The Cisco VCS Expressway traversal devices are designed to be a “set it and forget it type of device.” Once configured and operational, there is not much more user interaction required. Depending on your requirements, I suggest this as a minumum checklist for securing your Expressway, once it is up and running.

1. Turn off telnet and http. Turn on SSH and HTTPS. This is done from the web interface, under System–>System.
2. Also under System–>System, set the Session time out to 4 minutes (4 minutes of inactivity will disconnect any user connecting via SSH or HTTPS).
3. Change the admin password. This is done from Maintenance > Login accounts.
4. The VCS also has a root account with a default password of TANDBERG (logging in as root gets you to the underlying operating system, whereas admin gets you to the VCS application). Use the following procedure to change the root password:
   1. Connect via SSH and log in to the Cisco VCS as root. By default you can only do this using a serial connection or SSH.
   2. Type passwd. You will be asked for the new password.
   3. Enter the new password and when prompted, retype the password.
   4. Type exit to log out of the root

For more advanced security you can:

1. Turn off HTTPS. Then use SSH to turn it back on if you need to access the web interface. You can also connect via serial port and turn off HTTPS and SSH. Then you can re-enable via the serial port if needed.
2. Lockout the front panel by using the CLI command xConfiguration Administration LCDPanel Mode. Setting this to Off will cause the front panel to display only “Cisco”.
3. Turn Enforce strict passwords to On for administrative accounts (Maintenance > Login accounts).  If Enforce strict passwords is set to On, all administrator passwords must contain at least 15 ASCII characters made up of at least:
   1. 2 lowercaseletters['a'..'z']
   2. 2 uppercaseletters['A'..'Z']
   3. 2 numericvalues['0'..'9']
   4. 2 specialcharacters[suchas'@'or'$']
4. Purchase the Advanced Account Security option and enable Advanced Security mode. Beaware that this will turn on several strict security measures that, if not used properly, can get you locked out of the unit on a permanent basis (only by sending the unit back the to factory can it be reset).

Related posts:

1. Videoconferencing Endpoint Security and Configuration: What’s old is new again
2. LifeSize® ClearSea– Greater Security and Now iOS 5 Compatible
3. Changing Display Type from Phone
4. February 16-19, 2012: National Conference on Education
5. Attend the REDI Entrepreneurial Summit, Feb 10, 2012