Security guidelines, Secure/encrypted server communications – Teo IPTelephone Network User Manual
Page 65
Security Guidelines
13-280132 Rev. Q
Page 65
To ensure secure communications and configuration, the phone should have TLS enabled
and required certificates installed. The phone should use HTTPS protocol to update its
configuration and have TLS and SRTP enabled for voice communications.
In addition, for configuration security, the phone should use the <MAC> XML option for
configuring phones. This is the default option in the phone, it restricts which phone
hardware can be used for a specific phone number.
The certificates for the HTTPS server and SIP proxy server need to be included in a file
which is downloaded from the configuration server. The XML option for the "filename" is
shown below.
S
S
e
e
c
c
u
u
r
r
e
e
/
/
E
E
n
n
c
c
r
r
y
y
p
p
t
t
e
e
d
d
S
S
e
e
r
r
v
v
e
e
r
r
C
C
o
o
m
m
m
m
u
u
n
n
i
i
c
c
a
a
t
t
i
i
o
o
n
n
s
s
E
E
n
n
a
a
b
b
l
l
i
i
n
n
g
g
S
S
e
e
c
c
u
u
r
r
e
e
R
R
e
e
a
a
l
l
-
-
t
t
i
i
m
m
e
e
T
T
r
r
a
a
n
n
s
s
p
p
o
o
r
r
t
t
P
P
r
r
o
o
t
t
o
o
c
c
o
o
l
l
(
(
S
S
R
R
T
T
P
P
)
)
SRTP encrypts voice communications.
XML Tag
Data / Description
<srtp_enable>
ON
</srtp_enable>
SRTP encrypts voice communications.
E
E
n
n
a
a
b
b
l
l
i
i
n
n
g
g
T
T
r
r
a
a
n
n
s
s
p
p
o
o
r
r
t
t
L
L
a
a
y
y
e
e
r
r
S
S
e
e
c
c
u
u
r
r
i
i
t
t
y
y
(
(
T
T
L
L
S
S
)
)
a
a
n
n
d
d
S
S
e
e
t
t
t
t
i
i
n
n
g
g
t
t
h
h
e
e
P
P
o
o
r
r
t
t
N
N
u
u
m
m
b
b
e
e
r
r
Use TLS to encrypt signaling to the server.
XML Tag
Data / Description
<sip_transport>
TLS
</sip_transport
<sip_proxy_port>
5061
</sip_proxy_port>
5061 is the default port number for TLS.
<sip_reg_port>
5061
</sip_reg_port>
<phone_port>
5061
</phone_port>
S
S
S
e
e
e
c
c
c
u
u
u
r
r
r
i
i
i
t
t
t
y
y
y
G
G
G
u
u
u
i
i
i
d
d
d
e
e
e
l
l
l
i
i
i
n
n
n
e
e
e
s
s
s