D 13373.08
NOVEMBER 2007
MPS
TANDBERG
MPS
ADMINISTRATOR GUIDE
Secure Shell (SSH)
The TANDBERG MPS supports SSH (Secure
Shell) for secure access to the system.
SSH commands are encrypted and secured in
several ways. Both ends of the client/server
connection are authenticated using a digital
certificate, and passwords are protected by
being encrypted.
Secure Shell (SSH)
HTTPS
The TANDBERG MPS supports HTTPS in order
to ensure secure transmission of the informa-
tion displayed on the administrator’s PC.
A secure connection between the Web
browser and the TANDBERG MPS (the MCU
web server) will be established if the HTTPS
service on the MCU is enabled.
HTTPS allows for password exchange, which is
especially important.
Enable HTTPS using API Command
To enable HTTPS, you can use the API com-
1.
mand service:
<
xconfiguration HTTPS Mode: On
>
Restart:
2.
The HTTPS service will be acti-
vated at next restart.
Enable HTTPS using Web Interface
To enable HTTPS, navigate to
1.
Configuration > Misc > Services
and set
HTTPS
to On.
Press
2.
Save
button to save the changes.
Press
3.
Restart
button. The HTTPS service
will be activated at next restart.
HTTP and HTTPS Service
If both the MCUs
HTTP
and
HTTPS
services
are activated, the user will automatically be
redirected to
HTTPS
.
If
HTTP
is deactivated, you will have to specify
HTTPS
. In this case
https://10.0.5.203 will work, but not
http://10.0.5.203.
HTTPS
Security Alert
The system can notify management applica-
tions when someone tries remote access over
IP with illegal password (via SNMP traps).
Information about the intruder’s IP-address
and the service used (Web, Telnet and FTP) will
be given.
When the (optional) TANDBERG Management
Suite (TMS) is used, an email notification may
also be sent e.g. to the network administrator.
Security Alert
Disable Services
For security reasons you may want to disable
some of the services provided by the TAND-
BERG MPS. If wanted the following services
may be disabled/enabled (either through the
web-interface or with API commands):
Telnet
•
HTTP
•
HTTPS
•
SSH
•
SNMP, may also be set to read only or traps
•
only (only with API commands)
Disable Services using API Commands
Disable Telnet Service
<
xconfiguration Telnet Mode: Off
>
Disable HTTP Service
<
xconfiguration HTTP Mode: Off
>
Disable HTTP Service
<
xconfiguration HTTPS Mode: Off
>
Disable SSH Service
<
xconfiguration SSH Mode: Off
>
Disable SNMP Service
<
xconfiguration SNMP Mode: Off/Rea-
dOnly/TrapsOnly
>
Disable Services using the Web Interface
To disable HTTP/HTTPS/Telnet/SSH,
1.
navigate to
and set
HTTPS
,
HTTPS
,
Telnet
or
SSH
to Off.
Press
2.
Save
button to save the changes.
Press
3.
Restart
button. The service(s) will be
deactivated at next restart.
Disable Services
Miscellaneous
System Management and Security
For further information please see
the document
or
.
165
Introduction
Quick
Setup
Using
the MPS
System
Status
System
Configuration
Installation
Gateway
Configuration
MCU
Configuration
Appendices
Main
Technical
Descriptions