English
_69
httpS
You can choose a secured connection system or install a certificate.
Setup > network > httpS
●
Secure connection system : You can select a type of secure connection system based on the service
environment and the security level.
HTTPS (Hypertext Transfer Protocol Secure) is a more secure version of HTTP that exchanges data through the
encryption and decryption of the user's page request at the TLS (Transport Layer Security).
– HTTP (Does not use a secure connection) : Transmits data without encryption.
– HTTPS (Secure connection mode using a unique certificate) : Establishes a secure connection using a
unique certificate provided by the recorder.
■
Mutual authentication : Mutual authentication can be performed to enhance security. If you select <
Allow all connections
>, you can access
the storage device even if mutual authentication is not performed. If you select <
Allow only mutually authenticated connections
>, you can
access the storage device only when mutual authentication was successful.
– HTTPS (Secure connection mode using the public certificate) : Establishes a secure connection using a
public certificate. You can select this after installing a public certificate.
●
TLS settings : You can select the Cipher mode or TLS version to use for encrypted communication.
– Cipher mode : Cipher suites are provided by combining different algorithms for use in TLS-encrypted
communications, such as key exchange, authentication, and encryption.
<
Secure cipher suites only
> uses only high-security cipher suites.
For backward compatibility, select <
all compatible cipher suites
>. However, security may be poor, as it
includes all cipher suites, whether secure or not.
– Version : You can select the TLS protocol version to use for encrypted communication.
■
If <
Cipher mode
> is set as <
Secure cipher suites only
>, you can select only <
TLS 1.2
> or <
TLS 1.3
>.
■
If the recorder is connected to the external internet or installed in an environment with high priority for security, making a secure
connection is recommended.
●
Install a public certificate : You can scan and register a public certificate to be installed. To install a certificate,
you must install a certificate file or key file issued by a certificate authority. Click <
install
> to register the
certificate.
■
In the <
HTTPS (Secure connection mode using the public certificate)
> mode, you cannot install or delete a public certificate. Change to <
HTTP
(Does not use a secure connection)
> or <
HTTPS (Secure connection mode using a unique certificate)
> mode before proceeding.
■
Install the certificate file extension as .crt and the key file extension as .key.
■
For certificate and key files, use PEM format generated by RSA (2048 or higher recommended) or ECC.
■
For certificate and key files, use PKCS#1 or PKCS#8 without a password.
802.1x
When connecting to a network, you can select whether to use the 802.1x protocol and install a corresponding
certificate.
802.1x is an authentication system between a server and a client, which prevents hacking, virus infection, and
information leakage of transmitted and received network data.
802.1x can be used to block the unauthorized client access and increase security by allowing only authenticated
users to communicate.
Setup > network > 802.1x
●
EAPOL version : Select the EAPOL version to be used as protocol.
■
Some switch hubs will not operate if you set them to version <
2
>. Select the version <
1
>, which is the EAPOL default.
●
ID : Enter the ID provided by the RADIUS server administrator.
■
If the entered ID does not match the ID of the client's certificate, it won't be processed properly.
●
Password : Enter the password provided by the RADIUS server administrator.
■
If the password you entered does not match that of the client's private key, it won't be processed properly.
●
Certificates : Search for a device. Click on <
> to search for a device again.
●
CA certificates : Select this only if your public certificate includes the public key.
●
Client certificate : Select if the public certificate includes a client's authentication key.
●
Client private key : Select it if the public certificate contains the client private key.
■
For successful implementation of the 802.1x operating environment, the administrator must use the RADIUS server.
In addition, the switch hub connected to the server must be a device that supports 802.1x.
■
If the time setting of the RADIUS server, the switch hub and an recorder do not match, communication between them can fail.
■
If a password is assigned to the client's private key, the server administrator should confirm the ID and password.
The ID and password allow up to 30 characters each. (But it only supports letters, numbers and special characters ("-", "_", ".” 3 types) only.
Accessing non password-protected files is allowed without entering a password.
■
The 802.1x protocol adopted by the Recorder is EAP-TLS.
■
You need to install all three certificates to use 802.1x.
• S
etup
Summary of Contents for Wisenet PRN-6400DB4
Page 1: ...NETWORKVIDEO RECORDER User Manual Wisenet NVR...
Page 125: ......