TANDBERG D13192 manual Ssl, Telnet Challenge Service

Technical Description of TANDBERG Gateway with software version G2

•SSL

Secure Sockets Layer, protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that is transferred over the SSL connection.

•HTTPS - Web pages that require an SSL connection start with https: instead of http:.

•TLS - Transport Layer Security

•SOAP - Simple Object Access Protocol is a lightweight protocol for exchange of information in a decentralized, distributed environment

•XML - Extensible Markup Language is a flexible way to create common information formats and share both the format and the data on the World Wide Web, intranets, and elsewhere.

To enable HTTPS, use the API command services https on. The HTTPS server will then be activated at next restart.

If the TANDBERG Gateway’s HTTP service also is activated, the user will automatically be redirected to HTTPS. If HTTP is de-activated, you will have to specify HTTPS. (In the latter case https://10.0.5.203 will work, but not http://10.0.5.203).

4.6.5.2 Telnet Challenge Service

When password protection is enabled for a system, a user will be requested for a password when connecting using normal telnet. The password provided is sent unencrypted, making it possible to sniff the password on the network.

In order to avoid making it possible to obtain the password by sniffing, the telnet challenge service is available. This service can be activated either on a separate IP port 57, or on IP port 23. When activated on IP port 23, the challenge service will override the normal telnet service.

The intention of the telnet challenge service is that the client will use the password with a server provided string to generate a response that does not contain the password. Thus, the response can not be used to deduct the password, but the server can use it to know whether the client knows the correct password or not. This increases the security by not sending the password over the network.

Notice that if password protection is disabled, there will be no challenge request when connecting, and the service is equal to the normal telnet service.