Specifications
A31003-D3000-P100-01-76A9, 10-2013
OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide 15
Phone Hardening Measures
Secure Administration Access to the Phone
Related Topics
4.2.3 Harden DLS Interface to the Phone
The communication between DLS and Phone can be configured in default mode.
In the default mode the phone recognizes the DLS because it knows the DLS IP
address. There is no authentication between Phone and DLS.
• When the DLS IP Address is provided by the DHCP Server, service access
with a second DLS is not possible because DLS IP Address is supplied only
by DHCP.
• In the case where the DLS IP Address is not provided by the DHCP Server, a
second DLS (even a threatened one) could take over the control of the phone.
If the communication between DLS and phone is configured in secure mode, they
authenticate via HTTPS mutual authentication. Now a second DLS only can get
read/write access to the phone if it knows the customer specific credentials.
• Independently of the usage of a DHCP Server, a service access with a second
DLS is possible, if the second DLS uses the customer specific credentials for
authentication. The phone itself always contacts the first DLS.
In all cases the security of the DHCP Server access is in customer’s hand. His
network should be able to recognize a second (may be threatened) DHCP server,
e.g. by using an IDS system.
Setup User Password Pol-
icy
Yes No:
Secure User password
Set
Yes No:
Set Phone Lock ON Yes No:
Lock Down required con-
figuration data
Yes No:
Disable User Access to
Diagnostic Data
Yes No:
Customer Comments and
Reasons
CL-Secure User Access