User's Manual 232 Document #: LTRT-50614
MP-20x Multimedia Home Gateway
Merges the configuration file with the current configuration:
• Parameters that appear in the new file are modified or added
• Parameters that do not appear in the new file remain in their existing value
Notes:
• It is recommended that the configuration file (that is downloaded from the network),
contains only the small subset of parameters that the service provider needs to
update remotely.
• To create the configuration file, it is recommended to use the device that is restored
to factory settings, modify the required parameters using the Web GUI, and then
upload the configuration file from the device with the option to get only the modified
configuration fields enabled.
14.4.5.3 Security Concerns and Measures
The main security hazard in automatic file download is that a hacker can force the device
to download a file from the hacker's server instead of the service provider’s legitimate
server. Another concern is exposing information such as the SIP proxy IP address and
user and password information in the configuration file (if the hacker is sniffing the
network).
The following security measures are available to prevent this:
The configuration file can be encrypted using 3DES with pre-configured key. This
prevents the user from learning the format of the file and obtaining information from it.
HTTPS can be used to further encrypt the transport.
HTTPS certificates can be used to allow the device to authenticate the server and also
to prevent the user from acquiring the file from the server.
14.4.6 Telnet CLI
The device features a Command Line Interface (CLI) over Telnet. The CLI enables the
service provider to manage the device (e.g. reboot, force a firmware upgrade), to obtain
information about the status of the device (e.g. VoIP calls, network interfaces, version
information), to change the configuration and to perform different debugging tasks (e.g.
enable debug logging, enable packet recording).
Typically, the CLI interface is only used for debugging and diagnostics, since it does not
allow mass configuration and monitoring.
Since the CLI allows all configuration and management operations, it is important to protect
it. The following security measures are available:
The CLI is user and password protected (same as the Web).
Telnet access can be blocked from the WAN and/or LAN interfaces.
It is possible to limit Telnet access to specific IP addresses.
14.4.7 Redirect Server
You can use the AudioCodes Redirect server to direct you to the appropriate Provisioning
server URL to download the relevant configuration and firmware files.
Once the MP-20x is powered up and network connectivity is established, it automatically
request for provisioning information. In case it does not obtain these files according to the
regular provisioning hunt order methods, it sends a request to the AudioCodes Redirect
server. The server responds to the MP-20x with an HTTP Redirect response containing the
URL of the Provisioning server where the configuration file is located.
To Next Page
Loading...
Need help?
General
