IP Phone Administrator Guide Encryption and the IP Phone

Encryption and the IP Phone

Encryption and the IP Phone

An encryption feature for the IP phone allows Service Providers the capability of storing encrypted files on their server to protect against unauthorized access and tampering of sensitive information (i.e., user accounts, login passwords, registration information). Service Providers also have the capability of locking a phone to use a specific server-provided configuration only.

Configuration File Encryption Method

Only a System Administrator can encrypt/decrypt the configurations files for an IP Phone.

System Administrators use a password distribution scheme to manually pre-configure or automatically configure the phones to use the encrypted configuration with a unique key.

From a Microsoft Windows command line, the System Administrator uses an Aastra-supplied encryption tool called "anacrypt.exe".

Note: Aastra also supplies encryption tools to support Linux platforms (anacrypt.linux) and Solaris platforms (anacrypt.sunos) if required.

This tool processes the plain text <mac>.cfg and aastra.cfg files and creates triple-DES encyrpted versions called <mac>.tuz and aastra.tuz. Encryption is performed using a secret password that is chosen by the administrator.

The encryption tool is also used to create an additional encrypted tag file called security.tuz, which controls the decryption process on the IP phones. If security.tuz is present on the TFTP/FTP/HTTP server, the IP phones download it and use it locally to decrypt the configuration information from the aastra.tuz and <mac>.tuz files. Because only the encrypted versions of the configuration files need to be stored on the server, no plain-text configuration or passwords are sent across the network, thereby ensuring security of the configuration data.

7-2

41-001160-00, Rev 01 Release 2.0

Page 310
Image 310
Aastra Telecom 57I C53I manual Encryption and the IP Phone, Configuration File Encryption Method