ALGO - logoTLS Thauj Txheej Kev Ruaj Ntseg
Phau ntawv qhia

Kev ruaj ntseg Algo IP Endpoints:
TLS thiab Mutual Authentication

Xav tau kev pab?
604-454-3792 Ib or support@algosolutions.com 

Cov ntsiab lus zais
1 Taw qhia rau TLS
2 Encryption vs Identity Verification
3 TLS Certificate
4 Mutual Authentication
5 Cipher Suites
6 Algo Device Certificate
7 Uploading Public CA Certificate rau Algo SIP Endpoints
8 Web Interface Options
9 SIP Signaling (thiab RTP Suab)
10 Algo Certificate Download
11 Kev daws teeb meem
12 Cov ntaub ntawv / Cov ntaub ntawv
12.1 Cov ntaub ntawv
13 Related Posts

Taw qhia rau TLS

TLS (Transport Layer Security) yog tus txheej txheem cryptographic uas muab kev lees paub, kev ceev ntiag tug, thiab kev ruaj ntseg kawg ntawm cov ntaub ntawv xa mus ntawm cov ntawv thov lossis cov khoom siv hauv Is Taws Nem. Raws li kev tuav xov tooj platforms tau dhau los ua ntau dua, qhov xav tau rau TLS los muab kev sib txuas lus ruaj ntseg hauv pej xeem hauv internet tau nce. Algo cov khoom siv uas txhawb nqa firmware 1.6.4 lossis tom qab txhawb nqa Thauj Txheej Kev Ruaj Ntseg (TLS) rau ob qho tib si Kev Pabcuam thiab SIP Signaling.
Nco tseg: Cov ntsiab lus hauv qab no tsis txhawb TLS: 8180 IP Audio Alerter (G1), 8028 IP Doorphone (G1), 8128 IP Visual Alerter (G1), 8061 IP Relay Controller.

Encryption vs Identity Verification

Thaum TLS kev khiav tsheb ib txwm raug muab zais thiab muaj kev nyab xeeb los ntawm cov neeg thib peb eavesdropping lossis hloov kho, ib txheej ntxiv ntawm kev ruaj ntseg tuaj yeem muab los ntawm kev siv Daim Ntawv Pov Thawj los txheeb xyuas tus kheej ntawm lwm tus neeg sab nrauv. Qhov no tso cai rau tus neeg rau zaub mov txheeb xyuas tus kheej ntawm tus IP Endpoint ntaus ntawv, thiab rov ua dua.
Txhawm rau ua qhov txheeb xyuas tus kheej, Daim Ntawv Pov Thawj file yuav tsum tau kos npe los ntawm Certificate Authority (CA). Lwm lub cuab yeej ces xyuas qhov kos npe no, siv Daim Ntawv Pov Thawj Pej Xeem (Trusted) los ntawm CA no.

TLS Certificate

Algo IP Endpoints tau teeb tsa ua ntej nrog cov ntawv pov thawj pej xeem los ntawm cov neeg pov thawj pov thawj uas ntseeg siab (CAs), suav nrog Comodo, Verisign, Symantec, DigiCert, thiab lwm yam. Cov Ntawv Pov Thawj muab cov ntawv pov thawj kos npe rau cov lag luam kom tso cai rau cov lag luam no ua pov thawj tias lawv servers los yog webqhov chaw yog qhov tseeb uas lawv hais tias lawv yog. Algo cov cuab yeej tuaj yeem paub meej tias nws tab tom sib txuas lus nrog cov neeg rau zaub mov tiag tiag los ntawm kev txheeb xyuas cov neeg rau zaub mov cov ntawv pov thawj kos npe tawm tsam cov ntawv pov thawj pej xeem los ntawm CA uas tau kos npe rau nws. Cov ntawv pov thawj pej xeem ntxiv tuaj yeem raug xa mus, kom tso cai rau Algo ntaus ntawv tso siab thiab txheeb xyuas cov servers ntxiv uas yuav tsis suav nrog hauv daim ntawv pov thawj preinstalled (rau example, self-signed certificates).

