Administration from a Telnet Session
You can manage your LifeSize system from a telnet session. By default, remote access through a telnet session is disabled. LifeSize recommends that you use the web administration interface or an SSH session to manage your system remotely. To enable remote access through a telnet session, select Enabled for the Telnet preference in
Administrator Preferences : Security : General. Use the automation command line interface to manage the system through a telnet session. For more information, refer to the
LifeSize Automation Command Line Interface for LifeSize Video Communications Systems manual. This document is available on the Support page of www.lifesize.com.
Administration Using LifeSize MIBs
By default, LifeSize video communications systems are SNMP-enabled devices that support
SNMPv3. With a LifeSize custom MIB compiled on your SNMP manager and an SNMP user configured on your LifeSize system, you can monitor and configure LifeSize video communications systems from your SNMP manager console.
LifeSize MIBs are available for download as ASCII text files from the Support page of www.lifesize.com. For more information about using LifeSize custom MIBs and configuring your LifeSize system for use with LifeSize custom MIBs, see the Customer Support
Documentation section on the Support page of www.lifesize.com.
To disable SNMP access to a LifeSize system, refer to "Controlling Remote Administration" on page 6.
Configuring Security Preferences
You can set preferences in Administrator Preferences : Security to control remote access to the system through the web, telnet, SSH sessions, and SNMP. You can also enable FIPS
140-2 security settings, enable H.235 AES security for calls, and manage the administrator and user passwords
Controlling Remote Administration
By default, remote access to a LifeSize system through the web (HTTP), SSH, and SNMP is enabled; remote access through a telnet session is disabled. To enable or disable remote access through any of these mechanisms, configure the HTTP, SSH, Telnet, and SNMP preferences in Administrator Preferences : Security : General.
6 LifeSize Video Communications Systems Administrator Guide
Enabling FIPS 140-2 Security
LifeSize video communications systems support the Federal Information Processing
Standard (FIPS) 140-2, (Level 1) a US government computer security standard used to accredit cryptographic modules. By default, FIPS security is disabled. When you set FIPS
140-2 to Enabled in Administrator Preferences : Security : General, the following occurs:
• The HTTP, Telnet, and SNMP preferences in Administrator Preferences : Security :
General are automatically set to Disabled and are unavailable for configuration.
• Login access to the command line interface through SSH is disabled.
Note: The current setting for the SSH preference does not change.
• The 802.1x Authentication preference in Administrator Preferences : Network :
General is automatically set to Disabled and is unavailable for configuration.
• The License Keys button on the Administrator Preferences : System screen is unavailable. To install or update a license key, the FIPS 140-2 preference must be set to
Disabled.
• The H.235 AES Security preference in Administrator Preferences : Security :
General is automatically set to Enabled if not already set to Enabled or Strict.
• The SIP TLS Signaling preference in Administrator Preferences : Communications
: SIP is set to Disabled.
• The system reboots after you exit the Administrator Preferences : Security : General screen.
• A red FIPS icon appears in the status bar on the main page until the system completes the configuration changes to enable FIPS security.
• FIPS 140-2 Security Enabled appears above the Security button on the Administrator
Preferences screen after the system reboots.
LifeSize Video Communications Systems Administrator Guide 7
When FIPS 140-2 is set to Enabled, you cannot upgrade the system software. You must first set FIPS 140-2 to Disabled. Ensure that HTTP and SSH are set to Enabled before attempting to perform an upgrade.
If you change the FIPS 140-2 preference from Enabled to Disabled, the following occurs:
• Preferences that were unavailable for configuration as a result setting this preference to
Enabled become available.
• Login access to the command line interface through SSH is enabled.
Note: The current setting for the SSH preference does not change.
• The HTTP and SNMP preferences are set to Enabled. Other preferences that were modified as a result of setting FIPS 140-2 to Enabled do not change.
• The system reboots after you exit the Administrator Preferences : Security : General screen.
Enabling H.235 AES Security
LifeSize systems support H.235 128-bit AES security using the Diffie Hellman key exchange protocol in H.323 calls. AES interoperability is supported with the third party devices identified in the Release Notes on the Support page of www.lifesize.com.
To enable AES security, you must set the H.235 AES Security preference in Administrator
Preferences : Security : General to either Enabled or Strict. When set to Enabled, calls connect, but are encrypted only if the far end supports AES encryption. When set to Strict, calls do not connect if the far end does not support AES security. To ensure that all call connections are encrypted when the LifeSize system is serving as the MCU in a call, set this preference to Strict.
Encrypted calls are indicated by encryption icons in the caller ID, Call Manager list, and Call
Statistics list. Refer to the LifeSize Video Communications Systems User Guide for a description of the icons.
8 LifeSize Video Communications Systems Administrator Guide