Huawei Technologies DP300 Desktop Presence User Manual security maintenance

Huawei Technologies Co.,Ltd Desktop Presence security maintenance


User Manual_security maintenance

HUAWEI DP300 Desktop Presence
Security Maintenance
Issue 01
Date 2015-09-15
Copyright © Huawei Technologies Co., Ltd. 2015. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
About This Document
This document introduces security maintenance operations of HUAWEI DP300 desktop
presence (DP300 or endpoint for short).
Before you use the product, refer to the product vendor for version mapping information and to
confirm compatibility with other videoconferencing equipment.
Intended Audience
This document is intended for:
lTechnical support engineers
lMaintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows:
Symbol Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
HUAWEI DP300 Desktop Presence
Security Maintenance About This Document
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Symbol Description
Calls attention to important information, best practices and tips.
NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
Related Documents
Document Title Description Document Location
HUAWEI DP300 Desktop
Presence V500R002C00
Quick Installation Guide
Describes the packaged items
and provides guidance for
quick installation, and
common configuration.
and choose Support >
Product Support > UC&C
> Telepresence and
Videoconferencing >
Telepresence Endpoints >
Desktop Device.
HUAWEI DP300 Desktop
Presence V500R002C00
Quick Start Guide
Describes the touchscreen
and the remote controlled UI,
and provides quick
instructions in commonly-
used endpoint functions.
HUAWEI DP300 Desktop
Presence V500R002C00
User Guide
Describes the methods for
operating the endpoint.
HUAWEI DP300 Desktop
Presence V500R002C00
Administrator Guide
Describes how to configure,
manage, and troubleshooting
the endpoint.
HUAWEI DP300 Desktop
Presence V500R002C00
Command Reference
Describes the functions,
parameters, formats, usage
guidelines, and examples of
all endpoint commands.
HUAWEI DP300 Desktop
Presence V500R002C00
Communication Matrix
Describes the ports,
protocols, IP addresses, and
authentication modes for the
communication of the
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
HUAWEI DP300 Desktop Presence
Security Maintenance About This Document
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 01 (2015-09-15)
This issue is used for first office application (FOA).
HUAWEI DP300 Desktop Presence
Security Maintenance About This Document
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
About This Document.....................................................................................................................ii
1 Overview.........................................................................................................................................1
1.1 Purpose of Security Maintenance...................................................................................................................................1
1.2 What Is Layered Security Maintenance..........................................................................................................................1
2 Application Layer Security..........................................................................................................3
2.1 Setting the Interaction Mode..........................................................................................................................................3
2.2 Application Layer Account List.....................................................................................................................................3
2.2.1 Administrator Password for the Display.....................................................................................................................3
2.2.2 Web Management Account.........................................................................................................................................4
2.2.3 API Account................................................................................................................................................................5
2.2.4 SSH and Telnet Login.................................................................................................................................................6
2.2.5 Serial Port Account......................................................................................................................................................7
2.2.6 Upgrade Password.......................................................................................................................................................8
2.2.7 Air Content Sharing Password....................................................................................................................................8
2.2.8 Network Diagnostics Tool Account............................................................................................................................9
2.2.9 Information Required for Connecting to the Videoconferencing Network Management System..............................9
2.3 Restoring Systems to Default Settings.........................................................................................................................11
2.4 SiteCall Security...........................................................................................................................................................11
2.5 Configuring Encryption................................................................................................................................................12
2.6 Web Management Users...............................................................................................................................................13
2.6.1 Logging In to the Web Interface................................................................................................................................13
2.6.2 Changing the Password.............................................................................................................................................14
2.7 Web Access Control.....................................................................................................................................................14
2.8 SSH Access Control.....................................................................................................................................................15
2.8.1 Enabling SSH or Telnet.............................................................................................................................................15
2.8.2 User Login.................................................................................................................................................................15
2.8.3 Logging In Using the SSH Public Key......................................................................................................................16
2.9 Viewing Logs...............................................................................................................................................................20
2.10 Enabling FTPS............................................................................................................................................................20
2.11 Configuring an FTPS Server......................................................................................................................................20
2.12 Video Monitoring.......................................................................................................................................................23
2.12.1 Enabling Video Monitoring.....................................................................................................................................23
HUAWEI DP300 Desktop Presence
Security Maintenance Contents
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2.12.2 Taking Picture..........................................................................................................................................................24
2.13 Upgrading Using the Mini System.............................................................................................................................24
2.13.1 Preparing for the Upgrade.......................................................................................................................................24
2.13.2 Performing an Upgrade...........................................................................................................................................24
2.14 U-Boot Operations......................................................................................................................................................25
2.15 Verifying a Digital Signature.....................................................................................................................................26
2.16 Importing a Certificate................................................................................................................................................27
2.17 Importing Web Certificates........................................................................................................................................28
2.18 Importing and Exporting Settings...............................................................................................................................28
3 System Layer Security................................................................................................................30
4 Network Layer Security..............................................................................................................31
5 Management Layer Security......................................................................................................33
5.1 Principles of System Security Maintenance.................................................................................................................34
5.1.1 Account Management................................................................................................................................................34
5.1.2 Permission Management............................................................................................................................................34
5.1.3 Auditing Principles....................................................................................................................................................34
5.2 Guidelines for Password Security Maintenance...........................................................................................................34
5.3 Logs Maintenance Recommendations..........................................................................................................................34
5.3.1 Checking Logs Regularly..........................................................................................................................................34
5.3.2 Backing Up Logs Regularly......................................................................................................................................35
5.4 Guidelines on Signaling Diagnostics............................................................................................................................35
5.5 Security Evaluation Recommendations........................................................................................................................35
5.6 Backup Recommendations...........................................................................................................................................35
5.7 Defects Feedback Recommendations...........................................................................................................................35
5.8 Common Measures Against Attacks............................................................................................................................36
5.9 Security Emergency Response Mechanism..................................................................................................................36
5.10 Security Emergency Response Email Address...........................................................................................................36
A Appendix......................................................................................................................................37
B Default Settings...........................................................................................................................38
HUAWEI DP300 Desktop Presence
Security Maintenance Contents
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1 Overview
1.1 Purpose of Security Maintenance
Now application systems face severe security threats. Once problems occur, business might be
disturbed, profits reduced, or even systems break down. Users must build up and maintain the
application system security from different layers, and discover and solve potential threats in
Besides, considering the endless emergence of safety threats, a mere dependence on technology
can hardly ensure the application system security. Users must build up a safety management
system based on security maintenance suggestions and problems they found during the use of
the endpoint to ensure a smooth and safe operation of the endpoint.
