Specifications
A31003-D3000-P100-01-76A9, 10-2013
OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide 17
Phone Hardening Measures
Secure Administration Access to the Phone
4.2.4 Harden Software Deployment and File Download to the Phone
To provide a secure file download for the files (for example ringer files) and
software updates loaded onto the phone HTTPS should be used. A separate
HTTPS download server will be needed.
Authentication of the HTTPS server at the phone is also needed and this can be
setup by loading the HTTPS server CA certificate into the phone and configuring
the authentication policy. Mutual authentication is possible when both the HTTPS
Server CA certificate and the Phone HTTPS client certificate are loaded in the
phone.
Table: Secure Software Deployment and File download
CL-Secure Software
Deployment and File
download
Measures • Configure Download of Software Deployment and files
such as screensavers or ringtones to use HTTPS ?
• Install the HTTPS Server CA certificate and a HTTPS
phone client certificate in the phone?
• The HTTPS certificate policy needs to be set to Trusted
or Full?
• OCSP checking of the certificate will ensure that the
certificate from the HTTPS server has not been revoked
References See Chapter Password and PIN Policiesfor Certificate Han-
dling.
See Phone Administration Manual chapters on Security ->
Certificate Policy and Transferring Phone Software -> Down-
load / Update Phone Software
See DLS manual Configuration & Update Service (DLS) for
installing certificates
Needed Access Rights Admin Access
Executed
Configure Phones to use
HTTPS for software and
file download
Yes No:
Install HTTPS certificates
on the phone:
Yes No:
Configure Secure File
Transfer certificate pol-
icy:?
Yes No: