Support User Manuals

Technicolor - Thomson SpeedTouchTM620 Network Router User Manual

Open as PDF

of 216

Chapter 8

SpeedTouch™ Remote Access

E-DOC-CTC-20051017-0155 v1.0

84

8.2 Secure Remote Web Interface Access

HTTPs service

Introduction

The SpeedTouch™ supports secure HTTP or HTTPS. The Transport Layer Security

(prior SSL implemented by Netscape) provides communications privacy over the

Internet. The protocol allows client/server applications to communicate in a way

that is designed to prevent eavesdropping, tampering, or message forgery.

The primary goal of the TLS Protocol is to provide privacy and data integrity

between two communicating applications.

The remote

management certificate

When booting, the SpeedTouch™ verifies if a certificate exists for remote

management. If no certificate is found, the SpeedTouch™ generates its own

certificate. When the SpeedTouch™ receives an HTTPs request on port 443, it

transmits this certificate to the client. The client can either accept of refuse the

server identity. Depending on client implementation, the end-user is prompted

whether or not to trust the server.

When a web user logs in or tries to log in the SpeedTouch™, a syslog message is

generated. This message indicates the user name and the underlying protocol

(HTTP or HTTPS)

After negotiating the cipher between the two peers involved in the TLS protocol,

data is encrypted for further communications. The minimum level of security

required for the connection is indicated by each peer. If the minimum requirement

of each peer cannot be achieved, the connection is closed.

Default HTTPs

service configuration

Use the following CLI command to see the default HTTPs service configuration.

=>:service system list name=HTTPs expand=enabled

Idx Name Protocol SrcPort DstPort Group

-----------------------------------------------------------------------

1 HTTPs tcp 443

Description............... HTTP web server over ssl

Properties................ server

Attributes................ state port aclip aclif aclifgroup map log

User Managed Attributes... state port aclip aclif aclifgroup map log

Attribute Values :

State...................... enabled

Port....................... 443

Ip Access List............. any

Interface Access List...... any

Interface Group Access List lan

Map List................... 443

Logging.................... disabled

=>

previous next