Administrator’s Guide SoundPoint IP / SoundStation IP

Polycom endeavors to maintain a built-in list of the most commonly used CA Certificates. Due to memory contraints, we cannot keep as thorough a list as some other applications (for example, browsers). If you are using a certificate from a commercial Certificate Authority not in the list above, you may submit a Feature Request for Polycom to add your CA to the trusted list by visiting https://jira.polycom.com:8443//secure/CreateIssue!default.jspa?os_username=jirag uest&os_password=polycom. At this point, you can use the Custom Certificate method to load your particular CA certificate into the phone (refer to “Technical Bulletin 17877: using Custom Certificates on SoundPoint IP Phones“ at http://www.polycom.com/usa/en/support/voice/soundpoint_ip/VoIP_Technical_Bulle tins_pub.html).

Encrypting Configuration Files

The phone can recognize encrypted files, which it downloads from the boot server and it can encrypt files before uploading them to the boot server. There must be an encryption key on the phone to perform these operations. Configuration files (excluding the master configuration file), contact directories, and configuration override files can be encrypted.

A separate SDK, with a readme file, is provided to facilitate key generation and configuration file encryption and decrypt on a UNIX or Linux server. The utility is distributed as source code that runs under the UNIX operating system. For more information, contact Polycom Technical Support.

A key is generated by the utility and must be downloaded to the phone so that it can decrypt the files that were encrypted on the server. The device.sec.configEncryption.key configuration file parameter is used to set the key on the phone. The utility generates a random key and the encryption is Advanced Encryption Standard (AES) 128 in Cipher Block Chaining (CBC) mode. An example key would look like this:

Crypt=1;KeyDesc=companyNameKey1;Key=06a9214036b8a15b512e03d534120006;

If the phone doesn't have a key, it must be downloaded to the phone in plain text (a potential security hole if not using HTTPS). If the phone already has a key, a new key can be downloaded to the phone encrypted using the old key (refer to Changing the Key on the Phone on page C-5). At a later date, new phones from the factory will have a key pre-loaded in them. This key will be changed at regular intervals to enhance security

It is recommended that all keys have unique descriptive strings in order to allow simple identification of which key was used to encrypt a file. This makes boot server management easier.

After encrypting a configuration file, it is useful to rename the file to avoid confusing it with the original version, for example rename sip.cfg to sip.enc. However, the directory and override filenames cannot be changed in this manner.

C - 4

Page 296
Image 296
Polycom SIP 3.1 manual Encrypting Configuration Files

SIP 3.1 specifications

Polycom SIP 3.1 is an advanced session initiation protocol designed to enhance voice and video communication in various business environments. As a pivotal component of Polycom’s telecommunication solutions, SIP 3.1 offers several features and characteristics that cater to the evolving needs of modern enterprises, particularly those that rely on seamless and efficient communication.

One of the standout features of Polycom SIP 3.1 is its robust interoperability. This protocol supports a wide range of endpoints and platforms, allowing organizations to integrate their existing systems with new technologies effortlessly. This flexibility ensures that businesses can leverage their previous investments while upgrading to the latest communication tools.

Another key aspect of Polycom SIP 3.1 is its enhanced call management capabilities. The protocol facilitates efficient call handling, enabling users to manage multiple calls seamlessly. Features like call hold, transfer, and conferencing are streamlined, which enhances productivity by allowing for efficient collaboration among team members. Additionally, it is optimized for low latency and high-quality audio, ensuring that conversations are clear and free from disruptions.

Security is paramount in today’s digital landscape, and Polycom SIP 3.1 addresses this concern with advanced encryption standards. By integrating security features such as Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP), it protects sensitive communication from unauthorized access and ensures that data remains confidential throughout the call.

Polycom SIP 3.1 also boasts compatibility with various video codecs, making it a versatile choice for video conferencing. This compatibility ensures high-quality video streams, which is essential for effective visual communication in remote meetings. Furthermore, the support for the H.264 codec provides efficient bandwidth usage, making high-definition video conferencing accessible, even in varying network conditions.

Moreover, the protocol provides strong support for presence and instant messaging, which enhances real-time communication among users. This integration of voice, video, and messaging capabilities fosters a more connected and collaborative work environment, allowing teams to engage effectively regardless of their geographical locations.

In summary, Polycom SIP 3.1 stands out as a sophisticated solution tailored to meet the demands of modern business communication. With its emphasis on interoperability, call management, security, video quality, and real-time collaboration, it caters to companies of all sizes seeking to optimize their communication infrastructure and enhance productivity in the workplace. As businesses continue to navigate the complexities of digital communication, Polycom SIP 3.1 remains a compelling choice in the market.