ManualsPro WyreStorm WyreStorm NHD-110-TX Network HD Security Owner’s Manual

WyreStorm NHD-110-TX Network HD Security Owner’s Manual

June 15, 2024
WyreStorm

NetworkHD Security Overview

Overview

Document Revision v1.0
The following reference guide provides details surrounding operation of NetworkHD endpoints with consideration to secure communications and best practices on a network.

Firmware Versions

Secure protocols/communication were added to NetworkHD products via a firmware update. In order to realize these functions, the following firmware versions (or higher) must be installed on hardware.

Model Firmware Version
NHD-110-TX V7.3.4
NHD-110-RX V7.2.6
NHD-110-RX-V2 V7.7.6
NHD-140-TX V2.0.6
NHD-250-RX V4.0.5
NHD-400-TX (ALL SKU VARIATIONS) V2.2.2
NHD-400-RX (ALL SKU VARIATIONS) V2.2.2
NHD-500-TX (ALL SKU VARIATIONS) V1.2.5
NHD-500-RX (ALL SKU VARIATIONS) V1.2.5
NHD-600-TRX V1.3.2.6
NHD-600-TRXF V1.3.2.6
NHD-610-TX V1.3.2.6
NHD-610-RX V1.3.2.6
NHD-CTL-PRO V1.1.20

Ports & Protocols

Depending on the application and action performed by NetworkHD different communication protocols will/can be used. The following outlines the different communication methods and their responsibilities.
To view a comprehensive list of ports, protocols and multicast addresses use by NetworkHD refer to page 31 in the Technical Reference Guide.
Telnet

Telnet is used for an open and insecure method of communication to the API channel on the NHD-CTLPRO. Connecting to the NHD-CTL-PRO on port 23 will allow access to send and receive API related actions, such as a matrix switch or to 2-way feedback from peripheral equipment. Telnet cannot be used to access encoders and decoders directly.
Any communication to an endpoint is strictly performed via a proprietary connection to the NHD-CTL-PRO
Telnet can be enabled/disabled as needed to meet application security requirements. Telnet port usage can also be changed from the default 23 to any port you wish via the NHD-CTL-PRO web interface.

Telnet over TLS

Telnet over TLS works in a similar way to Telnet, the main difference being an encrypted and authenticated connection. Using TLS will provide a secure connection to the NHD-CTL-PRO’s API channel. Telnet over TLS operates on port 992.
Telnet over TLS cannot be used to access encoders and decoders directly. Any communication to an endpoint is strictly performed via a proprietary connection to the NHD-CTL-PRO
Telnet over TLS port usage can also be changed from the default 992 to any port you wish via the NHD-CTL-PRO web interface.

SSH
SSH can be used as a 3 method for accessing the NHD-CTL-PRO’s API channel. Similar to Telnet over TLS, SSH offers an encrypted and authentication connection. SSH operates on port 10022.
SSH port usage can also be changed from the default 10022 to any port you wish via the NHD-CTL-PRO web interface.
SSH also exists via port 22 on encoders, decoders, and the NHD-CTL-PRO, however this connection is locked for WyreStorm use only in the case of accessing device diagnostics or advanced troubleshooting.

API Connection Authentication (TLS)

WyreStorm NHD-110-TX Network HD Security - API

HTTP & HTTPS

Web servers are found in most NetworkHD devices. The NHD-CTL-PRO contains a webserver which hosts an interface for management, configuration and maintenance of encoders and decoders.
With the exception of the 600 series, all other encoders utilize a web server to host an MJPEG preview stream which can be accessed via a web browser, the WyreStorm NetworkHD Touch app or 3 -party control panels.

HTTP provides unencrypted access to these web servers on port 80. HTTPS will provide an encrypted connection via port 443.
HTTP can be enabled/disabled as needed to meet application security requirements.

AES
AES-128 encryption is implemented across all NetworkHD series. AES encrypts the A/V and control signal streams between encoders and decoders to prevent data from being intercepted or accessed without permission. AES-128 uses ciphers to encrypt and decrypt data using cryptographic keys.
AES encryption does not affect the video preview streams on encoders as those are generated via MJPEG through HTTP(s) protocol.

