Security guidelines, Secure/encrypted server communications – Teo IPTelephone Network User Manual
Page 65
Security Guidelines
13-280132 Rev. Q
Page 65
To ensure secure communications and configuration, the phone should have TLS enabled
and required certificates installed. The phone should use HTTPS protocol to update its
configuration and have TLS and SRTP enabled for voice communications.
In addition, for configuration security, the phone should use the
configuring phones. This is the default option in the phone, it restricts which phone
hardware can be used for a specific phone number.
The certificates for the HTTPS server and SIP proxy server need to be included in a file
which is downloaded from the configuration server. The XML option for the "filename" is
shown below.
S
S
e
e
c
c
u
u
r
r
e
e
/
/
E
E
n
n
c
c
r
r
y
y
p
p
t
t
e
e
d
d
S
S
e
e
r
r
v
v
e
e
r
r
C
C
o
o
m
m
m
m
u
u
n
n
i
i
c
c
a
a
t
t
i
i
o
o
n
n
s
s
E
E
n
n
a
a
b
b
l
l
i
i
n
n
g
g
S
S
e
e
c
c
u
u
r
r
e
e
R
R
e
e
a
a
l
l
-
-
t
t
i
i
m
m
e
e
T
T
r
r
a
a
n
n
s
s
p
p
o
o
r
r
t
t
P
P
r
r
o
o
t
t
o
o
c
c
o
o
l
l
(
(
S
S
R
R
T
T
P
P
)
)
SRTP encrypts voice communications.
XML Tag
Data / Description
<srtp_enable>
ON
srtp_enable>
SRTP encrypts voice communications.
E
E
n
n
a
a
b
b
l
l
i
i
n
n
g
g
T
T
r
r
a
a
n
n
s
s
p
p
o
o
r
r
t
t
L
L
a
a
y
y
e
e
r
r
S
S
e
e
c
c
u
u
r
r
i
i
t
t
y
y
(
(
T
T
L
L
S
S
)
)
a
a
n
n
d
d
S
S
e
e
t
t
t
t
i
i
n
n
g
g
t
t
h
h
e
e
P
P
o
o
r
r
t
t
N
N
u
u
m
m
b
b
e
e
r
r
Use TLS to encrypt signaling to the server.
XML Tag
Data / Description
<sip_transport>
TLS
sip_transport
<sip_proxy_port>
5061
sip_proxy_port>
5061 is the default port number for TLS.
<sip_reg_port>
5061
sip_reg_port>
<phone_port>
5061
phone_port>
S
S
S
e
e
e
c
c
c
u
u
u
r
r
r
i
i
i
t
t
t
y
y
y
G
G
G
u
u
u
i
i
i
d
d
d
e
e
e
l
l
l
i
i
i
n
n
n
e
e
e
s
s
s