Specifications
A31003-D3000-P100-01-76A9, 10-2013
OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide 23
Phone Hardening Measures
Secure Interfaces and Services to the Phone
4.6 Secure Interfaces and Services to the Phone
To allow easy initial use of Openstage and Desk Phone IP phones, the majority
of services and interfaces are enabled by default. To harden the phone, services
and interfaces not used should be disabled. Also where a more secure protocol
is available for a service then that should be configured, for example use TLS
instead of UDP or TCP.
Related Topics
4.6.1 PC Port
The PC port allows a LAN cable to be connected directly between the phone and
an adjacent PC, thereby using the same LAN connection for both PC and Phone
at the desk. To prevent unauthorised access to the network using the PC port on
the phone, the port should be disabled if not needed
The default setting for the PC port is disabled, but it should be checked that PC
port is disabled on phones which do not need a local PC connection
Table: SIP Secure Signalling
Related Topics
4.6.2 OpenStage Manager Connection / CCE Interface
On OpenStage 60 , OpenStage80 and Desk Phone IP 55G phones the
OpenStage Manager PC application is used for customisation of the phone (e.g.
ringtones, key programming). To prevent unauthorised access to the phone, if the
Openstage Manager application is not used then the CCE interface should be
disabled.
INFO: This port is also used by the HPT tool, and disabling the
port will prevent use of the HPT tool.
CL-PC Port
Measures • Disable PC Port
References See Phone Administration Manual chapter on System Set-
tings -> SIP Addresses and Ports
Can be done via
Needed Access Rights Administrator
Executed
Disable PC Port if not
needed by user
Yes: No:
Customer Comments and
Reasons