WyreStorm NHD-110-TX Network HD Security - AES

Users & Passwords

The NHD-CTL-PRO by default uses a global admin user with unrestricted access to manage and configure endpoints via its web interface. It is recommended to change the admin user’s password upon first login.
Additional user accounts can be created with limited access to this web interface. This limited access only provides the ability to matrix switch, control video walls or multiview. No configuration changes can be made via non-admin accounts.
In addition to the web interface users, TLS and SSH connections to the API channel also require a username and password. The password for TLS and SSH connections can be changed from their default if required for enhanced security.

802.1x & LDAP

LDAP
LDAP allows the NHD-CTL-PRO, encoders, or decoders to communicate with a directory to authenticate a device. When configured, the NetworkHD devices will verify credentials against a database with access permissions. This is commonly used in enterprise networking environments with active directory users.
LDAP can be configured to work with a domain (DN) or a specific user ID.
Both standard LDAP and LDAPS (or LDAP over TLS) are supported. LDAPS allows a signed certificate to be uploaded and used in the authentication process.
802.1x
802.1x works similar to LDAP but uses a RADIUS server to authenticate devices. 802.1x can be used for the NHD-CTL-PRO and individual encoders/decoders. 802.1x ensures that devices that are added to the network are permitted to have access to that network.
802.1x supports EAP-MSCHAPV2 and EAP-TLS authentication protocols.
EAP-MSCHAPV2 requires a username a password to authenticate a device where EAP-TLS uses digital certificates.
Disabling Insecure Protocols
It is best practice to disable insecure communication protocols with NetworkHD devices. This will ensure the highest level of security and encryption of content. By default, all insecure and secure protocols are enabled. In a testing environment or during deployment, Telnet and HTTP can be a convenient way to configure and troubleshoot a system. However, upon finalizing a system it is best to ensure TLS, SSH and HTTPS are used.

Secure System Designs

Integrated AV Network

WyreStorm NHD-110-TX Network HD Security - Integrated AV Network Isolated AV Network

WyreStorm NHD-110-TX Network HD Security - Isolated AV Network LDAP/802.1x Network

WyreStorm NHD-110-TX Network HD Security - Network

Documents / Resources

| WyreStorm NHD-110-TX Network HD Security [pdf] Owner's Manual
NHD-110-TX Network HD Security, NHD-110-TX, Network HD Security, HD Security
---|---

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

WyreStorm User Manuals

WyreStorm MX-0804-EDC 8×4 Multi Input Matrix Switcher User Guide
WyreStorm
WyreStorm SW-120-TX3-US 2 Input 4K60Hz HDBaseT In Wall Transmitter User Guide
WyreStorm
WyreStorm IDB-400-NA In Desk Connectivity with Power Instruction Manual
WyreStorm
WyreStorm SW-120-TX3 Synergy 4K60Hz HDBaseT 3.0 Switching Transmitter User Manual
WyreStorm
WyreStorm SW-120-TX3 Synergy 2 Input 4K60Hz HDBaseT 3.0 Switching Transmitter User Guide
WyreStorm
WyreStorm RX3-100 60Hz HDBaseT3.0 Receiver User Guide
WyreStorm
WyreStorm RX3-100 In Wall Transmitter HD BaseT 3.0 Receiver User Guide
WyreStorm
WyreStorm EXP-EX-80-KVM 80m KVM UTP HDMI Extender Over Ethernet User Guide
WyreStorm
WyreStorm RX-70-4K-ARC v2 4K UHD HDBaseT 5 Play HDCP 2.2 Receiver with ARC and 2-Way PoH User Guide
WyreStorm
Wyrestorm SW-540-TX-W 4-Input 4K HDBaseT Presentation Switcher with Matrix Outputs USB 2.0 Multiview and Wireless Casting User Guide
WyreStorm
WyreStorm HALO 60 Halo Series Plug and Play Portable Conference Speakerphone User Guide
WyreStorm
WyreStorm HALO 90 USB-C Docking Conference Speakerphone User Guide
WyreStorm
WyreStorm EXP-HDMI-xM-8K 8K60Hz HDMI 2.1 Cable CL3 Rated User Guide
WyreStorm
WyreStorm HALO 30 Halo Series Plug and Play Portable Conference Speakerphone User Guide
WyreStorm
WyreStorm CON-H2-SCL In-Line HDMI Scaler with Audio Breakout User Guide
WyreStorm
WyreStorm SW-540-TX-W Switcher with Wireless Casting User Manual
WyreStorm
WyreStorm APO-100-UC Apollo Series Integrated Conference Speakerphone and Presentation Switcher User Manual
WyreStorm
Wyrestorm Technologies APO-100-UC Apollo Series Conference Speakerphone User Manual
Wyrestorm Technologies
WyreStorm EX-100-H2-EARC 18Gbps 4K HDR AVX Extender with eARC Audio Breakout and PoE User Guide
WyreStorm
WyreStorm NHD-400-E-TX 4K Video Over IP Encoder User Guide
WyreStorm

