Improved configuration file encryption – Aastra Telecom REV 06 User Manual

Features in Release 2.2

90

RN-001029-00, Rev 06, Release 2.2

IP Phone Release Notes 2.2

Improved Configuration File Encryption

The IP phones have an encryption feature that allows Service Providers the
capability of storing encrypted files on their server to protect against unauthorized
access and tampering of sensitive information (i.e., user accounts, login
passwords, registration information). Service Providers also have the capability of
locking a phone to use a specific server-provided configuration only.

Only an System Administrator can encrypt the configurations files for an IP
Phone. System Administrators use a password distribution scheme to manually
pre-configure or automatically configure the phones to use the encrypted
configuration with a unique key. From a Microsoft Windows command line, the
System Administrator uses an Aastra-supplied encryption tool called
"anacrypt.exe" to encrypt the <MAC>.tuz file.

The security feature described above prevents unauthorized parties from reading
or writing the contents of the <MAC>.tuz file.

In Release 2.2, the IP phones include an improved encryption mechanism that:

•

Prevents users from using the <MAC>.tuz file that does not match the user’s
phone MAC address.

•

Renders the <MAC>.tuz file invalid if the user renames the file.

•

Works with IP phone releases prior to Release 2.2.

•

Provides compatibility between the previous encryption routine and the new
decryption routine.