When Terminal ID is enabled (Default) unregistered terminals are redirected to the guest document, specified in the core.conf file.
Only files in this directory are available to the client terminal. That include images, CSS and favicon files.
Dynamic defence is a mechanism that assess the current level of threat, and apply restrictions and behaviour accordingly.
|0:||All i well|
|20;||Elevated threat level|
|No new terminals can register|
|40:||Substantial thread level|
|60:||High thread level|
|All external terminals are blocked|
|90:||No new terminal are allowed to connect. already connected local terminal are still served|
|95:||Logging of connection attempts and polite replies are suspended|
|100:||Local terminal requests are blocked|
IPs on the black list are rejected. If dynamis defence are enabled, terminals with offensive behaviour are black listed. Administrator can also blacklist certain IPs
allowed.conf contains a list of files that are allowed to get served. filenames may contain wildcards * and ? requests for pages that does not match, are rejected.
Sessions is a vital access control and privileges restriction, especially when combined with terminal authentication (TID) Terminal access is check for every request, even images. Access is granted based on two parameters, that are assessed:
- Trust: Assigned to every terminal by the administrator
|0:||Very basic requests are allowed for registred terminals.|
|20:||Guests with no special privileges and small children.|
|40:||House guests, staff, children, and Residents with normal operational requirements.|
|60:||Privileged users, that are allowed to adjust and change functionality.|
|80:||Administrator and programmer access.|
- suspiciousness: Based on deviation from usual attributes, and location, calculated when the terminal starts a new session with the server
|0:||No suspicious attributes.|
|100:||Very suspicious attributes.|
Current access level is calculated as trust - suspiciousness.