Related Manuals

ATOLL ELECTRONIQUE DR100 Signature CD Drive Owner’s Manual
ATOLL ELECTRONIQUE
Cuisinart CBC-7400PC Brew Central 14 Cup Programmable Coffee Maker Instructions
Cuisinart
PYLE PKBRD37WT Digital Musical Karaoke Keyboard User Guide
Pyle
FrSky Taranis X9D Plus 2019 ACCESS Transmitters Instruction Manual
Frsky
LincPlus LincStudio S1 All In One Drawing Tablet User Guide
LincPlus
GE APPLIANCES PTD60GBSRWS Profile Smart Dryer User Guide
GE Appliances
nureva HDL310-B Audio Conferencing System Instruction Manual
nureva
Taurus GR1002X Mygrill Legend Instructions
taurus
LeuchtenDirekt LOLAsmart-SABI LED Ceiling Light User Guide
LeuchtenDirekt
Polygroup GENERATION II Twinkly Tree Controller Instruction Manual
Polygroup
Teba TP-05 Pellet Stove User Manual
Teba
beurer GS 10 Black Glass Bathroom Scale Instructions
Beurer
PHILIPS CN-SBM230 Voice Amplifier Speaker User Manual
Philips
genexis FTU-100 Series FiberTwist Fiber Termination Unit Installation Guide
genexis
eero V010001 Router User Guide
eero
Cleanmate S 990 Robotic Vacuum Cleaner Instruction Manual
Cleanmate
Towelrads 450BTU Iridio Designer Towel Radiator Installation Guide
TOWELRADS
Xiaomi Mi note 10 Smart Phone User Guide
Xiaomi
Karlliu B0BL13P8N8 4 Pack 12 Inch Hanging Planters Instructions
Karlliu
PENTAIR FPS700 Series Multi-Stage Booster Pumps Owner’s Manual
Pentair
neakasa F1 Dog Grooming Dryer Portable User Guide
neakasa
Wuhan ZG38 Vision Enhancement Imager User Guide
Wuhan
skyhawk KIWIVZG Kiwi with Entry Sensor Magnet Kit User Guide
Skyhawk
Planet Technology IPOE-175 Industrial IP67 1-Port 60W 802.3bt PoE++ Injector User Manual
Planet Technology
hama 00184192 Sea II Stereo Headphones Instruction Manual
Hama
EDIMAX IC-5160GC Networking People Together Camera Installation Guide
EDIMAX
Wireless Bluetooth 5.1 Earbuds Headphones Headset-Complete Features/Instruction Guide
B&Q
RAVAK X000001569 Mirror STRIP User Manual
RAVAK
SHARPER IMAGE VOTIV 7 Ultrasonic Humidifier User Guide
Sharper Image
SPACE-RAY Linea Glass Front Electric Radiant Heater Installation Guide
SPACE-RAY
Contact Us   Privacy Policy   7.142ms