Reliable Security Features - Huawei TP3106 User Manual

HUAWEI TP3106&TP3118&TP3118S
User Guide

1.4 Reliable Security Features

The telepresence system supports the following security features to ensure a stable and reliable
conferencing environment:
l
l
l
l
Issue 01 (2015-02-07)
Anti-attack protocols and interfaces
– The communication port matrix is provided in the product documentation. The services
and ports not mentioned in the communication port matrix must not be enabled. Of the
enabled communication ports, the ports used for system management as well as the
protocols used by the ports have access authentication mechanisms.
– The telepresence system supports media stream encryption and TLS signaling
encryption during voice services to ensure user data integrity.
Web security
– During login authentication, the telepresence system uses the Hypertext Transfer
Protocol Secure (HTTPS) to transmit the user name and password to the server.
– User accounts are manageable. Users with the highest level privileges can enable or
disable other accounts. All account passwords are changeable.
Protection over sensitive data
– User login passwords are stored in the system after being encrypted using an irreversible
encryption algorithm.
– By default, the wireless router uses the Wi-Fi protected access II pre-shared key (WPA2-
PSK) as the authentication mode.
– During network gatekeeper (GK) or SIP registration or the process of saving a 4E1 or
conference control password, the telepresence system uses HTTPS transmission.
– During fault location, the telepresence system filters or anonymizes personal data
exported from the system. The logs and configuration files exported from the system
do not contain any sensitive data.
– No private encryption algorithms are used.
System management and maintenance security
– The telepresence system supports the maintenance and management using HTTPS and
Secure Shell (SSH).
– The telepresence system's switch performs VLAN partition to separate public and
private networks and ensure the communication security within the private network.
– The telepresence system software has been scanned using at least one type of
mainstream antivirus software before release.
– The user client software used for system maintenance and management provides a
digital signature and verification tool that can be used to verify software integrity during
installation and upgrades to protect the software from unauthorized changes.
– All physical ports used for system management that are visible on the product exterior
have access authentication mechanisms. Users must enter their user names and
passwords to access the ports.
– System logs record all user activities and operation commands associated with device
or system management for future audits. A log contains all the details, such as the user
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 Overview
4