1.2 What Is Layered Security Maintenance
According to the target and purpose of security maintenance, maintenance personnel must
safeguard the service system from different layers.
Application Layer
Security maintenance of the application layer is to protect the and its web management system
so that they can provide services to users with a smooth operation.
System Layer
Security maintenance of the system layer is to ensure a smooth operation of the operating system,
which can support the operation of application software.
Network Layer
Security maintenance of the network layer is to ensure that network devices, such as the switch,
router, and firewall, function properly and that security strategies are implemented at the network
HUAWEI DP300 Desktop Presence
Security Maintenance 1 Overview
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Management Layer
Security maintenance of the management layer is to strengthen people's management and avoid
threats. Maintenance from the management layer involves the maintenance operations at all
preceding layers.
HUAWEI DP300 Desktop Presence
Security Maintenance 1 Overview
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Application Layer Security
2.1 Setting the Interaction Mode
On the DP300 display, tap in the lower right corner to switch between the PC mode and
videoconferencing mode.
In PC mode, the DP300 display can be used as the PC monitor, on which you can answer calls
to join conferences.
In videoconferencing mode, the DP300 display functions as a platform for users to interact with
the videoconferencing system using the touchscreen or remote control.
lTouchscreen (default): Perform operations on the screen by touches, such as tap and slide.
In this case, the DP300 display is called touchscreen.
lRemote control: Perform operations on the screen using the remote control. In this case,
the DP300 display is called remote control screen.
To set the interaction mode, perform the following steps:
lOn the touchscreen, tap , choose Advanced > Settings > General, and set Control
lOn the remote control screen, choose Advanced > Settings > General, and set Control
lOn the web interface, choose System Settings > General, and set Control mode.
2.2 Application Layer Account List
2.2.1 Administrator Password for the Display
The default administrator password for logging in to the display is 12345678. To improve device
security, set a password at your first login and regularly change the password afterwards. To
enhance user experience, the administrator password can be digit-only or empty.
It is recommended that you set a complex password. A simple or empty password brings security risks.
To set the administrator password for logging in to the display, perform the following steps:
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
lOn the touchscreen, tap and choose Advanced > Settings > Security > Password.
lOn the remote control screen, choose Advanced > Settings > Security > Password, and
set the password.
lOn the web interface, choose System Settings > Security > GUI, and set the password.
When using the administrator password for logging in to the display, note that:
lOn the touchscreen, the administrator password is required for accessing the Settings
screen. On the remote control screen, the administrator password is required for
customizing the option bar.
lStandard users: By default, they can directly access Advanced but must enter the
administrator password to access the Settings screen under Advanced and customize the
option bar. (The administrator password can be obtained from the administrator.)
lIf the administrator select Encryption advanced settings, standard users can directly
access Settings but must enter the administrator password to access the Advanced menu
and customize the option bar. If the administrator password is set to null, no password is
required for accessing any menu.
2.2.2 Web Management Account
The DP300 supports a maximum of 10 concurrent logins to the web interface, and controls user
permissions by setting permission levels. Table 2-1 describes the web management account.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Table 2-1 Web management account
Description Remarks
admin Change_Me This account is the
default account with
the highest permission
and cannot be deleted.
For details about
account levels, see
section Web
Management Users.
To ensure account security, you are
advised to change the password at the
first login and regularly change the
password afterward.
To change the password:
lOn the touchscreen, tap and
choose Advanced > Settings >
Security > Web Login.
lOn the remote controlled UI,
choose Advanced > Settings >
Security > Web Login.
lOn the web interface, choose
System Settings > General >
To change the Administrator name,
you can tap and choose
Advanced > Settings > Security >
Web Login from the touchscreen.
To change the Administrator name,
you can choose Advanced > Settings
> Security > Web Login from the
remote controlled UI.
The web management account has the permission of exporting the address book, exporting logs or exporting
settings. Keep the account safe to prevent disclosure of personal information.
If the number of user attempts to log in to the web interface reaches a predefined number, the
user account will be locked and cannot be used for login until the locking duration ends. To set
the maximum number of user login attempts and locking duration, perform the following
On the web interface, choose System Settings > Security > Web Login. On the displayed
screen, set Maximum login attempts and Lock time.
2.2.3 API Account
The API account is required for a third party (for example, a touch panel) to log in to the
DP300, or for the SMC2.0 to to add a manageable site. Table 2-2 describes the API account.
Table 2-2 describes the touch panel account.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Table 2-2 API account
Description Remarks
api Change_Me The account is required for a third
party (for example, a touch panel)
to log in to the DP300, or for the
SMC2.0 to to add a manageable
This account is the default account.
To change the name: On the web
interface, choose System Settings
> General > Personal > Password
of API user.
