65
© Tieline Research Pty. Ltd. 2021
Gateway and Gateway 4 Manual v1.2
22.2
Security and Changing the Default Password
Codecs connected to the internet can be accessed by anyone with knowledge of the codec's public
IP address. In addition, search engines are widely available which can discover and expose
unsecured 'internet connected devices'. Tieline recommends the following IP codec security
precautions are followed as a bare minimum, to ensure your codec connections remain secure.
Maintaining Codec Network Security
Adequate security is a major factor in ensuring your codecs and your broadcast network remain
secure. There are several layers of security available in Tieline codecs to maintain secure
connections. These include:
1. Immediately change the default password when you commission and install your codecs
(see instructions which follow). Create a strong password which includes both capital and
lower case letters, symbols and numbers (up to 15 characters can be entered). Password
managers can be useful when managing multiple passwords within organizations.
2. Ensure your codec is behind a firewall and only open the TCP and UDP ports required to
transmit session and audio data between your codecs. Using non-standard ports instead of
Tieline default ports can also ensure the codec is more difficult to discover by external
parties.
3. Ports 80 and 8080 are commonly used to access the Tieline codec web server. You can add
an additional layer of security by translating these ports on the WAN side of your network
into non-standard port numbers. Adjust ports using the Options panel in the Toolbox
HTML5 Web-GUI, or see Configuring TCP/UDP Ports.
4. By default SIP interfaces are disabled to avoid unwanted traffic. The SIP Filter Lists panel
in the Toolbox HTML5 Web-GUI allows filtering of SIP URIs and User Agents to provide
greater security when using SIP. See Configure SIP Allow and Block lists for more
information.
5. An SSL security certificate can be installed on each codec in your network to ensure it is a
trusted device within your network. See Installing a Security Certificate for more information.
6. Firewall settings facilitate enabling or disabling a range of firewall-related network services, or
limit ping to only work in a local subnet. Tieline also recommends SNMP is disabled if a
codec is connected to a public network like the internet. Adjust settings using the Toolbox
HTML5 Web-GUI Options panel in the Firewall tab, or see Firewall Configuration.
7. Implementation of CSRF protection (Cross-Site Request Forgery). Enable and disable this
setting using the Options panel in the Toolbox HTML5 Web-GU, or see Enabling CSRF
Security for more info.
Be sure to document any port changes because this information will be required if you need to
contact Tieline or other online support services.
Changing the Default Password
The default password for the Toolbox Web-GUI is password. Enter this in the authentication dialog
to use the Web-GUI initially and then Tieline highly recommends changing the default password to
protect your codec from being tampered with during live broadcasts. Note: In the HTML5 Web-GUI
authentication dialog it is necessary to enter admin as the User Name.
To Next Page
Loading...