Specifications

Phone Hardening Measures

A31003-D3000-P100-01-76A9, 10-2013

16 OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide

Secure Administration Access to the Phone

Setting communication between phone and DLS to “secure mode”

"Secure mode" offers mutual authentication between DLS and the phone. The

connection between DLS and phone will be established, if DLS has successfully

authenticated the phone and vice versa. Secure mode with or without PIN

(Personal Identification Number) will be set by the DLS. The PIN has to be

inputted at the phone when requested. “Secure mode with PIN” protects the

transfer of the key material and should be preferred. Us-age of Secure mode

without PIN may offer an attacker to capture the key material and may get non-

authorized access to the DLS and phone.

Prerequisites for the usage of the secure mode are the following:

• Customer specific key material has to be created, e.g. with customers own CA

or with openSSL or other tool. Provided by customer.

• The key material is distributed by DLS to phones in default mode (in customer

network or preconfigured). The distribution of keys and certificates via DLS

(Deployment Service) is depicted in the Deployment Service Admin Guide,

chapter " Automatic Certificate Deployment"

• Both, phones as well as DLS have to be set to "secure mode" How to

configure the secure mode for phone is described in: "IP Device Configu-

ration"

Table: Secure Communication with DLS Servert