To ensure account
security, you are advised to
change the password at the
first login and regularly
change the password
For details about how to
change the password, see
section 2.6.2 Changing
the Password.
2.2.4 SSH and Telnet Login
The DP300 supports the Telnet login and Security Shell (SSH) login. Telnet is an insecure
protocol. SSH is a cybersecurity protocol for remote access using the encryption and
authentication mechanism in an insecure cyber environment. During SSH login, all user data
are encrypted. To ensure the security, you are advised to use the SSH login.
lYou can log in to the DP300 through port 23 using Telnet. Telnet login is set to Do not
allow by default. Telnet is an insecure communication protocol. You are advised to disable
it. If you want to log in using Telnet, see section 2.8.1 Enabling SSH or Telnet.
lYou can log in to the DP300 through port 22 using SSH. SSH is set to Do not allow by
default. If you want to log in using SSH, see section 2.8.1 Enabling SSH or Telnet.
SSH and Telnet Login Under the Normal System
The normal system supports SSH and Telnet logins. Table 2-3 describes the account names and
passwords used for SSH and Telnet logins.
Table 2-3 SSH and Telnet login accounts
Description Remarks
debug Change_Me Administrator account with the
highest permission for system
This is a special account
and not for common users.
admin Change_Me Common user account with lower
permission than the debug
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Description Remarks
user Change_Me Common user account with lower
permission than the admin
apiuser Change_Me Special account with lower
permission than the user account.
This is a special account
and not for common users.
test Change_Me Dedicated account for testing with
lower permission than the user
lTo secure your account, it is recommended that you change the password upon the first login and
regularly change the password afterwards.
lAfter you log in using the debug account, you can run the command mnt debug setpwd [name] to
change other accounts' passwords.
Telnet Login Under the Mini System
The mini system supports Telnet logins only. The login account and default password are
described in Table 2-4.
Table 2-4 Telnet login account
Description Remarks
debug Change_Me Administrator
account for system
To ensure account security, change the
password at the first login and regularly
change the password afterward.
For details about how to change the password and use the debug commands, see the HUAWEI
DP300 Desktop Presence V500R002C00 Command Reference.
2.2.5 Serial Port Account
The DP300 allows for logins using serial ports to commission applications and locate faults. The
serial port account and default password are described in Table 2-5.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Table 2-5 Serial port account
Description Remarks
root Change_Me This account is
used for a computer
to log in to the
DP300 through
serial ports.
To secure your account, it is
recommended that you change the
password upon the first login and
regularly change the password
afterwards. To change the password, run
the passwd command.
2.2.6 Upgrade Password
To upgrade the DP300 under the normal system with the upgrade tool, you must enter the upgrade
By default, the upgrade password is Change_Me.
You are advised to change the password at the first login and regularly change the password
lTouchscreen: Tap and choose Advanced > Settings > Security > Upgrade
lOn the remote controlled UI, choose Advanced > Settings > Security > Upgrade
lOn the web interface, choose System Settings > Security > Upgrade password.
2.2.7 Air Content Sharing Password
The air content sharing password is used by an air content sharing client to connect to the
DP300. Users can download the air content sharing client from the DP300 web interface. After
the air content sharing client successfully connects to the DP300, users can connect the
DP300 to presentation sources and share presentations without the use of any physical ports.
The default air content sharing password is Change_Me.
You are advised to change the password at the first login and regularly change the password
lTouchscreen: Tap and choose Advanced > Settings > Security > Air Content
lOn the remote controlled UI, choose Advanced > Settings > Security > Air Content
lOn the web interface, choose System Settings > Security > Air Content Sharing.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2.2.8 Network Diagnostics Tool Account
After the network diagnostics function is enabled, the network diagnostics tool can use the H.
323 call port, RAS source port, RAS destination port, or SIP call port to diagnose the DP300.
Table 2-6 describes the network diagnostics tool account.
Table 2-6 Network diagnostics tool account description
Description Remarks
admin Change_Me Specify the account
name and password
that the network
diagnostics tool
uses for
when attempting to
communicate with
the DP300.
To ensure account security, you are
advised to change the password at the
first login and regularly change the
password afterward.
On the web interface, choose System
Settings > Network > Network
diagnostics, enable Network
diagnostics, and change the values of
Diagnostics tool user name and
Diagnostics tool password.
2.2.9 Information Required for Connecting to the
Videoconferencing Network Management System
The DP300 communicates with and is remotely managed by the videoconferencing network
management system using SNMP. The videoconferencing network management system
implements the following:
lConfigures DP300 settings, including the H.323 and SIP.
lQueries DP300 status.
lChecks DP300 alarms.
lBacks up and restores DP300 settings.
lUpgrades the DP300 online.
To remotely manage the DP300 from the videoconferencing network management system, log
in to the web interface of the DP300, choose System Settings > Network > SNMP Settings,
and set SNMP parameters, as shown in Table 2-7.
When the videoconferencing network management system connects to the DP300 through
SNMP V2, configure required SNMP V2 information. When the videoconferencing network
management system connects to the DP300 through SNMP V3, configure the SNMP V3 account,
password, and protocol.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Table 2-7 Information required for connecting to the videoconferencing network management
Parameter Default
Description Remarks
ity name
Specifies the
credential that
ing network
server uses to
obtain DP300
The parameter settings must be
the same as those in the
videoconferencing network
management system.
Set these parameters when
Enable SNMP is set to Enable
and SNMPv2 to Enable.
ity name
Specifies the
credential that
ing network
server uses to
specify DP300
ity name
Change_Me Specifies the
credential that
the DP300 uses
to report alarms
to the
ing network
v3user Specifies the user
name for
connecting your
DP300 to the
ing network
system through
The parameter setting must be the
same as that in the
videoconferencing network
management system.
