Security - Huawei 9000 VCT V100R011 Administrator's Manual

HUAWEI 9000 HD Video Terminal
Administrator Guide

9.1 Security

The terminal provides a variety of security features, including protocol anti-attack measures and
authentication for commission users, web interface users, and web requests.
Debug User Authentication
l
l
l
l
Web Interface User Authentication
l
l
Web Request Authentication
l
l
l
l
Protocol Anti-Attack Measures
l
Issue 09 (2012-09-03)
The terminal allows the login with a user name and password using Telnet or Secure Shell
(SSH) for debugging.
Telnet clients use plaintext to communicate with the terminal. By default, the Telnet login
function is disabled. To enable this function, see
clients use ciphertext to communicate with the terminal. The SSH login function cannot be
disabled, and a maximum of three concurrent SSH logins are allowed. SSH logins are
recommended for users performing debugging.
The administrator user name and password for a debug user are both debug. You cannot
change the user name.
You can change the user name and password for other SSH client users when you log in
to the terminal using SSH with the administrator account.
The available debug module services depend on the user level.
Only users with authenticated passwords can log in to the terminal web interface.
Configure the terminal to use the Hypertext Transfer Protocol Secure (HTTPS) to transmit
the user name and password to the server during login authentication.
When a user requests to access a specified web page or submits a servlet request, the
terminal checks that the user's session identifier is valid and that the user is authorized to
perform the operation.
The server implements the final authentication.
The server verifies the user-generated data. Before transmitting it to clients, the server
encodes the data in the HyperText Markup Language (HTML) to prevent malicious code
and cross-site scripting attacks.
Web security software is used to scan the web server and applications to ensure that there
are no high-risk vulnerabilities.
The communication port matrix is provided in the product documentation. Do not enable
the services and ports not mentioned in the communication port matrix.
The communication port matrix contains the following information:
– Available ports Transport layer protocols used by the ports Network elements (NEs)
that use the ports to communicate with peer NEs
– Application layer protocols used by ports and description of the services at the
application layer
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9.2.4 Allowing Remote
9 Security
Login. SSH
134