Configuration File Encryption - Polycom SoundPoint IP 300 Administrator's Manual

Administrator's Guide - SoundPoint
Local

3.8.4 Configuration File Encryption

Confidential information stored in configuration files must be protected from attack or
unintentional discovery. This information could include registration passwords and
contact information. A separate SDK is provided to facilitate key generation and con-
figuration file encryption and decryption on a UNIX or Linux server.
The phone can recognize encrypted files, which it downloads from the boot server and
it can encrypt files before uploading them to the boot server. To do this, a key must be
stored on the phone. Configuration files (excluding the master configuration file), con-
tact directories, and configuration override files can all be encrypted. The phone will
still recognize unencrypted files and a combination of encrypted and unencrypted files
can be used on one phone.
If the phone doesn't have a key, it must be downloaded to the phone in plain text (a
potential security hole if not using HTTPS). If the phone already has a key, a new key
can be downloaded to the phone encrypted using the old key (refer to 2.2.3.1 Changing
the Key on the Phone on page 24). At a later date, new phones from the factory will
have a key pre-loaded in them that will be shared with trusted customers. This key will
be changed at regular intervals to enhance security.
Central
(boot
server)
Local
® ®
IP / SoundStation IP
Web Server (if None.
enabled)
Local Phone User None.
Interface
Configuration File: Specify the phone-specific contact directory and the phone-
sip.cfg specific configuration override file.
•
Configuration file: Change the encryption key.
<device>.cfg
•
Web Server (if None.
enabled)
Local Phone User None.
Interface
Copyright © 2006 Polycom, Inc.
For more information, refer to section 4.6.1.20.1
Encryption <encryption/> on page 141.
For more information, refer to section 2.2.2.1.1.3 Set-
ting Flash Parameters from Configuration Files on
page 16.
Features
75