SHA Specify the
mode and
password for
connecting the
ing network
The parameter settings must be
the same as those in the
videoconferencing network
management system.
When the videoconferencing
network management system
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Parameter Default
Description Remarks
system to your
attempts to connect to your
DP300, Authentication protocol
and New password set on your
DP300 are required.
AES Specify the
protocol and
password for
connecting the
ing network
system to your
The parameter settings must be
the same as those in the
videoconferencing network
management system.
lTo secure your account, it is recommended that you change the password upon the first login and
regularly change the password afterwards. The password you set on the DP300 must be the same as
that set in the videoconferencing network management system.
lFor details about how to set SNMP parameters, see the HUAWEI DP300 Desktop Presence
V500R002C00 Administrator Guide.
2.3 Restoring Systems to Default Settings
If you forget the passwords of the normal or mini system, restore the system (including the
passwords) to its default settings.
lNormal system
Restores the DP300 to its default settings, if you press and hold the RESET button for 10 seconds
or more when the DP300 is operating properly.
Place the DP300 face down on the desktop, and open its rear cover. Then you can view the interfaces on
the rear panel. The RESET button is located at the second position on the left of the rear panel.
lMini System
1. Press and hold the RESET button for 10 seconds or more when the DP300 is starting.
The DP300 enters the mini system.
2. In mini system, press and hold the RESET button for 10 seconds or more to restore the
Telnet login password to its default settings.
2.4 SiteCall Security
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
The DP300 uses Hypertext Transfer Protocol Secure (HTTPS) mode to upload the multipoint
conference information and supports Transmission Control Protocol (TCP) mode when a
multipoint conference is initiated. If HTTPS mode is disabled, the DP300 uses the insecure
TCP mode. You are advised to use HTTPS mode for better communication security.
If HTTPS mode is enabled, you are advised to enable Multipoint conference
Enable HTTPS mode and Multipoint conference authentication.
lOn the touchscreen, tap and choose Advanced > Settings > Network > IP > H.
323, and then select HTTPS mode and Multipoint conference authentication.
lOn the remote controlled UI, choose Advanced > Settings > Network > IP > H.323, and
select HTTPS mode and Multipoint conference authentication.
lOn the web interface, choose System Settings > Network > H.323/SIP Settings, and set
HTTPS mode and Multipoint conference authentication to Enable.
2.5 Configuring Encryption
You can enable encryption to improve video communication security.
On an IP network that is neither quality-guaranteed nor secure, encryption can be used to increase
the video communication security, though it may affect the call rate. Both parties in
communication must support encryption, including H.235 encryption and Secure Real-time
Transport Protocol (SRTP) encryption.
To improve communication security, you are advised to enable encryption.
Before initiating a Session Initiation Protocol (SIP) encrypted conference, you are advised to
enable encryption and Transport Layer Security (TLS) registration to improve communication
To configure encryption on the touchscreen:
1. Tap and choose Advanced > Settings > Security > Encryption, and then select one
of the following options:
lDisable: No stream is encrypted.
lEnable: Streams are forced to be encrypted. If you select this option, your DP300 can
attend encrypted conferences only. To improve communication security, select this
lMaximum interconnectivity: Streams are encrypted only when a call is set up. If you
select this option for the local site and encryption is disabled at a remote site, the
conference between the local and remote sites is not encrypted.
2. Select Save.
To configure encryption on the remote controlled UI:
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1. Choose Advanced > Settings > Security > Encryption and select one of the following
lDisable: No stream is encrypted.
lEnable: Streams are forced to be encrypted. If you select this option, your DP300 can
attend encrypted conferences only. To improve communication security, select this
lMaximum interconnectivity: Streams are encrypted only when a call is set up. If you
select this option for the local site and encryption is disabled at a remote site, the
conference between the local and remote sites is not encrypted.
2. Select Save.
To configure encryption on the web interface:
1. Log in to the web interface, choose System Settings > Security > Encryption and
configure the encryption mechanism.
2. Select Save.
2.6 Web Management Users
The web interface of the DP300 supports two types of users: administrators and common users.
lAdministrators: Administrators have all permissions to the web interface.
Administrators can modify accounts and passwords of common users, as well as system configuration
lCommon users: They have some permissions on the web interface and can configure only
personal settings but not system settings.
2.6.1 Logging In to the Web Interface
The DP300 supports logins in HTTP and HTTPS modes. HTTPS mode, which is more secure,
is used by default. If you use HTTP to log in to the web interface of the DP300, the system
automatically switches to the HTTPS mode.
Step 1 Open a browser on the computer. In the address box, enter the IP address, such as https://
Step 2 Press Enter.
The login page is displayed, as shown in Figure 2-1.
If the security certificate is invalid, click Continue to this website to resume the login.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Figure 2-1 Web login page
Step 3 Enter the user name and password. Select a language.
Step 4 Click Log In, or press Enter.
To ensure data security, after accessing the web interface, close the browser and delete browser caches.
2.6.2 Changing the Password
On the web interface, you can change the passwords for the web management account, common
user accountand API account as follows:
Step 1 Choose System Settings > General > Personal.
Step 2 Change the account password.
The password can contain 8 to 32 characters and must include at least two of the following:
uppercase letter, lowercase letter, digit, or special character.
Step 3 Click Save.
2.7 Web Access Control
The DP300 adopts HTTPS mode, which is the secure version of Hypertext Transfer Protocol
(HTTP). Following are methods to control the web access:
lSupport the user to submit the log out application.
