Hi Mrmas,
I actually did some testing this time, so I'm going to walk back what I said previously. I'm going to call the Web Interface the WIF for shorthand purposes.
- Some parts work with port 80 disabled but others don't. Note: Once you do this, you'll need to access the WIF via https://<ip address or host name> instead of the default http://<ip address or host name> but it's still there as long as you install support.
- Weirdly, you're correct that the network settings and RAD don't work.
- For the Network Settings, this makes some sense to me. I believe NI MAX is accessing the same interface used by the WIF and is likely defaulting to the HTTP version of this. You can workaround this by using the HTTPS version of the WIF to make those modifications.
- For RAD, I honestly am not sure. It seems like port 80 is required by something the underlying System Configuration API "Create System Image" VI but I'm not really clear on what.
- Further, it looks like software installs through NI MAX also depend on port 80. My best guess is that both NI MAX and RAD are using port 80 for file transfers.
I'm a bit hesitant to make any general recommendations since I am no expert on security. I think you already have some good recommendations and blocking port 80 is probably not a bad idea since the WIF can still be accessed via HTTPS in that case. That being said, it seems certain things require port 80 with no simple way around it.
As for NI Auth, it looks like the username might be unencrypted for one of the transfers but that a password is always encrypted. Both appear to be encrypted if you use the HTTPS version of the WIF to log in. For more information on NI Auth, I suggest looking at Manage User Accounts on Linux Real-Time OS Devices or the Linux User Management with Pluggable Authentication Modules (PAM) and NIAuth section of the NI Linux Real-Time Security User Guide.
Charlie J.
National Instruments
