Unify V3R3 Specifications download pdf (Page 21)

A31003-D3000-P100-01-76A9, 10-2013

OpenStage and Desk Phone IP SIP V3, Security Checklist, Planning Guide 21

Phone Hardening Measures

Secure Signalling and Voice/Video Access to the Phone

Table: SIP Secure Signalling

CL-SIP Secure Signal-

ling

Measures • Configure use of TLS on the SIP server and install server

certificates

• Configure TLS on the phone – the port will need to be set

to 5061

• Install the SIP Server CA certificate on the phone using

DLS

• Configure the TLS certificate validation policy to trusted

or full – full is recommended

• Configure OCSP checking to allow revocation checking

of the SIP server certificate

• Configure the Backup proxy address 0.0.0.0

Apply password policy (user and administrator)

References See Chapter Certificate Handlingfor Certificate Handling.

See Phone Adminstration Manual chapter on Security ->

Certificate Policy

See DLS manual Configuration & Update Service (DLS) for

installing certificates

See Phone Administration Manual chapter on System Set-

tings -> SIP Addresses and Ports

Can be done via

Needed Access Rights Administrator

Executed

Set Signalling Transport to

TLS

Yes: No:

Set Port for Signalling to

value 5061

Yes: No:

Install TLS certificate on

the phone using DLS:

Yes: No:

Configure Secure SIP

Server certificate policy

Yes: No:

Configure OCSP check Yes: No:

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 43 44

No comments

Unify V3R3 Specifications Page 21