TANDBERG D5016402 user manual Services, Snmp Security alert, Encryption

Page 103

TANDBERG Director Videoconferencing System

Appendix

 

 

Services

The different IP services on the TANDBERG codec - FTP, Telnet, HTTP, SNMP and H.323 can be disabled to prevent access to the system. By using the commands below, the services can be independently enabled/disabled:

services <telnet/ftp/http/h323/remote-software> <enable/disable> .

In addition, the command ‘services <snmp> <read-only/enable/disable>’ will make it possible to read SNMP messages in addition to enable/disable SNMP.

SNMP Security alert

This function will notify any Management Application (such as TMS - TANDBERG Management Suite) if anyone tries to perform Remote Management on the TANDBERG Codec using a illegal password. The Security alert that is sent to the Management Application will contain information about the IP address and the service (WEB, Telnet, FTP) being used for the attempt.

If TMS is used, email notifications or alarms about the attempt can be sent to specified persons.

Encryption

All TANDBERG systems support both AES and DES encryption. By default this feature is enabled such that when connecting with any other video system or MCU, a TANDBERG system will attempt to establish a secure conference using AES or DES encryption. The TANDBERG system will attempt this for both IP and ISDN connections. Where a remote system or MCU supports encryption, the highest common encryption algorithm will be selected on a port by port basis.

The type and status of the encryption negotiated is indicated by padlock symbols and on-screen messages. Encryption on the TANDBERG systems is fully automatic, and provides clear security status indicators;

An open padlock indicates that encryption is being initialized, but the conference is not yet encrypted.

Single padlock indicates DES encryption.

Double padlock indicates AES encryption.

In addition to on-screen indicators the ‘Call Status’ menu provides two information fields regarding call encryption. The first field is the ‘Encryption Code’ which will identify either ‘AES’ or ’DES’. The second field is the ‘Encryption Check Code’ and is comprised of an alphanumeric string. This string will be the same for systems on either side of an encrypted conference. If the Check Codes do not match this would indicate that the call has been exposed to a ‘Man In The Middle’ attack.

When a TANDBERG codec with MultiSite functionality hosts a conference, the highest possible encryption algorithm will be negotiated on a site by site basis. MultiSite conferences can therefore support a mix of AES and DES encrypted endpoints in the same conference.

A conference will only be as secure as its ‘weakest link’. Even though conference participants may have negotiated and be running AES encryption, if just one participant has negotiated DES encryption, the AES system will display the single padlock symbol to advise all users of the lowest encryption mechanism currently in effect.

All TANDBERG endpoint supporting DES encryption can upgrade to AES encryption by applying TANDBERG’s AES Encryption option. Please contact your TANDBERG representative for more information.

The standards supporting the encryption mechanisms employed by TANDBERG are: AES, DES, H.233, H.234 and H.235 with extended Diffie Hellman key distribution via H.320, H.323 and Leased Line connections.

