Technical Description of TANDBERG MCU with software version D3
D12925 Rev. 03
36
4.6.5.2 Disable
Services
There is no router inside the system that can route between the ISDN side and the IP side of the
TANDBERG system. This means it is not possible to get access to the Ethernet port via an
ISDN conference. However, if wanted the following services may be disabled/enabled (with
API commands):
•
TELNET
•
HTTP
•
HTTPS
•
FTP
•
H323
•
SNMP (may also be set to
read only
)
4.6.5.3 Security
Alert
The system will notify any management application when someone tries remote access over IP
with illegal password (via SNMP traps). Information about the
intruder’s
IP-address and the
service used (Web, Telnet and FTP) will be given.
When the (optional) TANDBERG Managemen Suite (TMS) is used, an email notification may
also be sent e.g. to the administrator of the network.
4.6.5.4 Authentication of Remote Management System – (Telnet Challenge)
In order to increase network security, the TANDBERG system can force remote management
systems such as the TANDBERG Management Suite (TMS) to authenticate. Authentication is
performed via an MD5 challenge using a configurable TELNET port (port 57 by default).
In the course of authentication, the TANDBERG system provides a "challenge" such as a text
string to the management system. The management system must then compute a response using
the MD5 hash algorithm from this string and a secret password. The response is used as the
management password. It changes every time because the challenge is different every time.