Mutual Authentication

Mutual Authentication ntxiv ib txheej ntxiv ntawm kev ruaj ntseg los ntawm kev xav kom tus neeg rau zaub mov tseem siv tau thiab tso siab rau cov cuab yeej kawg, ntxiv rau qhov kev taw qhia ntawm qhov kawg ntawm qhov kawg validating lub server. Qhov no yog siv los siv daim ntawv pov thawj ntaus ntawv tshwj xeeb, ntsia ntawm txhua qhov Algo SIP Endpoint thaum lub sijhawm tsim khoom. Raws li qhov chaw nyob IP ntawm Algo cov cuab yeej tsis raug kho (nws yog txiav txim los ntawm tus neeg siv khoom lub network), Algo tsis tuaj yeem tshaj tawm cov ntaub ntawv no ua ntej nrog CAs ntseeg siab, thiab hloov pauv, Cov Ntawv Pov Thawj Ntaus Ntawv yuav tsum tau kos npe los ntawm Algo tus kheej CA.
Rau cov neeg rau zaub mov kom cia siab rau Algo ntaus ntawv, tus thawj tswj hwm yuav tsum tau nruab rau pej xeem Algo CA daim ntawv pov thawj saw rau lawv cov neeg rau zaub mov (rau example SIP Phone System lossis lawv cov neeg rau zaub mov muab) kom cov neeg rau zaub mov no tuaj yeem tshawb xyuas tias Daim Ntawv Pov Thawj Ntaus Ntawv ntawm Algo ntaus ntawv yog qhov tseeb tiag.

Nco tseg: Algo IP endpoints tsim nyob rau hauv 2019 (pib nrog firmware 1.7.1) los yog tom qab ntawd muaj daim ntawv pov thawj ntaus ntawv ntsia los ntawm lub Hoobkas.
Txhawm rau txheeb xyuas yog tias daim ntawv pov thawj raug teeb tsa, mus rau System -> Hais txog tab. Saib Daim Ntawv Pov Thawj Ua Haujlwm. Yog tias daim ntawv pov thawj tsis tau teeb tsa, thov email support@algosolutions.com. ALGO TLS Thauj Txheej Kev Ruaj Ntseg - Daim duab 1

Cipher Suites

Cipher suites yog cov txheej txheem algorithms siv thaum lub sijhawm TLS. Txhua chav muaj xws li algorithms rau authentication, encryption, thiab lus authentication. Algo cov cuab yeej txhawb nqa ntau qhov kev siv encryption algorithms xws li AES256 thiab cov lus lees paub cov lej algorithms xws li SHA-2.

Algo Device Certificate

Cov ntawv pov thawj ntaus ntawv kos npe los ntawm Algo Root CA tau raug teeb tsa hauv Algo li txij li xyoo 2019, pib nrog firmware 1.7.1. Daim ntawv pov thawj yog tsim thaum lub cuab yeej tsim, nrog rau lub npe nrov npe hauv daim ntawv pov thawj uas muaj qhov chaw nyob MAC rau txhua lub cuab yeej.
Daim ntawv pov thawj ntaus ntawv siv tau rau 30 xyoo thiab nyob hauv ib qho kev faib cais, yog li nws yuav tsis raug tshem tawm txawm tias tom qab lub Hoobkas rov pib dua Algo kawg.
Algo pab kiag li lawm kuj txhawb uploading koj tus kheej daim ntawv pov thawj ntaus ntawv siv es tsis txhob ntawm lub Hoobkas-ntsia ntaus ntawv pov thawj. Qhov no tuaj yeem ntsia tau los ntawm kev rub tawm PEM file muaj ob daim ntawv pov thawj ntaus ntawv thiab tus yuam sij ntiag tug nws mus rau 'certs' directory (tsis yog 'certs/trusted' directory!) hauv System -> File Manager tab. Qhov no file yuav tsum tau hu ua 'sip client.pem'.

