The AI-Native Device Platform
User Manual

Device Security Settings

Manage and configure device security settings, including end-to-end encryption, firewall rules, SSH port access, and administrator access for your awaBerry device.

Device Security Settings

Summary

This page allows you to manage the security settings of your awaBerry device. You can configure various aspects of device security, including end-to-end encryption, firewall rules, SSH (Secure Shell) port access, and administrator access. These settings are crucial for protecting your device and ensuring its smooth operation within the awaBerry ecosystem.

The core functionalities enable you to:

  • Control End-to-End Encryption: Activate or deactivate encrypted connections to your device. This is the default and recommended setting for robust security.
  • Manage Firewall: Configure whether your device uses a hardware firewall or Docker for network security, or manage a software-based firewall. You can activate/deactivate the software firewall and control access to the SSH port (port 22).
  • Configure Administrator Access: Set up or disable automated administrator access for the device, which is often required for certain operations like software installations or operating system updates.

For Mac devices, some firewall settings are managed via the system settings, while on Linux devices, the awaBerry installer configures passwordless administrator access by default for the 'awabon' account.

Read more

Page Access

You can access this page by navigating to: /devices_security

Page Functionalities

End-to-End Encryption with Device

  • Encryption Switch: A toggle switch to activate or deactivate end-to-end encrypted connections. Activating this ensures that only secure connections are accepted by the device, which is recommended for security.
  • Update Button: Applies the selected encryption setting to your device.

Firewall Status

  • Hardware Firewall or Docker Switch: A toggle switch to indicate if you are using a hardware firewall or if Docker is managing network security. If activated, the software firewall and SSH port settings below will be treated as managed externally.
  • Firewall Status Refresh Button: An icon button (refresh icon) to get the latest firewall and SSH port blocking status directly from the device.
  • Information for Apple Devices: A text message indicating that firewall activation on Apple devices is managed via the system settings. This includes a link to an FAQ for guidance.
  • Software based firewall status Switch: A toggle switch to enable or disable the software-based firewall on your device. It is recommended to keep the firewall active. This switch is disabled for Mac devices as firewall is managed by the OS.
  • Block SSH port Switch: A toggle switch to block or unblock the SSH port (port 22) for incoming connections when the firewall is active. Blocking the SSH port is recommended for security, as awaBerry Anywhere allows access via its terminal and file browser without needing an open SSH port. This switch is disabled for Mac devices or if the software firewall is inactive.
  • Additional Ports Information: For non-Mac devices, a hint that additional ports can be blocked using the terminal.
  • Update Button: Applies the selected firewall and SSH port settings to your device.

Administrator Access

  • Linux Device Information: Text explaining that on Linux devices, the awaBerry installer automatically activates passwordless administrator access for the 'awabon' account. It also advises that changing the account or root password should be done via the terminal.
  • Allow automated switch to administrator access Switch: A toggle switch to enable or disable the ability for awaBerry to automatically switch to administrator access within the terminal and file browser. This is necessary for operations like installing software or updating the operating system. This switch is disabled for Mac devices.
  • Device administrator password Field: A password input field that appears when 'Allow automated switch to administrator access' is enabled. You must provide the device's administrator password here. The password is stored end-to-end encrypted on the device and is not sent to the awaBerry.com cloud.
  • Update Button: Applies the administrator access settings and securely stores the encrypted password on the device if automated access is enabled.

Navigation

  • Goto terminal Button: An icon button (console icon) that navigates you to the device's terminal view.
  • Goto file browser Button: An icon button (file arrow up/down icon) that navigates you to the device's file browser view.

Scenario Executions

Possible usage steps within this page

Scenario: Enable End-to-End Encryption

This scenario guides you through activating the recommended end-to-end encryption for your device, ensuring secure connections.

  • Step 1: Navigate to the "Device Security Settings" page.
  • Step 2: In the "End-to-End Encryption with Device" section, locate the toggle switch.
  • Step 3: Ensure the switch is in the ON position (blue color). If it's OFF, toggle it ON.
  • Step 4: Click the "Update" button below the encryption switch.
  • Expected Result: A message "Updated setting successfully" will appear, confirming that end-to-end encryption is now active.

Scenario: Disable Software Firewall (Non-Mac Device)

This scenario demonstrates how to deactivate the software-based firewall on your non-Mac device. Note: it's generally recommended to keep the firewall active.

  • Step 1: Navigate to the "Device Security Settings" page.
  • Step 2: In the "Firewall Status" section, ensure the "Hardware firewall or Docker" switch is OFF.
  • Step 3: Locate the "Software based firewall status" toggle switch.
  • Step 4: Toggle the switch to the OFF position (grey color).
  • Step 5: Click the "Update" button within the "Firewall Status" section.
  • Expected Result: A message "Firewall disabled successfully" will appear, indicating the software firewall is now off.

Scenario: Block SSH Port with Active Firewall (Non-Mac Device)

This scenario shows how to block the SSH port on your non-Mac device when the software firewall is active, enhancing security.

  • Step 1: Navigate to the "Device Security Settings" page.
  • Step 2: In the "Firewall Status" section, ensure the "Hardware firewall or Docker" switch is OFF.
  • Step 3: Ensure the "Software based firewall status" switch is in the ON position. If not, activate it and update first.
  • Step 4: Locate the "Block SSH port" toggle switch.
  • Step 5: Toggle the switch to the ON position (blue color).
  • Step 6: Click the "Update" button within the "Firewall Status" section.
  • Expected Result: A message "Firewall: blocking ssh port successfully" will appear, confirming the SSH port is now blocked.

Scenario: Enable Automated Administrator Access (Non-Mac Device)

This scenario guides you through enabling automated administrator access and securely storing the device password for convenience on your non-Mac device.

  • Step 1: Navigate to the "Device Security Settings" page.
  • Step 2: In the "Administrator Access" section, locate the "Allow automated switch to administrator access" toggle switch.
  • Step 3: Toggle the switch to the ON position (blue color). This will reveal the "Device administrator password" field.
  • Step 4: Enter your device's administrator password into the provided field.
  • Step 5: Click the "Update" button within the "Administrator Access" section.
  • Expected Result: A message "Stored encrypted password on device successfully" will appear, indicating the password has been securely stored.

Possible errors which may occur on this page

Error: Failed to activate firewall

Description: This error occurs when the system encounters an issue while trying to activate the software-based firewall on your device. This could be due to permission problems, conflicting network configurations, or a temporary issue with the device's operating system.

  • Starting Point: You attempt to turn ON the "Software based firewall status" switch and click "Update".
  • Observed Error: Instead of a success message, a message "Failed to activate firewall" appears.
  • Why it happens: The underlying command to enable the firewall on the device did not execute successfully.
  • Recommended Action:
    • Check the device's system logs for more details on the failure.
    • Ensure you have the necessary permissions on the device.
    • Try refreshing the firewall status and attempt to activate it again.
    • Consider accessing the device via the awaBerry terminal to manually troubleshoot firewall settings.

Error: Empty Device Administrator Password

Description: This error occurs when you try to enable automated administrator access without providing a device administrator password.

  • Starting Point: You turn ON the "Allow automated switch to administrator access" switch, leave the "Device administrator password" field empty, and click "Update".
  • Observed Error: A validation message "Please provide the device administrator password" appears below the password field.
  • Why it happens: The system requires a password to securely store for automated administrator access; an empty field is not permitted.
  • Recommended Action: Enter the correct administrator password for your device into the designated field and then click "Update" again.
Navigate ← Device Main Page ← Devices Overview Details ← Devices Overview ← awaBerry Device Management ← awaBerry User Manual Main Page