When you have logged in to the web interface, you can click Exit in the upper right. The
login interface is displayed.
lYou are allowed to use the touchscreen to control web login.
To disable web login, choose Advanced > Settings > Secured > Web Login on the
touchscreen and deselect Web Login.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
lYou are allowed to use the remote control to control web login.
To disable web login, choose Advanced > Settings > Secured > Web Login on the remote
control and deselect Web Login.
lThe supports a maximum of 10 concurrent logins to the web interface.
2.8 SSH Access Control
During remote access and data transmission, SSH commands can be run to create an encrypted
channel between the application layer and client.
2.8.1 Enabling SSH or Telnet
Use either of the following ways to enable SSH or Telnet.
lOn the touchscreen, tap and choose Advanced > Settings > Security > SSH/
Telnet, and then select SSH or Telnet.
lOn the remote controlled UI, choose Advanced > Settings > Security > SSH/Telnet, and
select SSH or Telnet.
lOn the web interface, choose System Settings > Security > SSH/Telnet, and set SSH or
Telnet to Enable.
Telnet is an insecure communication protocol. You are advised to disable it.
2.8.2 User Login
Following describes SSH access control methods using the PuTTY as an example.
PuTTY is a login application for remote login across different platforms. It can be obtained from Huawei
Unified Communications and Collaboration (UC&C) Security Center by Huawei technical support or
downloaded from the Internet. Use PuTTY 0.63 or a later version.
Step 1 Run PuTTY on your computer.
The PuTTY Configuration dialog box is displayed, as shown in Figure 2-2.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Figure 2-2 PuTTY Configuration dialog box
Step 2 In Host Name (or IP address), enter the IP address, such as
Step 3 Select SSH for Protocol. Use the default value for Port.
Step 4 Click Open.
The login interface is displayed.
Step 5 Enter the user name and password and run the commands. For details, see the HUAWEI DP300
Desktop Presence V500R002C00 Command Reference.
The default administrator account of Telnet and SSH is debug and the password is Change_Me by default.
2.8.3 Logging In Using the SSH Public Key
To secure and simplify SSH login, use the SSH public key to log in to the DP300.
Before logging in to the DP300 using the SSH public key, ensure that SSH has been enabled. For details,
see 2.8.1 Enabling SSH or Telnet.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Creating An SSH Private-Public Key Pair
Create a SSH private-public key pair and associate the private-public key pair with the local
computer or server.
Step 1 Log in to the Linux operating system, run the ssh-keygen command in any CLI, and press
Step 2 Enter the name (for example, DP300) of the SSH private-public key pair as prompted and press
The SSH public key and SSH private key DP300 are created.
Step 3 Go to the directory where and DP300 are created and copy them to the local
computer or server.
Importing the SSH Public Key
Import the SSH public key using the DP300 web interface.
Step 1 Choose System Settings > Installation. The Installation page is displayed.
Step 2 Click Import SSH Public Key. The Import SSH Public Key dialog box is displayed.
Step 3 Click Select File and select the SSH public key from the local computer or server.
Step 4 Click Import.
Step 5 Click Return when OK is displayed.
Logging In Using the SSH Public Key
The following takes the SSH client SecureCRT as an example to describe how to log in to the
DP300 using the SSH public key.
SecureCRT is a login application for remote login across different platforms. It can be obtained from
Huawei Unified Communications and Collaboration (UC&C) Security Center by Huawei technical support
or downloaded from the Internet. Use SecureCRT 6.7.1 or a later version.
Step 1 Run SecureCRT on your computer.
The SecureCRT quick connect dialog box is displayed, as shown in Figure 2-3.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Figure 2-3 Initial Quick Connect dialog box
Step 2 Select SSH2 for Protocol.
Step 3 In Hostname, enter the IP address, such as Use the default value for Port.
Step 4 In the Authentication area, select PublicKey only.
Step 5 Click PublicKey, then click Properties.... The Public Key Properties dialog box is displayed.
Step 6 In the Use identity or certificate file text box, click ... and select the SSH public key, as shown in Figure 2-4. (The Use global public key setting and Use identity or
certificate file options are selected by default.)
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Figure 2-4 Selecting the SSH public key
Step 7 Click OK to return to the Quick Connect dialog box, as shown in Figure 2-5.
Figure 2-5 Quick Connect dialog box
Step 8 In the Username text box, enter the SSH login account, for example, SSH administrator account
Step 9 Click Connect.
The login interface is displayed.
Step 10 Run the commands.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
For details, see the HUAWEI DP300 Desktop Presence V500R002C00 Command Reference.
2.9 Viewing Logs
Logs record all non-query events during the DP300 running, such as non-query user operations
and commands. These events can help you locate and rectify faults, as well as assist you in
lOn the touchscreen, tap and choose Advanced > Diagnostics > Logs.
lSelect Advanced > Diagnostics > Logs on the remote control UI.
lCheck logs on the web interface:
1. Log in to the web interface and choose Maintenance > Logs.
2. On the Logs page, click Export.
3. Click Save in the displayed dialog box.
4. Choose the folder to save the logs and click Save.
5. Open the exported logs and check them.
2.10 Enabling FTPS
The DP300 supports File Transfer Protocol over SSL (FTPS) and File Transfer Protocol (FTP).
To improve communication security, enable FTPS. If FTPS is disabled, the DP300 uses insecure
You can enable FTPS in one of the following ways:
lOn the touchscreen, tap and choose Advanced > Settings > Network > Network
Address Book > Network Address Book, and select FTPS.
lOn the remote controlled UI, choose Advanced > Settings > Network > Network Address
Book > Network Address Book, and select FTPS.
lOn the web interface, choose System Settings > Network > Network Address Book, and
enable FTPS.
lUse commands to enable FTPS. For details, see the HUAWEI DP300 Desktop Presence
V500R002C00 Command Reference.