Uploading Public CA Certificate rau Algo SIP Endpoints

Yog tias koj nyob ntawm firmware qis dua 3.1.X, thov hloov kho lub cuab yeej.
Txhawm rau nruab daim ntawv pov thawj ntawm Algo ntaus ntawv khiav firmware v3.1 & saum toj no, ua raws cov kauj ruam hauv qab no:

  1. Tau txais daim ntawv pov thawj pej xeem los ntawm koj Daim Ntawv Pov Thawj Tso Cai (txhua daim ntawv pov thawj X.509 tuaj yeem lees txais). Tsis muaj hom ntawv tshwj xeeb xav tau rau lub filenpe.
  2. Hauv web interface ntawm Algo ntaus ntawv, mus rau qhov System -> File Manager tab.
  3. Upload daim ntawv pov thawj files rau hauv 'certs/trusted' directory. Nyem lub Upload khawm nyob rau sab laug ces kaum ntawm lub file tus thawj tswj thiab xauj rau daim ntawv pov thawj.

Web Interface Options

HTTPS Kev Pabcuam
Kev npaj yuav muaj kev ruaj ntseg los ntawm kev teeb tsa 'Download Txoj Kev' rau 'HTTPS' (hauv qab Cov Chaw Tshaj Tawm> Kev Pab tab). Qhov no tiv thaiv configuration files los ntawm kev nyeem los ntawm tus neeg sab nrauv tsis xav tau. Qhov no daws qhov kev pheej hmoo ntawm muaj cov ntaub ntawv rhiab raug nyiag, xws li admin passwords thiab SIP daim ntawv pov thawj. ALGO TLS Thauj Txheej Kev Ruaj Ntseg - Daim duab 2

Txhawm rau ua pov thawj tus kheej ntawm Kev Pabcuam Kev Pabcuam, kuj tau teeb tsa 'Validate Server Certificate' rau 'Enabled'. Yog tias qhov kev muab neeg rau zaub mov daim ntawv pov thawj tau kos npe los ntawm ib qho ntawm cov lag luam CAs, ces Algo ntaus ntawv yuav tsum tau muaj daim ntawv pov thawj pej xeem rau CA no thiab tuaj yeem ua pov thawj.
Upload daim ntawv pov thawj ntxiv (Base64 encoded X.509 daim ntawv pov thawj file hauv .pem, .cer, lossis .crt hom) los ntawm kev mus rau "System> File Tus thawj tswj" mus rau 'certs/trusted' folder.
CEEB TOOM: Qhov 'Validate Server Certificate' parameter kuj tseem tuaj yeem qhib los ntawm kev muab: prov.download.cert = 1 Nws

HTTPS Web Interface raws tu qauv
Cov txheej txheem xa daim ntawv pov thawj pej xeem rau HTTPS web browsing zoo ib yam li qhov tau piav qhia hauv seem saum toj no. httpd.pem file yog daim ntawv pov thawj ntaus ntawv uas tau thov los ntawm koj lub computer browser thaum koj mus rau IP ntawm lub cuab yeej. Uploading ib qho kev cai yuav cia koj tshem tawm cov lus ceeb toom yog tias koj nkag mus rau WebUI siv HTTPS. Nws tsis yog daim ntawv pov thawj CA pej xeem. Daim ntawv pov thawj yuav tsum muab xa mus rau 'certs'. ALGO TLS Thauj Txheej Kev Ruaj Ntseg - Daim duab 3

SIP Signaling (thiab RTP Suab)

SIP signaling muaj kev ruaj ntseg los ntawm kev teeb tsa 'SIP Kev Thauj Mus Los' rau 'TLS' (hauv qab Cov Chaw Tshaj Tawm> Advanced SIP tab).

