Administrator’s Guide - SoundPoint® IP / SoundStation® IP

Features

Local

Web Server (if

None.

enabled)

 

 

 

Local Phone User

None.

Interface

 

 

 

3.8.4 Configuration File Encryption

Confidential information stored in configuration files must be protected from attack or unintentional discovery. This information could include registration passwords and contact information. A separate SDK is provided to facilitate key generation and con- figuration file encryption and decryption on a UNIX or Linux server.

The phone can recognize encrypted files, which it downloads from the boot server and it can encrypt files before uploading them to the boot server. To do this, a key must be stored on the phone. Configuration files (excluding the master configuration file), con- tact directories, and configuration override files can all be encrypted. The phone will still recognize unencrypted files and a combination of encrypted and unencrypted files can be used on one phone.

If the phone doesn't have a key, it must be downloaded to the phone in plain text (a potential security hole if not using HTTPS). If the phone already has a key, a new key can be downloaded to the phone encrypted using the old key (refer to 2.2.3.1 Changing the Key on the Phone on page 24). At a later date, new phones from the factory will have a key pre-loaded in them that will be shared with trusted customers. This key will be changed at regular intervals to enhance security.

 

Configuration File:

Specify the phone-specific contact directory and the phone-

 

sip.cfg

specific configuration override file.

Central

 

• For more information, refer to section 4.6.1.20.1

 

Encryption <encryption/> on page 141.

(boot

 

 

Configuration file:

Change the encryption key.

server)

 

<device>.cfg

• For more information, refer to section 2.2.2.1.1.3 Set-

 

 

 

 

ting Flash Parameters from Configuration Files on

 

 

page 16.

 

 

 

 

Web Server (if

None.

Local

enabled)

 

 

 

Local Phone User

None.

 

 

Interface

 

 

 

 

Copyright © 2006 Polycom, Inc.

75

Page 83
Image 83
Polycom 1725-11530-200 Rev A1 manual Configuration File Encryption