, Quick connect option : telnet Connect to Clustering slave configure Clustering slave unit port connect - Fixed the problem in using CLI through PC modem interface - Fixed the problem in using software flow control option. 1.5.1 June 3, 2004 + Web UI reconnects to login page after firmware upgrade, configuration import and rebooting. + Users may select port log file name option as ¡®use port title¡¯ so that it can be changed automatically according to the changes in port title. + When IP mode is set as DHCP in Web UI, DNS configuration will be set auto automatically. + Upgraded OpenSSH to 3.7.1p2 and OpenSSL to 0.9.6m + Added dial-in modem mode support through serial console port. + Added an option to change password of login user in the Port Access Menu. + Added an option to use a global SNMP trap receiver setting in Port event handling menu. + Default Access Control Settings(NMS) of SNMP configuration is changed to prevent unauthorized attacks. + Added an option to limit root access to console port or Web UI. + Added the SDK(Software Development Kit) support through CF flash card. + Users can only see the ports they have access to when logging onto the Web UI. + Added the Alert configuration under Serial port configuration with alert function for port login and device connection through mail or SNMP trap. + Bootloader version is displayed on System information under System status page. + Added an option to set the logging direction of port data. + Added several new contents for alarm notification through e-mail or SNMP trap such as IP address, Device name, Port Protocol and Device Time. + Modem interface is changed so that user can accesses shell program directly. + Authentication configuration for Dial-in modem mode is removed. Authentication method now depends on PAM(Pluggable Authentication Module) confiuration + Added support for Netgear FA411 wired LAN card and Buffalo AirStation(WLI-PCM-L11GP) wireless LAN card. + User can change Radius attribute to fit for his Radius server configuration. + Clustering feature is enhanced so that user can configure slave units through UI of master unit. + Slave unit can authenticate users based on database of Master unit. + Serial ports support long user name up to 45 characters. But there is still limitation on length of local user name up to 29 characters. + Added support for the RADIUS authentication to the console login. + Added support for the SecurID¡¯s new PIN and next Token Code Mode. + Added an notification icon on connection page of Web UI when new data has been received on a port. + Added ¡°Show last 10 lines of a log upon connect" option to display last 10 lines of log when user logs into a port automatically. + Added an option to set the secondary IP address for the unit. + New button for "Local echo" is added to JTA window. + Certificate for HTTPS is changed. + Configuration files for JTA are moved to /etc/jta directory so that user can change them using rc.user script. + File permission of reboot binary is changed sot that System admin user can reboot the system. + Added an option for automatic firmware and configuration upgrade through TFTP server. + Confirm message is added to configmenu when user exit from it. + Added an information for MAC Address of PC card on the header of configmenu. - FTP server configuration in /etc/inetd.conf is disabled. - Fixed problem in changing root password through Web UI. - Fixed problem in changing listening tcp port number to ¡°2002¡± through Web UI. - Default Access Control Settings(NMS) of SNMP configuration is changed to prevent unauthorized access or attacks. - Fixed problem in cycling power of outlet separately if there are two outlets linked to one serial port. - Fixed bug in leap year calculation of RTC routine. - Fixed problem in accessing a serial port through Port Access Menu when the port is used already. - Fixed problem in changing the gateway information when IP mode is changed. - All Cross Site Scripting vulnerabilities are removed. - Fixed problem in reflecting NTP time on port logs. - Fixed problem in clearing users using /bin/userlog-man binary - Fixed problem in removing user list when user disconnects connection in Dial-in modem mode. - Fixed problem in logging serial port data with time stamp. - Fixed problem in killing port users through "Serial port users logged on list" window of Web UI. - Fixed problem in permitting for read-only user to send break signal to the port using send break button in JTA window. - Fixed problem in displaying temperature threshold of power controller if the unit is set as Fahrenheit. - Fixed problem in sending send break if port is set as console server/telnet/port escape menu=ctrl-a. - Fixed problem in disconnecting all connections to a port through Global Escape Menu. - Fixed problem in setting NFS server name without '.' in Web UI. - Fixed problem in using SSH client in Terminal server mode. - Incorrect date was displayed