Grandstream Networks GRP26 Series, Руководство по безопасности

Страница: 14 / 18

P a g e | 13
GRP26XX Security Manual
We recommend users to consider the following options for added security when deploying the GRP with
provisioning.
-
Upgrade Via: HTTPS:
By default, HTTPS is selected. This is recommended so the traffic is encrypted while travelling through
the network.
-
HTTP/HTTPS/FTP/FTPS User Name and Password:
This can be set up as required on the provisioning server when HTTP/HTTPS/FTP/FTPS is used. Only
when the GRP has the correct username and password configured, it can be authenticated by the
Upgrade/provisioning server and the config file can be downloaded.
-
Authenticate Config file:
This sets the GRP to authenticate the configuration file before applying it. When set to “Yes”, the
configuration file must include P value P1 with GRP system’s administration password. If it is missed
or does not match the password, the GRP will not apply the config file.
-
XML Config File Password:
The GRP XML config file can be encrypted using OpenSSL. When it’s encrypted, the GRP must supply
the correct password in this field so it can decrypt XML configuration file after downloading it. Then the
configuration can be applied. Please note this feature is supported on XML config file instead of the
binary config file. Therefore, it’s recommended to use XML config file format and encrypt it with this
feature.
-
Validate Server Certificates: ( under Maintenance
→
Security settings
→
Security)
This configures whether to validate the server certificate when downloading the firmware/config file. If
set to "Yes", the GRP will download the firmware/config file only from the legitimate server.
TR-069
TR-069 is disabled by default, it’s recommended to disable it if not used.
When TR-069 is enabled under Maintenance
→
TR-069, and the service is to be used, users can set up
the following:
• ACS URL : Specifies URL of TR-069 Auto Configuration Servers.
• ACS Username/Password : Enters username/Password to authenticate to ACS.
•
Periodic Inform Enable : Sends periodic inform packets to ACS.
•
Periodic Inform Interval : Sets frequency that the inform packets will be sent out to ACS.
•
Connection Request Username/Password : Enters username/Password for ACS to connect to
the GRP.