Configuring Csrf Protection; Web Login Authentication Using Smart Cards - AudioCodes Mediant 4000 SBC User Manual
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (930 pages)
Table of Contents
Advertisement
CHAPTER 6 Web-Based Management
➢
To configure secure (HTTPS) Web access:
1.
Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder > Web
Settings).
2.
Under the General group, configure the following:
3.
From the 'Secured Web Connection (HTTPS)' drop-down list, select HTTPS Only.
4.
To enable two-way authentication whereby both management client and server are
authenticated using X.509 certificates, from the 'Require Client Certificates for HTTPS
connection' drop-down list, select Enable.
5.
Click Apply, and then reset the device with a save-to-flash for your settings to take effect.
For more information on secure Web-based management including TLS certificates, see
Remote Device
Configuring CSRF Protection
The device's embedded Web server provides support for cross- site request forgery (CSRF)
protection. CSRF prevents malicious exploits of a website, whereby unauthorized commands are
transmitted from a user that the website trusts (i.e., authenticated user). Whenever a user opens
(i.e., GET method) one of the device's Web pages, the device automatically generates a CSRF
"token" (unique number). When the user performs actions (i.e., POST method) on that page (e.g.,
configures parameters), the token is included to verify that the authenticated user is the one
performing the actions.
➢
To enable / disable CSRF:
■
Load to the device an ini file that contains the CSRFProtection parameter configured to 0
(disable) or 1 (enable).
Web Login Authentication using Smart Cards
You can enable Web login authentication using certificates from a third-party, common access card
(CAC) with user identification. When a user attempts to access the device through the Web
browser (HTTPS), the device retrieves the Web user's login username (and other information, if
required) from the CAC. The user attempting to access the device is only required to provide the
login password. Typically, a TLS connection is established between the CAC and the device's
Web interface, and a RADIUS server is implemented to authenticate the password with the
username. Therefore, this feature implements a two-factor authentication - what the user has (i.e.,
the physical card) and what the user knows (i.e., the login password).
This feature is enabled using the EnableMgmtTwoFactorAuthentication parameter.
For specific integration requirements for implementing a third- party smart card for Web login
authentication, contact the sales representative of your purchased device.
Management.
- 53 -
Mediant 4000 SBC | User's Manual
TLS for
Advertisement
Table of Contents
Troubleshooting