2.11 Configuring an FTPS Server
FTPS is an extension of the commonly used FTP to support the SSL. The FTPS server ensures
the security of the DP300 network address book.
To configure the network address book after the FTPS client is configured, see the HUAWEI DP300
Desktop Presence V500R002C00 Administrator Guide.
Following uses the FileZilla server as an example to describe how to configure an FTPS server.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Step 1 Set the IP address of the computer on which the FTPS server (for example, FileZilla server) is
to be installed. Ensure that the IP addresses of the computer and DP300 are in the same network
Step 2 Run the FTPS server installer (for example, FileZilla_Server-0_9_41.exe) to install the FTPS
server on the computer.
Step 3 Double-click to run the FTPS server. Click OK in the displayed dialog box, as shown in
Figure 2-6.
Figure 2-6 Connect to Server dialog box
Step 4 Choose Edit > Settings.
Step 5 Click SSL/TLS settings in the left column and select Enable FTP over SSL/TLS support
(FTPS), click Browse to import the certificate, and click OK, as shown in Figure 2-7.
lBefore importing a certificate, make sure it is issued by a security authority to prevent security risks.
lIf no certificate is available, click Generate new certificate.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Figure 2-7 FTPS Server Options dialog box
Step 6 Choose Edit > Users. The Users dialog box is displayed, as shown in Figure 2-8.
Figure 2-8 Adding a user
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Step 7 Click Add to add a user. Select Enable account and Password and enter the Password.
Step 8 Click Shared folders under Page, then click Add, and set the path for the user root directory
of FTPS server, as shown in Figure 2-9.
Figure 2-9 Specifying the path for the user root directory of FTPS server
Step 9 Click OK.
2.12 Video Monitoring
This function involves personal privacy. Ensure that its use complies with local laws and
To ensure conference security and protect conference privacy, this function is disabled by default
and can be enabled on the touchscreen and remote controlled interface.
2.12.1 Enabling Video Monitoring
To enable video monitoring:
On the touchscreen, tap and choose Advanced > Settings > Security > Web Login and
then select Monitor video.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
On the remote controlled UI, choose Advanced > Settings > Security > Web Login and select
Monitor video.
2.12.2 Taking Picture
After the video monitoring and management function is enabled, you can capture and view local
and remote videos and presentations on the web interface.
Step 1 On the web interface, choose Device Control > Device Control > Video Control.
After you access the Video Monitor page, appears on the DP300 display screen to indicate that site
monitoring is enabled.
Step 2 Select the source you want capture of and click Capture.
Step 3 In the displayed interface, select the picture and right-click it.
Step 4 From the displayed shortcut menu, choose Save Picture As to save the picture.
2.13 Upgrading Using the Mini System
If the DP300 cannot start as usual because the local upgrade fails due to power outage or other
incidents, you can use the mini system for the upgrade instead.
You can use the mini system for upgrades whenever the DP300 software malfunctions. This
method can be repeatedly used, and can ensure successful software upgrades when there are no
hardware failures.
2.13.1 Preparing for the Upgrade
Before the upgrade, note the following prerequisites:
lSave the software package for upgrading on the computer.
lConnect the computer to the DP300 through a crossover cable or specifies the IP address
of the computer and the DP300 in the same segment.
lObtain the upgrade password. The upgrade password is Change_Me by default. For details,
see section 2.2.6 Upgrade Password.
lThe default administrator user name and password of Telnet is debug and Change_Me
respectively. If you forget the password, use the mini system to restore the DP300 to its
default settings. For details, see section 2.3 Restoring Systems to Default Settings.
2.13.2 Performing an Upgrade
Step 1 While the DP300 is restarting or powering on, press and hold the RESET button for 10 seconds.
The DP300 enters the mini system.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
At this time, the DP300 has two IP addresses available: the static IP address of the normal system and the
default IP address ( If the connection setup using the normal system IP address fails or the
DP300 IP address is dynamic and unknown, you can use the default IP address for the upgrade.
Step 2 Use Telnet to log in to the DP300 and run mnt upgswitch on to enable the mini system upgrade
By default, the mini system upgrade function is disabled.
Step 3 Extract the compressed file of the upgrade software on the computer.
Step 4 Run the upgrade program UpgMaster.exe.
The upgrade dialog box is displayed.
Step 5 (Optional) Click Browse. Find and select the file in .dat format.
By default, the path of the .dat file is displayed in Upgrade File.
Step 6 In Remote Teminal IP Address, enter your DP300 IP address, for example, Then
click Upgrade.
Step 7 In the displayed dialog box, enter the upgrade password and click OK.
Step 8 Restart the DP300.
2.14 U-Boot Operations
Step 1 Use a serial cable to connect the serial port on the computer to the COM serial port on the
Step 2 Start the serial port tool and set information such as the serial port number and baud rate.
Set the baud rate to 115200.
Step 3 Start the DP300. When the interface shown in Figure 2-10 is displayed on the serial port tool,
press Ctrl+C repeatedly until Password: is displayed.
Figure 2-10 Starting the system
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Step 4 Enter the password to the U-boot system as shown in Figure 2-11. The default password is
To improve device security, set a password at your first login and regularly change the password
afterward. Use the passwd command to change the password. The new password must be a
string of eight characters, consisting of digits, letters, and special characters.
Figure 2-11 Enter password
Step 5 Enter the command as show in Figure 2-12. For details, see the HUAWEI DP300 Desktop
Presence V500R002C00 Command Reference.
