TANDBERG D13192 用户手册
Technical Description of
TANDBERG Gateway
with software version G2
D13192 Rev. 02
28
• SSL
Secure Sockets Layer, protocol developed by Netscape for transmitting private
documents via the Internet. SSL works by using a private key to encrypt data that is
transferred over the SSL connection.
documents via the Internet. SSL works by using a private key to encrypt data that is
transferred over the SSL connection.
• HTTPS - Web pages that require an SSL connection start with https: instead of http:.
• TLS - Transport Layer Security
• SOAP - Simple Object Access Protocol is a lightweight protocol for exchange of
information in a decentralized, distributed environment
• XML - Extensible Markup Language is a flexible way to create common information
formats and share both the format and the data on the World Wide Web, intranets, and
elsewhere.
elsewhere.
To enable HTTPS, use the API command services https on. The HTTPS server will then be
activated at next restart.
If the TANDBERG Gateway’s HTTP service also is activated, the user will automatically be
redirected to HTTPS. If HTTP is de-activated, you will have to specify HTTPS. (In the latter
case
https://10.0.5.203
will work, but not
http://10.0.5.203
).
4.6.5.2 Telnet Challenge Service
When password protection is enabled for a system, a user will be requested for a password when
connecting using normal telnet. The password provided is sent unencrypted, making it possible
to sniff the password on the network.
In order to avoid making it possible to obtain the password by sniffing, the telnet challenge
service is available. This service can be activated either on a separate IP port 57, or on IP port
23. When activated on IP port 23, the challenge service will override the normal telnet service.
The intention of the telnet challenge service is that the client will use the password with a server
provided string to generate a response that does not contain the password. Thus, the response
can not be used to deduct the password, but the server can use it to know whether the client
knows the correct password or not. This increases the security by not sending the password over
the network.
Notice that if password protection is disabled, there will be no challenge request when
connecting, and the service is equal to the normal telnet service.
connecting using normal telnet. The password provided is sent unencrypted, making it possible
to sniff the password on the network.
In order to avoid making it possible to obtain the password by sniffing, the telnet challenge
service is available. This service can be activated either on a separate IP port 57, or on IP port
23. When activated on IP port 23, the challenge service will override the normal telnet service.
The intention of the telnet challenge service is that the client will use the password with a server
provided string to generate a response that does not contain the password. Thus, the response
can not be used to deduct the password, but the server can use it to know whether the client
knows the correct password or not. This increases the security by not sending the password over
the network.
Notice that if password protection is disabled, there will be no challenge request when
connecting, and the service is equal to the normal telnet service.