No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Box 500, Box 700, and Box 900 V600R019C00 Web Online Help

Web Online Help
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting Security Parameters

Setting Security Parameters

To enhance videoconferencing security, you need to set security parameters for the videoconferencing system, including encryption, SSH/Telnet account, display or Touch administrator password, AirPresence password, upgrade password, web login, and logout upon timeout.

Procedure

  1. Choose System Settings > Security.
  2. Set the security parameters listed in Table 1-35.

    Table 1-35  Security parameters

    Parameter

    Description

    Setting

    Encryption

    Encryption

    Specifies whether media streams are encrypted. Encryption can be H.235 or SRTP encryption.

    Enable this parameter to harden video communication security.

    • None: Media streams are not encrypted in any conditions.
    • Forced: Media streams are forcibly encrypted. Then, your endpoint can join only encrypted conferences. To ensure communication security, this option is recommended.
    • Auto: The endpoint negotiates with the peer end to determine whether media streams are encrypted.
    NOTE:
    To hold encrypted conferences over SIP, set Transmission type to TLS or Auto under System Settings > Network > Registration > SIP.

    The default value is Auto.

    SSH/Telnet

    SSH

    Specifies whether to enable users to remotely log in to your endpoint using Secure Shell (SSH). SSH clients use ciphertext to communicate with the endpoint. A maximum of three users can remain logged in concurrently.

    The default value is Do not allow.

    Telnet login

    Specifies whether users can log in to your endpoint using Telnet to query system status and logs and maintain your endpoint. A maximum of three users can remain logged in concurrently.

    Change the password at your first login and keep your new password secret to prevent unauthorized logins.

    The default value is Do not allow.

    Telnet is an insecure communication protocol. You are advised to disable it.

    GUI

    Password

    Specifies the password for accessing Advanced Settings on the Touch.

    To improve device security, set a password at your first login and regularly change the password afterward.

    The password contains a maximum of 32 characters.

    If this parameter is left empty, no password is needed when you access Advanced Settings on the Touch.

    NOTE:
    It is recommended that you set a complex password. A simple or empty password brings security risks.

    AirPresence&eShare

    Type

    Select the AirPresence or eShare projection client.

    The default value is AirPresence.

    Projection code policy

    This parameter is available only when Type is set to AirPresence.

    Specifies the policy based on which the projection code is generated.

    • Auto: The projection code is generated based on one IP address of Ethernet, Wi-Fi client, or Wi-Fi hotspot in descending order of priority.
    • Eth0: Ethernet IP address. No projection codes will be generated if the endpoint does not have an Ethernet IP address.
    • Eth1: Ethernet IP address. No projection codes will be generated if the endpoint does not have an Ethernet IP address.
    • STA: IP address of the Wi-Fi client. No projection codes will be generated if the endpoint has the Wi-Fi client function disabled.
    • AP: IP address of the Wi-Fi hotspot. No projection codes will be generated if the endpoint has the Wi-Fi hotspot function disabled.

    The default value is Auto.

    Password validity period

    This parameter is available only when Type is set to AirPresence.

    Specifies the validity period of the password used by an AirPresence client to connect to your endpoint.

    The default value is 10 minutes.

    AirPresence mobile password length

    This parameter is available only when Type is set to AirPresence.

    Specifies the length of the password contained in the projection code displayed on the display of the endpoint.

    The default value is 6.

    EUA projection code complexity

    This parameter is available only when Type is set to AirPresence.

    Specifies the complexity of the projection code displayed on the display UI of the endpoint. The options are as follows:
    • Auto: The EUA determines whether the network is a public network based on the endpoint IP address. If the network is a public network, the complex mode is used. If the network is a private network, the simple mode is used.
    • Simple: The projection code contains only digits.
    • Complex: The projection code is a combination of digits and letters.

    The default value is Auto.

    eShare mode

    This parameter is available only when Type is set to eShare.

    This parameter specifies the eShare login mode.

    The default value is Online.

    Server address

    This parameter is available only when Type is set to eShare and eShare mode is set to Online.

    This parameter specifies the IP address or domain name of the eShare server.

    The default value is http://.

    The value must be in the format of http://Server IP address or domain name.

    Obtain the value from the administrator.

    Projection code

    Specifies whether to display the projection code.

    The default value is Display.

    Wi-Fi connection only

    This parameter is available only when Type is set to AirPresence.

    After this function is enabled, only the device that is connected to the endpoint's Wi-Fi hotspot or whose IP address is in the whitelist can connect to the endpoint using the AirPresence client.

    The default value is Disable.

    Whitelist

    This parameter is available only when Type is set to AirPresence.

    If the whitelist is empty, only the device that is connected to the endpoint's Wi-Fi hotspot can connect to the endpoint. If the endpoint is deployed on a public network, it is recommended that frequently used IP addresses or IP address segments be whitelisted to prevent network attacks.

    NOTE:

    You can whitelist IP addresses or IP address segments only after selecting Enable for Connection over Wi-Fi only.

    No IP address or IP address segment is whitelisted by default.

    Upgrade Password

    Confirm before upgrade

    Specifies whether a message is displayed to ask you whether an upgrade is needed before the endpoint starts an automatic upgrade.

    The default value is Disable.

    Upgrade password

    Specifies the password required to upgrade your endpoint software using the upgrade tool.

    To improve device security, set a password at your first login and regularly change the password afterward.

    The password contains 8 to 32 characters. In addition, it must include at least two of the following: uppercase letters, lowercase letters, digits, and special characters.

    Web Login

    Max unsuccessful attempts

    Specifies the maximum number of attempts that you can enter incorrect passwords for any endpoint account or incorrect authentication passwords for connecting to the endpoint. When this number is reached, the endpoint automatically locks the account.

    The value can be 3, 5, or 10.

    The default value is 5.

    Locking duration

    Specifies the duration an endpoint account will be locked. You can attempt to log in again only when this duration ends.

    The duration can be 5, 10, 15, 20, 30, or 60 minutes.

    The default value is 5 min.

    HTTP

    To ensure data transmission security, the endpoint uses HTTPS to access its web pages by default.

    If a third-party interface uses HTTP to access the endpoint, set this parameter to Enable; otherwise, the interface cannot access the endpoint.

    The default value is Disable.

    Cookie for third-party API

    Specifies whether to enable cookies when a third-party application uses an API account to access your endpoint.

    The default value is Enable.

    Idle Timeout

    Idle timeout

    Specifies the allowed idle time, exceeding which the current user will be automatically logged out. If you set this parameter to Disable, the endpoint will not log out users automatically.

    The default value is 1 h.

  3. Click Save.

    The settings take effect immediately.

Translation
Download
Updated: 2019-06-25

Document ID: EDOC1100038526

Views: 18651

Downloads: 11

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next