when day light saving time is enabled - Non-encrypted type configuration file(*.tar.gz) was not displayed on the list in configmenu. - Fixed problem in running multiple clustering daemon whenever clustering mode is changed. - The default location of scroll bar is moved to the right side of the JTA windows. - Fixed problem in resetting keyword notification and user access control configuration when factory default reset is performed. - Fixed problem in using JTA on Mozilla or Konqueror Web Browser. - Fixed problem in using Port IP filtering feature with some specific filtering rules. - SSH daemon for the box is run by script under /etc/init.d/sshd at the boot time to reduce the connection delay. - Keepalive function is set to the Web server so that Web server cannot be blocked by disconnected remote host while responding to it. - IP filtering menu is changed so that user can assign and add arbitrary filtering options. 1.4.1 January 12, 2004 + WEB UI doesn¡¯t show any non-accessible options according to the user¡¯s right. + Logged in web user ID is displayed on the Web UI. + Added direct URL access to serial ports using JTA. + Added direct port access through SSH port. + Enhanced LDAP support by adding OU to the search path. + Added Korean/Japanese language supports in JTA. + Added power management support. + Added the ability for administrative users to disconnect users from ports through the Web UI. + Added support for the DNS name of an NFS server instead of the IP Address. + Added user configurable host name support. + Added Global Port Escape Menu. + Added Cron support + Added automatic detection of PC cards when PCMCIA card is inserted + Added option for port 'reset' and 'set' in console configuration menu + Added Timezone and Daylight savings time support + VTS will now continue sending DHCP requests if DHCP fails. + Added shell utility to reset a port.(/bin/portreset) + Added shell utility to reset a port.(/bin/portreset) + characters are removed on the system log message when VTS sends system log to syslog server. + Now login retries are permitted up to 3 times at maximum.(Console server or modem mode) - When a certain serial port is transferring data, there might be data loss if user changed configuration of another serial port. - Fixed problem with reconnecting a port after resetting it. - Fixed problem with getting random data in the secondary SNMP Trap receiver fields - Fixed problem with creating a user with username more than 10 characters. - Fixed problem with connecting connect to the eth1 interface(PC card) from eth0 network if eth0 interface on VTS is disconnected. - Fixed problem with reentering a port which was escaped just before in port access menu. - Fixed problem with sending large packets using TELNET client. - telrcv buffer overflow vulnerability in telnet daemon is fixed - Fix Linux kernel vulnerability.(privilege escalation security vulnerability:CAN-2003-0961) - Fixed problem with probing SS device using HelloDevice Manager when IP mode is set as DHCP. 1.3.2 October 6, 2003 + Added User Space(/usr2) and local machine(User's PC) options to configuration management. + Added Enable/Disable encrytion option to configuration management. + Added "Port Title", "Port Protocol" and "Listening TCP Port" objects to Keyword Notification via SNMP trap. - Buffer Management Errors in OpenSSH is fixed. - Fixed problem with disabling sniff mode once it was enabled. - Fixed problem with killing sniff session in sniff session menu when port number was 11 or above. - Fixed problem with checking version number of configuration file which will be imported via Web UI. - Wrong memory handing function on serial port configuration page of Web UI is fixed. 1.3.1 September 16, 2003 + Added SNMP Trap on the serial port disconnection DSR On/Off per serial port + Added SNMP Trap on serial port and system logins. + Improved Configuration File Importing / Exporting method to both Flash Card and NFS server. + Added automatic notification function when initiating a sniff session. + Added separated IP filtering menu for TELNET and SSH console of VTS. + Added a 'send break' option via the VTS telnet client. + Added reset function for ¡°stuck¡± serial port from the Web UI. + Added second trap receiver for Keyword Alerts. + Added IP address information of the slave units in the "Port access menu". + Improved User Administration features. + Added configurable port break sequence for TELNET and SSH protocol. + Added an option to remove the direction arrow(<,>) seen in a sniff session. + Added visible IP address when using DHCP with a PC LAN card. + Added enable/disable option for the First SMTP server + Changed limit on length of SNMP community names from 8 characters to 16 characters + Changed method in entering wep entry for the wireless card (¡°:¡± is not needed) + Changed the wording of ¡°Output¡± and ¡°Input¡± of sniff mode configuration to ¡°Server Output¡± and ¡°User Input¡± respectively. - Fixed problem with booting under burst of UDP packet - Fixed problem with sending syslog messages through MS Exchange or Qmail mail server. - Fixed problem with disabling assigned IP address under "all" ports. - Fixed problem with accessing serial port using WEB Java applet via the LAN interface card. - Fixed problem with remounting NFS server after connection to NFS server is reestablished. - Fixed problem with disabling assigned IP addresses through config menu. - Fixed problem in connecting VTS with wired interface after configuring a wireless PC Card. - Fixed problem in using Lucent Orinoco Wireless LAN card with SSID or WEP Key. - Fixed problem in using character ¡®a¡¯ as a break sequence for TELNET client. 1.2.0 August 5, 2003 + Added Lucent Orinoco Wireless LAN card support + Added Encrypted NFS support - Fixed problem with accessing a Port if it looses connection to the NFS server while log location is set as NFS. - Fixed problem with for a ¡°port admin¡± user being able to reboot the VTS via console menu. - Fixed problem with disabling assigned IP addresses through console menu. - Fixed problem with changing user id via Web UI. - Fixed problem with sending individual port information to the TACACS+ server. - Fixed problem with changing port title of the dial-in modem access menu. - Fixed problem with using Dial-in Terminal server mode with SSH. - Fixed problem with supporting bold character in JTA. - Fixed problem with setting "modem init string" in dial-in TS mode via WEB UI. - Fixed problem with applying inactivity timeout in Console Server mode with rawTCP protocol. - Fixed problems with accessing a port through port access menu. - Fixed problem with accessing a port in Terminal Server and Dial-in modem mode with none authentication. - Fixed problem with setting IP filtering options and SNMP NMS IP addresses through console menu. - Fixed problem with using user comment option in Dial-in modem mode - Fixed problem in authentication with PC modem card. - Fixed problems with log messages. - Fixed problems with using sniff session and inactivity timeout in dial-in modem mode. - Fixed problems with managing users through console menu. 1.1.2 June 18, 2003 - Fixed problem with accessing port using SSH client with public key authentication. - Fixed problem with taking over in sniff mode. In v1.1.0 or v1.1.1, main session user could not use escape sequence after entering sniff mode. 1.1.1 June 5, 2003 - Fixed problem with using PC modem card. - Fixed problem with ¡®quick connection via¡¯ configuration of Port Access Menu. - Fixed problem with killing session via the Port Access Menu running from CLI. - Fixed problem with using Remote or None Authentication in SSH connection. - Fixed problem with changing escape sequence for Port Access Menu. 1.1.0 June 2, 2003 + Added Shadow password support. + Added ability to access slave units through Port Access Menu. + Add option to launch telnet session instead of Java applet for port connection. + Added remote Authentication to WebUI(RADIUS,LDAP, TACACS+, KERBEROS). + One Step Save and Apply. + Configurable escape sequence per port. + Checkbox to allow all users with port access to sniff. + Added ability for sniff users to switch between read only access and read/write access on a port. + Added ability for sniff users to kill other sniff sessions. + Added ability for sniff users to send messages to other sessions. + Added an in-use and by-use comment field in serial port connection screen. + Increased limit of sniff sessions per port to 15. + Customizable port log filename to NFS Server. + Reduce character limit of usernames down to 3. + Add secondary NFS Server option for System and Port logs. + Add Date/Time stamp option to Port logs. + Added ability to switch directly between serial port configuration pages + Use LED graphics in the web UI instead of on/off text. + Added support for Kerberos authentication. + Added SNMP trap for alert. + Added prompt before sending break key to applet window. + Upgraded SSH Client to current version (3.5p1). + Added the ability to disable Alternate IPs(Serial Ports). - Fixed problem with F-Secure/ecureCRT SSH client causing a port lockup when disconnecting from the port. - Fixed problem with Port Log causing panics while logging to CF Card. - Fixed problem with sending a Break from a Dial-in modem. - Fixed problem where an SNMP Trap could lock up the Web Interface. - Fixed problem with system hanging when accessing serial port configuration using Netscape 4.7X/8 on MS Windows.(VTS3200 only) - Fixed problem with SSH client causing login fail when number of client exceeds 10. 1.0.3 March 3, 2003 + First public release CONTACTS ========= Sena Technologies Inc. 210 Yangjae-dong, Seocho-gu Seoul, Korea 137-130 url: http://www.sena.com email: info@sena.com phone: +82-2-573-7772 fax: +82-2-573-7710 Technical support: email: support@sena.com phone: +82-2-573-5422