User's Manual 252 Document #: LTRT-23510
MP-26x/MP-27x Multimedia Home Gateway
Merges the configuration file with the current configuration:
• Parameters that appear in the new file are modified or added
• Parameters that do not appear in the new file remain in their existing value
Notes:
• It is recommended that the configuration file (that is downloaded from the
network), contains only the small subset of parameters that the service
provider needs to update remotely.
• To create the configuration file, it is recommended to use the device
restored to factory settings, modify the required parameters using the Web
GUI, and then upload the configuration file from the device with the option
to get only the modified configuration fields enabled.
13.4.4.3 Security Concerns and Measures
The main security hazard in automatic file download is that a hacker can force the device
to download a file from the hacker's server instead of the service provider’s legitimate
server. Another concern is exposing information such as the SIP proxy IP address and
user and password information in the configuration file (if the hacker is sniffing the
network).
The following security measures are available to prevent this:
The configuration file can be encrypted using 3DES with pre-configured key. This
prevents the user from learning the format of the file and obtaining information from it.
HTTPS can be used to further encrypt the transport.
HTTPS certificates can be used to allow the device to authenticate the server and also
to prevent the user from acquiring the file from the server.
13.4.5 Telnet CLI
The device features a Command Line Interface (CLI) over Telnet. The CLI enables the
service provider to manage the device (e.g. reboot, force a firmware upgrade), to obtain
information about the status of the device (e.g. VoIP calls, network interfaces, version
information), to change the configuration and to perform different debugging tasks (e.g.
enable debug logging, enable packet recording).
Typically, the CLI interface is only used for debugging and diagnostics, since it does not
allow mass configuration and monitoring.
Since the CLI allows all configuration and management operations, it is important to protect
it. The following security measures are available:
The CLI is user and password protected (same as the Web).
Telnet access can be blocked from the WAN and/or LAN interfaces.
It is possible to limit Telnet access to specific IP addresses.
To Next Page
Loading...
Need help?
General
