Specifications

Phone Hardening Measures at a Glance

A31003-D3000-P100-01-76A9, 10-2013

10 OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide

Customer Deployment - Overview

3 Phone Hardening Measures at a Glance

To improve the security on OpenStage and Desk Phone IP SIP V3R3 phone the

following measures are recommended

(http://www.unify.com/us/partners/partner-portal.aspx

Latest Software

• Install latest (“Up-to-date”) Desk Phone IP 35G V3R2 phone software during

initial startup phase. The software is ready to download from the partner portal

Siemens Enterprise Business Area (https://www.siemens-enterprise.com/

seba/default.aspx)

Phone Administration: local, WBM, DLS, serial port

• Secure local phone administration

– Physical access, Phone lock

– Set passwords & apply password policy (refer to main chapter Password

and PIN Policies)

– Lock-down configuration items via DLS, so that these are not changeable

from the user account

• Hardening of web-based management

– Set passwords & apply password policy (refer to main chapter Password

and PIN Policies)

– Deactivate if not used

– Install customer individual WBM certificate and private key

• Hardening of DLS interface

– Set communication between phone and DLS to “secure mode”

– Use HTTPS server instead of FTP server and as an alternative to the DLS

for file and software deployment

– Certificates (CA & client) must be downloaded and the certificate policy

set

Set passwords and apply password policy (Password and PIN Policies)

• Apply password policy as recommended

• Set minimum password length

• Modify default admin password

• Set user password

Install certificates and configure secure calls

• Use of OCSP to verify validity of certificates and set a proper policy

• Install TLS certificates and private keys as well as CA certificates

• Enable SIP Signalling encryption

• Enable SIP Payload Encryption and disable video calls