Chapter 8

SpeedTouch™ Remote Access

8.2 Secure Remote Web Interface Access

HTTPs service Introduction

The SpeedTouch™ supports secure HTTP or HTTPS. The Transport Layer Security (prior SSL implemented by Netscape) provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications.

The remote management certificate

Default HTTPs service configuration

When booting, the SpeedTouch™ verifies if a certificate exists for remote management. If no certificate is found, the SpeedTouch™ generates its own certificate. When the SpeedTouch™ receives an HTTPs request on port 443, it transmits this certificate to the client. The client can either accept of refuse the server identity. Depending on client implementation, the end-user is prompted whether or not to trust the server.

When a web user logs in or tries to log in the SpeedTouch™, a syslog message is generated. This message indicates the user name and the underlying protocol (HTTP or HTTPS)

After negotiating the cipher between the two peers involved in the TLS protocol, data is encrypted for further communications. The minimum level of security required for the connection is indicated by each peer. If the minimum requirement of each peer cannot be achieved, the connection is closed.

Use the following CLI command to see the default HTTPs service configuration.

=>:service system list name=HTTPs expand=enabled

Idx NameProtocol SrcPort DstPort Group

-----------------------------------------------------------------------

1 HTTPs

tcp

 

443

Description

...............

HTTP web server over ssl

Properties

server

Attributes

state

port aclip aclif aclifgroup map log

User Managed Attributes...

state

port aclip aclif aclifgroup map log

Attribute

Values :

enabled

State

Port

List

443

Ip Access

any

Interface

Access List

any

Interface

Group Access List lan

Map List

443

Logging

disabled

=>

84

E-DOC-CTC-20051017-0155 v1.0

 

Page 94
Image 94
Technicolor - Thomson SpeedTouchTM620 manual Secure Remote Web Interface Access, HTTPs service Introduction