reduces the number of IP addresses that are needed for users on a private network to access
the Internet, but also enhances the security of the private network.
Web Request Authentication
l
When a user requests access to a specified web page or submits a servlet request, the
TE10 checks whether the user's session identifier is valid and whether the user is
authorized to perform the operation.
l
The server implements the final authentication on the user.
l
Before transmitting user-generated data to clients, the server verifies the data and
encodes it using HyperText Markup Language (HTML) to prevent malicious code and
cross-site scripting attacks.
l
Web security software is used to scan the web server and applications to ensure that there
are no high-risk vulnerabilities.
Protocol Anti-Attack Measures
l
The communication port matrix is provided in the product documentation. Only services
and ports mentioned in the communication port matrix can be enabled.
The communication port matrix contains the following information: open ports, transport
layer protocols used by the ports, network elements (NEs) that use the ports to
communicate with peer NEs, application layer protocols used by the ports and
description of the services at the application layer, whether services at the application
layer can be disabled, authentication modes adopted by the ports, and port functions
(such as data traffic control).
l
The Real-time Transport Protocol (RTP) and Transport Layer Security (TLS) are used to
encrypt voice services to ensure secure communication between users.
l
For network management, the TE10 supports the Simple Network Management Protocol
v3 (SNMP v3), which features high adaptability and security. User names are needed to
connect the network management system to the TE10.
l
Robustness testing tools are used to scan protocols to ensure that there are no high-risk
vulnerabilities.
l
The File Transfer Protocol over SSL (FTPS) and LDAP over SSL (LDAPS) are used to
encrypt the address book data, which ensures data integrity and prevents data from being
stolen.
Protection of Sensitive Data
l
To prevent sensitive data from being disclosed, the TE10 checks the complexity of the
default password and user-defined passwords. A password is displayed as "." or "*"
when entered in the password input box, and entered passwords cannot be copied.
l
No proprietary encryption algorithms are used.
System Management and Maintenance Security
l
Software packages (including patches) are released only after they are scanned by at
least five types of mainstream antivirus software and no alarm is generated. In special
cases, explanation is provided for alarms.
l
All user operations and system abnormalities are logged.
TE10 Videoconferencing Endpoint
Product Overview
5 Functions and Features
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20