Difference between revisions of "VoIP Security"
The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.
(→Signalling and Payload Encryption (SPE)) |
Stefan.Beck (talk | contribs) (Moved outdated Certificate Management to bottom; added DLS Technical Description) |
||
| Line 24: | Line 24: | ||
**Certificate check can now be enabled, in this case certificate must be downloaded via DLS | **Certificate check can now be enabled, in this case certificate must be downloaded via DLS | ||
[[Image:SPE_config_HFA.jpg]] | [[Image:SPE_config_HFA.jpg]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== IEEE 802.1X == | == IEEE 802.1X == | ||
| Line 36: | Line 30: | ||
* {{File-DL|IEEE 802.1X Configuration Management|pdf}} | * {{File-DL|IEEE 802.1X Configuration Management|pdf}} | ||
* {{File-DL|IEEE 802.1X Konfigurations-Management|pdf|de}} | * {{File-DL|IEEE 802.1X Konfigurations-Management|pdf|de}} | ||
| + | |||
| + | Associated DLS Technical Description: | ||
| + | * {{File-DL|DLS - Certificate Management for 802 1x|pdf}} | ||
Basic Requirements For 802.1x Certificates | Basic Requirements For 802.1x Certificates | ||
* {{en}} [[802.1x Certificates]] | * {{en}} [[802.1x Certificates]] | ||
* {{de}} [[802.1x Zertifikate]] | * {{de}} [[802.1x Zertifikate]] | ||
| + | |||
| + | == Certificate Management (an alternative, available on [[optiPoint]] phones only) == | ||
| + | |||
| + | How to implement and set up a secure environment and provide [[optiPoint]] phones with configuration data by the use of XML files via secure Web server (note, that this type of interface is not provided by [[OpenStage]] phones): | ||
| + | * {{File-DL|Certificate over secure link|pdf}} | ||
| + | * {{File-DL|Zertifikate über gesicherte Verbindung|pdf|de}} | ||
Revision as of 11:07, 16 July 2009
Regarding IP telephony the subject VoIP Security becomes more and more important. VoIP must have the same confidentiality, authenticity, availability and integrity as traditional telephony solutions.
Buzzwords to improve the above mentioned properties are SPE, TLS, SRTP and PKI.
HiPath platforms like HiPath 2000 or HiPath OpenOffice ME use the most current technology to protect voice and signalling data from unauthorized access.
How to use secure VoIP on optiPoint SIP phones in general: 
Gesicherte Sprachübertragung in SIP 7
|
Please have a look also at the administrator documentation to IP phones of the optiPoint and OpenStage families and the service documentation for the IP platforms. |
Contents
Signalling and Payload Encryption (SPE)
Activate Signalling and Payload Encryption (SPE) on a optiPoint HFA Phone
To enable security support on the optipoint HFA phones following settings must be done via local configuration or administration web page.
- Configure transport mode: Administration -> System -> Signaling & Payload Encryption (SPE)
- Configure C-TC TLS port in accordance to the CGW configuration (AMO-CGWB: (…), TYP=globif, TLSP=<C-TC TLS port>;), default: 4061
- H.225 TLS port: 1300 (fixed)
- Transport mode: TLS
- Certificate check can now be enabled, in this case certificate must be downloaded via DLS
IEEE 802.1X
How to configure IEEE 802.1X by DLS:
Associated DLS Technical Description:
Basic Requirements For 802.1x Certificates
Certificate Management (an alternative, available on optiPoint phones only)
How to implement and set up a secure environment and provide optiPoint phones with configuration data by the use of XML files via secure Web server (note, that this type of interface is not provided by OpenStage phones):