Figure 2-12 Enter command
2.15 Verifying a Digital Signature
To prevent software packages from being maliciously corrupted or damaged during transmission
and to protect the carrier's network security, verify software package integrity after obtaining
the packages. Only verified software packages can be deployed.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Each software package corresponds to one digital signature file. A digital signature file is
a .asc file named after a software package. For example, the digital signature file for the software
package HUAWEI-DP300.exe is HUAWEI-DP300.exe.asc.
1. Obtain the verification tool package.
Open to enter the Tools and
Resources page.
2. Under Tools and Resources, choose Tools software > Enterprises Common > Software
digital signature (OpenPGP) validation tool > V100R001C00.
3. Refer to the OpenPGP Signature Validation Guide to verify software package integrity.
2.16 Importing a Certificate
You can import client, server, SiteCall and 802.1x authentication certificates into your DP300
from the DP300 web interface. These certificates can be used to identify users, certificate
authorities, and servers to improve communication security. For example, a client certificate is
required when your DP300 registers with the SIP server using the Transport Layer Security
(TLS) protocol.
Before importing a certificate, make sure it is issued by a security authority to prevent security
Step 1 Choose System Settings > Installation. The Installation page is displayed.
Step 2 Click Import Certificate. The Import Certificate dialog box is displayed.
Step 3 Click Select File to select the certificate you want to import.
Step 4 Select the desired certificate type.
lTo import a certificate for authentication calls and when the DP300 functions as the server,
select Server certificate.
lTo import a certificate for authentication registration or calls and when the DP300 functions
as a client (for example, TLS-based registration), select Client certificate.
lTo import a certificate used for SiteCall security, select Multipoint conference
lTo import certificates used for 802.1x wired or wireless network authentication, select the
desired certificates. When selecting the certificate type, choose the network type, which is
Wireless and wired by default.
Step 5 Click Import.
Step 6 Click Return when OK is displayed.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2.17 Importing Web Certificates
To help ensure communication security, import web certificates, including the trusted Certificate
Authority (CA) file, local certificate file, local private key file, and local private key password
file, to the DP300 through the DP300 web interface.
Professional guidance is required for importing certificates. Make sure the certificate to be
imported matches the certificate type selected; otherwise, the may malfunction.
Step 1 Choose System Settings > Installation.
The Installation page is displayed.
Step 2 Click Import Web Certificate.
The Import Web Certificate dialog box is displayed.
Step 3 Click and select a certificate type.
Step 4 Click , select the certificate you want to import, and click Import.
Step 5 Click Return when OK is displayed.
After importing the web certificate, click Update Web Certificates and restart the DP300 as
prompted for the web certificate to take effect.
2.18 Importing and Exporting Settings
Import and Export Settings on the Web Interface
You can import or export settings on the DP300 web interface to a configuration file. After your
DP300 is restored to its default settings, you can import previously exported settings from the
configuration file.
Keep the configuration file safe to prevent disclosure of personal information.
Step 1 Choose System Settings > Installation. The Installation page is displayed.
Step 2 Click Import/Export Settings. The Import/Export Settings page is displayed.
Step 3 Click Import Settings to import or Export Settings to export system settings.
The web administrator password is required when you import the configuration file. After the
configuration file is imported successfully, the DP300 automatically restarts for the
configuration file to take effect.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Import Settings on the USB Device
Use the USB device to import the configuration file only in videoconferencing mode.
Step 1 Use the USB configuration tool to import the configuration file to a USB device.
Step 2 Insert the USB device into the DP300's USB port.
Step 3 Using the remote controlor on the touchscreen, enter the administrator password as prompted.
When compressing the configuration file, set the password to the same as the administrator password;
otherwise, the configuration file cannot be imported to your DP300. If the administrator password is empty,
set the password to 123455678, which is the default password for the administrator.
The DP300 restart automatically.
Step 4 After the restart is complete, remove the USB device.
HUAWEI DP300 Desktop Presence
Security Maintenance 2 Application Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 System Layer Security
Security maintenance of the system layer is to ensure a smooth operation of the operating system,
which can support the operation of application layer. The DP300 uses Linux, which is more
secure and immune to viruses than Windows.
Patches are released regularly. To improve system security, it is recommended that users
download latest patches at regularly and apply them after performing
antivirus checks.
HUAWEI DP300 Desktop Presence
Security Maintenance 3 System Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 Network Layer Security
Figure 4-1 show the DP300 security networking.
Figure 4-1 DP300 security networking
HUAWEI DP300 Desktop Presence
Security Maintenance 4 Network Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Over the network:
The DP300 is connected to the Multipoint Control Unit (MCU) through the private network,
which connects to different networks through different ports. The DP300s in the private or public
network can join the conference even if you do not change H.323 protocol or the firewall settings
(such as opening the port).
HUAWEI DP300 Desktop Presence
Security Maintenance 4 Network Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 Management Layer Security
This chapter describes some management recommendations on users' daily security maintenance
and can be referred to when users set the rules on security management.
HUAWEI DP300 Desktop Presence
Security Maintenance 5 Management Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5.1 Principles of System Security Maintenance
5.1.1 Account Management
lManage the accounts strictly.
lControl the permissions of accounts of different levels. Only users of higher levels can
change the passwords for users of lower levels.
5.1.2 Permission Management
lMinimize permissions to the system service and permissions of accounts.
lStrictly control the operation authorization on the web interface.
5.1.3 Auditing Principles
lUse logs and other feasible methods to monitor operations on the DP300.
lAudit the failed access to the system's important resources.
lAudit the successful access to the system's important resources.
lAudit the failed and successful access control strategy modification.