103

Image 103
Contents Director Page Production of products Environmental IssuesTrademarks and copyright DisclaimerImportant Information Other Warnings and Safety PrecautionsTandberg Director Videoconferencing System Contents Tandberg Director Videoconferencing System Welcome to the Tandberg Director IntroductionWave At a Glance The Tandberg DirectorControl Interface System OverviewAudio and Video Sources Optional Equipment Rear Interface Panel System ConnectionsRear Interface Panel Connections Rear Interface Panel A/V Plate Room Configuration Installation & SetupGuest laptop shelf Installing the Guest Laptop ShelfTo install the videoconferencing shelf Installing the Adjustable Camera ShelfT E Tandberg Director Videoconferencing System Camera S-VID OUT Camera Ctrl OUT System Setup Powering on the SystemSmart BoardTM Projector Setup and Calibration Touchscreen Calibration System Information Touch Panel Tools for System ConfigurationAudio IR FunctionsSystem Options Update DirectoryEdit Directory Network Connections Other Networks Using the External Network InterfaceMain Camera Device ConnectionsMicrophone Touch PanelLaptop PC and Laptop Computer SetupPC Calibration System startup Getting StartedControl Orientation Touch Screen and Remote IR Controls ‘IR Controls’ will appear in the place of the ‘Address Book’ Menu structure Codec BasicsGeneral Codec Configuration Isdn configuration Network and LAN SettingsLAN configuration DUOVideoTF Mode Directory Adjusting volumeGeneral use Microphone on/offLED Projector Standby ButtonLAN 3MB MultiSiteTF MCUMultiSiteTF cascading Establishing MultiSiteTF meetings using DirectoryStreaming PC SoftPresenterWeb-interface Text Chat / Closed CaptioningLocal Display Operation Display OperationScreen Basics Device Control Source SelectionVideo Display Window TaskbarSpeed Dialing When the Director receives/initiates a video/audio callVideoconference Operation Making CallsBack button to exit from this screen Disconnecting a CallManual Dialing Will attempt to call the last manually dialed numberCreating a new speed dial number Editing Speed Dial DirectoryMaking a MultiSiteTF Call On Screen SymbolsEditing an existing speed dial number Video Window Display Control Videoconference Main ScreenPIP Videoconferencing TaskbarFar End Camera Control DuoVideoTF Operation SourceMultipoint Operation Task23456789BarAdvanced use Menu PasswordMain menu Natural Video VGA ResolutionsCall quality VideoAdvanced call quality DuoVideo Quality Presentation ModeDuoVideo Mode PresentationsUtilities Continuous Presence Dual MonitorAuto-PIP Welcome MenuQuick Menu MCU servicesView site # Request floorRelease floor Terminal NamesChair control Audio Inputs Audio SettingsLevel Settings Inputs Mix ModeAudio Outputs Level Settings OutputsMotion Echo ControlNoise Reduction Room SizeTips for improving the echo canceller performance Automatic Gain Control AGC SettingsCamera Tracking Mode Video SettingsAlert Tones & Volume Restore Audio DefaultsBrightness FocusWhitebalance VGA Out Quality VGA SettingsVideo Name VGA OutAddress VNC SettingsPassword Start using VNCNetwork Configuration Terminal SettingsIsdn switch type ISDN-BRI SettingsLine setup Example Advanced Isdn settings SubaddressISDN-PRI Settings Channel Hunting PRI Switch TypeAdvanced Isdn Settings Line SettingsAdvanced ISDN-PRI Settings Start Channel Leased E1/T1 SettingsNetwork Interface Max ChannelsCall control External network settingsNetwork clocking Cable Specification 35/RS-366 cableAddress Port LAN SettingsTTL/Router Hops Announcements How to view streamingStreaming Source Allow Remote StartSettings Advanced H.323 Settings Tells the router to maximize the reliability IP Type of Service TOSTells the router to minimize the delay IP PrecedenceIP Settings Snmp Trap Host Call SettingsSnmp Settings Incoming MCU callsEncryption Secure Conference Access CodeIncoming telephone calls Fallback to telephonyMax Call Length Encryption ModeNetwork Profiles Dataport Dataport configurationSoftware Options LanguageFollowing options are available System info DiagnosticsChannel status Cause codes Call statusSystem Selftest Restore defaultsView Current Settings Far End Loop Isdn onlyAppendices Connecting Appendix 1 Connecting to Isdn using network adaptersConfiguring Configuration of the system Appendix 2 Connecting to the Switched 56 networkUsing Telesync TS-256 SW56/ISDN adapter Configuration of Telesync AdapterConfiguration of Adtran T1 ESF CSU ACE Appendix 3 Connecting to PRI/T1Using CSU adapter Connecting to Adtran T1 ESF CSU ACEGuidelines for Optimal Videoconferencing Environments Appendix 4 Environmental & operational considerationsIris Control and Lighting Brightness Control Loudspeaker VolumeBackground Description of the different files Appendix 5 Using the file systemIP Password Access CodeMenu Password Streaming PasswordSnmp Security alert ServicesEncryption Local Display Operation Appendix 7 12 Touch Panel Interface105 106 Videoconference Operation 2323234 2345678 Technical Description Video Features111 Abbreviations Index Symbols114 115 Canada Servicing