From SmartCore Wiki
Revision as of 01:51, 8 January 2017 by Simon (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

html php

allowed.conf

Guest pages

When Terminal ID is enabled (Default) unregistered terminals are redirected to the guest document, specified in the core.conf file.

Only files in this directory are available to the client terminal. That include images, CSS and favicon files.

Dynamic defence

Dynamic defence is a mechanism that assess the current level of threat, and apply restrictions and behaviour accordingly.

0: All i well
20; Elevated threat level
No new terminals can register
40: Substantial thread level
60: High thread level
80: under attack
All external terminals are blocked
90: No new terminal are allowed to connect. already connected local terminal are still served
95: Logging of connection attempts and polite replies are suspended
100: Local terminal requests are blocked

Black list

IPs on the black list are rejected. If dynamis defence are enabled, terminals with offensive behaviour are black listed. Administrator can also blacklist certain IPs

Allowed files

allowed.conf contains a list of files that are allowed to get served. filenames may contain wildcards * and ? requests for pages that does not match, are rejected.

Session control

Sessions is a vital access control and privileges restriction, especially when combined with terminal authentication (TID) Terminal access is check for every request, even images. Access is granted based on two parameters, that are assessed:

  • Trust: Assigned to every terminal by the administrator
0: Very basic requests are allowed for registred terminals.
20: Guests with no special privileges and small children.
40: House guests, staff, children, and Residents with normal operational requirements.
60: Privileged users, that are allowed to adjust and change functionality.
80: Administrator and programmer access.
  • suspiciousness: Based on deviation from usual attributes, and location, calculated when the terminal starts a new session with the server
0: No suspicious attributes.
100: Very suspicious attributes.

Current access level is calculated as trust - suspiciousness.