5.2 Guidelines for Password Security Maintenance
User identities must be authenticated before users can log in to application systems. The
complexity and validity periods of accounts and passwords can be configured according to
system security requirements. Guidelines for password security maintenance are as follows:
lChange the password periodically to prevent risks.
lDesignate specialist personnel to manage the administrator account and password.
lEncrypt passwords during data transmission.
lRemind users to change their passwords after system deployment.
lChange passwords periodically. Do not use the default passwords or old passwords used
last five times.
5.3 Logs Maintenance Recommendations
Use logs to identify suspicious activities. The system must record the operations, such as system
parameter settings and conference calls in the logs. Reinforce the system to protect the logs.
5.3.1 Checking Logs Regularly
HUAWEI DP300 Desktop Presence
Security Maintenance 5 Management Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Check the system logs, applications logs, and security logs regularly and report to the department
of a higher level once abnormal logs are found. Ask the local representative office for help if
the issues cannot be located or resolved.
5.3.2 Backing Up Logs Regularly
Back up logs regularly by exporting them manually and store the logs on devices, such as the
disc, tape, or compact disc. The system supports a maximum of 100,000 logs. Once the number
of logs exceeds 100,000, new logs will replace the old ones. In this case, users must back up
5.4 Guidelines on Signaling Diagnostics
You are obligated to take considerable measures, in compliance with the laws of the countries
concerned and the user privacy policies of your company, to ensure that the personal data of
users is fully protected. The signaling diagnostics on the DP300 may contain personal
information. To protect information security, make sure that your account is secure and properly
managed. Use the signaling diagnostics only for problem identification and delete them
immediately after use.
5.5 Security Evaluation Recommendations
You are advised to look for a qualified organization to evaluate the system security and contact
Huawei technical support engineers when problems occur during the evaluation.
5.6 Backup Recommendations
In the following scenarios, back up the logs to ensure security.
lBefore daily security maintenance, and before and after the system troubleshooting.
lBefore patch installation and DP300 upgrade. For details about the upgrade, see the
HUAWEI DP300 Desktop Presence V500R002C00 Administrator Guide.
5.7 Defects Feedback Recommendations
You are advised to give feedback to Huawei once a security incident happens when the
DP300 is used. Huawei will take the following actions accordingly.
lIf a security incident happens, Huawei technical support engineers will support customers
remotely or on site to reduce the impact on the system and improve the report on the accident
lIf no security incident happens, Huawei technical support engineers record defects in to
the database and send to the R&D team. Once the R&D team prescribes a solution, the
technical support engineers will analyze the solution's possible impact on the site operations
and provide a final solution.
HUAWEI DP300 Desktop Presence
Security Maintenance 5 Management Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5.8 Common Measures Against Attacks
lDeploy firewall devices on the network where the DP300 is located.
lDisable protocols that may impose attacks, such as Telnet and SSH. By default, Telnet and
SSH are disabled. To check the settings of Telnet and SSH, choose System Settings >
Security > SSH/Telnet on the DP300 web interface.
lIf the DP300 is deployed on a public network, power off the DP300 when it is not in use.
5.9 Security Emergency Response Mechanism
Users need to build a security emergency response mechanism to ensure that the system can
immediately respond to security issues and return to proper operations to minimize losses.
5.10 Security Emergency Response Email Address
Contact the Huawei Product Security Incident Response Team (PSIRT) via if you wish to:
lProvide feedback on vulnerabilities of Huawei products.
lObtain emergency response service from Huawei.
lObtain information about vulnerabilities of Huawei products.
Encrypt the files that contain sensitive information before sending them. Go to http:// to obtain the encryption
HUAWEI DP300 Desktop Presence
Security Maintenance 5 Management Layer Security
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
A Appendix
The communication matrix is used for checking the firewall strategy. For details, see the
HUAWEI DP300 Desktop Presence V500R002C00 Communication Matrix.
HUAWEI DP300 Desktop Presence
Security Maintenance A Appendix
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
B Default Settings
To better use your DP300, get to know the default values of common user names and passwords.
To secure your account, it is recommended that you change the password upon the first login and regularly
change the password afterwards.
Table B-1 lists the default user names and passwords for the DP300.
Table B-1 Default user names and passwords
Item Default Setting
Administrator Password for the
Administrator password for the
remote controlled UI
Administrator user name and
password for the DP300 web
The default user name and password are admin and
Change_Me respectively.
User name and password for
connecting the third party (for
example, a touch panel or
SMC2.0) to the DP300
The default user name and password are api and
Change_Me respectively.
Upgrade password Change_Me.
Air content sharing password Change_Me.
HUAWEI DP300 Desktop Presence
Security Maintenance B Default Settings
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Item Default Setting
User name and password for
logging in to the DP300 in SSH/
Telnet mode
lDebug user: The default user name and password
are debug and Change_Me respectively.
lCommon user: The default user name and password
are admin and Change_Me respectively.
lCommon user: The default user name and password
are user and Change_Me respectively.
lSpecial user: The default user name and password
are apiuser and Change_Me respectively.
lTest user: The default user name and password are
test and Change_Me respectively.
User name and password for
connecting the DP300 to a web-
based diagnostics tool
The default user name and password are admin and
Change_Me respectively.
User name and password for
logging in to the DP300 in serial
port mode
The default user name and password are root and
Change_Me respectively.
U-Boot password 12345678.
Default IP address after the DP300
is restored to its default settings
required for the
system to connect
to the DP300
through SNMP V2
password, and
protocol required
for the network
system to connect
to the DP300
through SNMP V3
User name v3user.
n protocol
n password
HUAWEI DP300 Desktop Presence
Security Maintenance B Default Settings
Issue 01 (2015-09-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

Navigation menu