A31003-D3000-P100-01-76A9, 10-2013
OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide 21
Phone Hardening Measures
Secure Signalling and Voice/Video Access to the Phone
Table: SIP Secure Signalling
CL-SIP Secure Signal-
ling
Measures • Configure use of TLS on the SIP server and install server
certificates
• Configure TLS on the phone – the port will need to be set
to 5061
• Install the SIP Server CA certificate on the phone using
DLS
• Configure the TLS certificate validation policy to trusted
or full – full is recommended
• Configure OCSP checking to allow revocation checking
of the SIP server certificate
• Configure the Backup proxy address 0.0.0.0
Apply password policy (user and administrator)
References See Chapter Certificate Handlingfor Certificate Handling.
See Phone Adminstration Manual chapter on Security ->
Certificate Policy
See DLS manual Configuration & Update Service (DLS) for
installing certificates
See Phone Administration Manual chapter on System Set-
tings -> SIP Addresses and Ports
Can be done via
Needed Access Rights Administrator
Executed
Set Signalling Transport to
TLS
Yes: No:
Set Port for Signalling to
value 5061
Yes: No:
Install TLS certificate on
the phone using DLS:
Yes: No:
Configure Secure SIP
Server certificate policy
Yes: No:
Configure OCSP check Yes: No:
Comments to this Manuals