Enhanced Password Security in v3.12.xx Firmware
With the release of v3.12.xx firmware, each new codec shipped will have a unique 15 character default password to increase network security. Older Tieline codecs with firmware versions lower than this were shipped with the same default user name and password.
This means that Tieline codecs may have two different types of default passwords: Older Tieline codecs that were manufactured and shipped with the same default user name and password, or current units shipped with v3.12.xx firmware featuring a unique 15 character default password to increase network security.
Tieline highly recommends changing the default password for all codecs on first use to increase network security and protect codecs from unauthorized access. Create a strong password which includes capital and lower case letters, special characters and numbers (a minimum of 10 characters and up to 64 characters can be entered). Password managers can be useful when managing multiple passwords within organizations.
In addition, from firmware v3.12.xx the HTML5 Toolbox Web-GUI will display an Insecure icon until the default password in the codec has been changed. This will be displayed for all codecs using default passwords, to prompt users to create a more secure password.
Other Codec Security Options
There are several layers of security available in Tieline codecs to maintain secure connections. These include:
- Create a strong password which includes capital and lower case letters, special characters and numbers (a minimum of 10 characters and up to 64 characters can be entered). Password managers can be useful when managing multiple passwords within organizations.
- Ensure your codec is behind a firewall and only open the TCP and UDP ports required to transmit session and audio data between your codecs. Using non-standard ports instead of Tieline default ports can also ensure the codec is more difficult to discover by external parties.
- Ports 80 and 8080 are commonly used to access the Tieline codec web server. You can add an additional layer of security by translating these ports on the WAN side of your network into non-standard port numbers. Adjust ports using the Options panel in the Toolbox HTML5 Web-GUI.
- By default SIP interfaces are disabled to avoid unwanted traffic. The SIP Filter Lists panel in the Toolbox HTML5 Web-GUI allows filtering of SIP URIs and User Agents to provide greater security when using SIP. User documentation outlines how to configure SIP Allow and Block lists.
- An SSL security certificate can be installed on each codec in your network to ensure it is a trusted device within your network.
- Implementation of CSRF protection (Cross-Site Request Forgery). Enable and disable this setting using the Options panel in the Toolbox HTML5 Web-GUI.
-
Firewall settings facilitate enabling or disabling a range of firewall-related network services, or limit ping to only work in a local subnet. Tieline also recommends SNMP is disabled if a codec is connected to a public network like the internet. Adjust settings using the Toolbox HTML5 Web-GUI Options panel in the Firewall tab.
Be sure to document any codec port changes because this information will be required if you need to contact Tieline or other online support services at a future time.