  • Nws ua kom ntseeg tau tias SIP tsheb yuav raug encrypted.
  • SIP signaling yog lub luag hauj lwm los tsim kev hu (cov kev tswj cov cim pib thiab xaus kev hu nrog lwm tus tog), tab sis nws tsis muaj lub suab.
  • Rau txoj kev suab (lub suab), siv qhov chaw 'SDP SRTP Offer'.
  • Teem qhov no rau 'Optional' txhais tau hais tias SIP hu rau RTP cov ntaub ntawv suab yuav raug encrypted (siv SRTP) yog tias lwm tus neeg tseem txhawb nqa lub suab encryption.
  • Yog hais tias lwm tus neeg tsis txhawb nqa SRTP, ces qhov kev hu tseem yuav txuas ntxiv mus, tab sis nrog cov suab tsis raug. Txhawm rau ua kom lub suab encryption yuav tsum tau ua rau txhua qhov kev hu, teeb 'SDP SRTP Offer' rau 'Standard'. Hauv qhov no, yog tias lwm tus neeg tsis txhawb lub suab encryption, ces qhov kev sim hu yuav raug tsis lees paub.
  • Txhawm rau ua pov thawj tus kheej ntawm SIP Server, kuj tau teeb tsa 'Validate Server Certificate' rau 'Enabled'.
  • Yog tias SIP server's Certificate tau kos npe los ntawm ib qho ntawm cov lag luam CAs, ces Algo ntaus ntawv yuav tsum muaj daim ntawv pov thawj pej xeem rau CA no thiab tuaj yeem ua pov thawj. Yog tsis yog (example nrog daim ntawv pov thawj tus kheej kos npe), ces daim ntawv pov thawj pej xeem tsim nyog tuaj yeem xa mus rau Algo ntaus ntawv raws li tau piav qhia ua ntej hauv daim ntawv no.

ALGO TLS Thauj Txheej Kev Ruaj Ntseg - Daim duab 4

TLS Version 1.2
Algo li khiav firmware v3.1 & saum toj no txhawb TLS v1.1 thiab v1.2. 'Force Secure TLS
Version 'kev xaiv yuav raug siv los xav kom TLS kev sib txuas siv TLSv1.2. Txhawm rau ua kom qhov no feature:

  • Mus rau Advanced settings> Advanced SIP
  • Teem lub 'Force ruaj ntseg TLS Version' raws li enabled thiab txuag.
    CEEB TOOM: Qhov kev xaiv no tau raug tshem tawm hauv v4.0+ txij thaum TLS v1.2 yog siv los ntawm lub neej ntawd

Algo Certificate Download

Hauv qab no yog cov kab txuas mus rub tawm Algo CA daim ntawv pov thawj saw. Cov files tuaj yeem ntsia tau rau ntawm SIP Server lossis Provisioning Server nyob rau hauv kev txiav txim rau cov servers no txhawm rau txheeb xyuas daim ntawv pov thawj ntaus ntawv ntawm Algo SIP Endpoints, thiab yog li tso cai rau Kev Sib Koom Tes:
Algo Root CA: http://firmware.algosolutions.com/pub/certs/algo_issuing.crt
Algo Intermediate CA: http://firmware.algosolutions.com/pub/certs/algo_intermediate.crt
Algo Public Certificate: http://firmware.algosolutions.com/pub/certs/algo_ca.crt

Kev daws teeb meem

Yog tias TLS tuav tes tsis tau ua tiav, thov xa cov ntawv ntim rau Algo kev txhawb nqa rau kev tshuaj xyuas. Txhawm rau ua qhov ntawd koj yuav tsum tsom iav tsheb, los ntawm qhov chaw nres nkoj Algo qhov kawg txuas rau ntawm lub network hloov, rov qab mus rau lub computer.

Algo Cov Khoom Sib Txuas Ltd.
4500 Beedie St Burnaby BC Canada V5J 5L2
www.algosolutions.com
604-454-3792 Ib
support@algosolutions.com

Cov ntaub ntawv / Cov ntaub ntawv

ALGO TLS Thauj Txheej Kev Ruaj Ntseg [ua pdf] Cov lus qhia
TLS, Thawv Txheej Kev Ruaj Ntseg, Txheej Kev Ruaj Ntseg, TLS, Thawv Txheej

Cov ntaub ntawv

Related Posts

Cia ib saib

Koj email chaw nyob yuav tsis raug luam tawm. Cov teb uas yuav tsum tau muaj yog cim *