Regarding IP telephony the subject VoIP Security becomes more and more important. VoIP must have the same confidentiality, authenticity, availability and integrity as traditional telephony solutions.
Signalling and Payload Encryption (SPE)
Activate Signalling and Payload Encryption (SPE) on a optiPoint HFA Phone
To enable security support on the optipoint HFA phones following settings must be done via local configuration or administration web page.
- Configure transport mode: Administration -> System -> Signaling & Payload Encryption (SPE)
- Configure C-TC TLS port in accordance to the CGW configuration (AMO-CGWB: (…), TYP=globif, TLSP=<C-TC TLS port>;), default: 4061
- H.225 TLS port: 1300 (fixed)
- Transport mode: TLS
- Certificate check can now be enabled, in this case certificate must be downloaded via DLS
How to implement and set up a secure environment and provide optiPoint phones with configuration data by the use of XML files via secure Web server (note, that this type of interface is not provided by OpenStage phones):
How to configure IEEE 802.1X by DLS:
Basic Requirements For 802.1x Certificates