Grandstream Networks WP810 Security Manual
  1. Manuals
  2. Brands
  3. Grandstream Networks Manuals
  4. IP Phone
  5. WP810
  6. Security manual

Grandstream Networks WP810 Security Manual

Cordless wi-fi ip phone
Hide thumbs Also See for WP810:
Table of Contents

Advertisement

Quick Links

Download this manual
Grandstream Networks, Inc.
WP810
Cordless Wi-Fi IP Phone
Security Guide

Advertisement

Table of Contents
loading

Related Manuals for Grandstream Networks WP810

Summary of Contents for Grandstream Networks WP810

  • Page 1 Grandstream Networks, Inc. WP810 Cordless Wi-Fi IP Phone Security Guide...

  • Page 2: Table Of Contents

    Anonymous/Unsolicited Calls Protection ..................... 9 SRTP ..............................11 SECURITY FOR WP810 SERVICES ................12 Firmware Upgrade and Provisioning ....................12 TR-069 ..............................13 Syslog ..............................15 SECURITY GUIDELINES FOR WP810 DEPLOYMENT ..........16 P a g e WP810 Security Guide...
  • Page 3 Figure 10 : Settings to Block Anonymous Call .................... 10 Figure 11 : SRTP Settings ........................... 11 Figure 12 : Upgrade and Provisioning ......................12 Figure 13 : TR-069 Connection Settings ..................... 14 Figure 14 : Syslog Protocol ......................... 15 P a g e WP810 Security Guide...

  • Page 4: Overview

    We recommend disabling TR-069 if not used to avoid potential port exposure. • Deployment Guidelines for WP810 This section introduces protocols and ports used on the WP810 and recommendations for routers/firewall settings. This document is subject to change without notice.

  • Page 5: Web Ui/Ssh Access

    Phones on public networks and it’s recommended not to do so. Web UI Access Protocols HTTP and HTTPS are supported to access the WP810’s web UI and can be configured under web UI → Maintenance → Security settings → Security.

  • Page 6: Admin Login

    Changing the default password at first time login is highly recommended. When accessing the WP810 phones for the first time or after factory reset, users will be asked to change the default administrator password before accessing WP810 Web interface.

  • Page 7: User Management Levels

    UI access is needed. ➢ Change User Level Password upon the first login by following the below steps: 1. Access your WP810 web UI by entering its IP address in your favorite browser. 2. Enter your admin password.

  • Page 8: Figure 5 : Change User Level Password

    Figure 5 : Change User Level password P a g e WP810 Security Guide...

  • Page 9: Security For Sip Accounts And Calls

    • SIP transport protocol: The WP810 supports SIP transport protocol “UDP” “TCP” and “TLS”. By default, it’s set to “UDP”. It’s recommended to use “TLS” so the SIP signaling is encrypted. SIP transport protocol can be configured per Account under web UI → Accounts → Account X → SIP Settings → Basic Settings. When “TLS”...

  • Page 10: Anonymous/Unsolicited Calls Protection

    5061. Anonymous/Unsolicited Calls Protection If the user would like to have anonymous calls blocked, please go to WP810’s Web GUI → Account X → Call Settings and set “Anonymous Call Rejection “to “Yes”: The WP810 will then reject all incoming calls with anonymous caller ID by sending a “486 Busy here”...

  • Page 11: Figure 10 : Settings To Block Anonymous Call

    Accept Incoming SIP from Proxy Only: Set “Yes” to force the WP810 to Check SIP address of the Request URI in the incoming SIP message; if it doesn't match the SIP server address of the account, the call will be rejected.

  • Page 12: Srtp

    SRTP To protect voice communication from eavesdropping, the WP810 support SRTP for media traffic using AES 128&256, AES 128 or only AES 256. It is recommended to use SRTP if it’s supported by the SIP server (Or the service provider). SRTP can be configured under Web GUI → Account X → Audio Settings.

  • Page 13: Security For Wp810 Services

    SECURITY FOR WP810 SERVICES Firmware Upgrade and Provisioning The WP810 Cordless Wi-Fi IP Phones support downloading configuration file via TFTP, HTTP/HTTPS, FTP/FTPS. Below figure shows the related options under Web GUI → Maintenance → Upgrade and Provisioning Figure 12 : Upgrade and Provisioning...
  • Page 14 Upgrade/provisioning server and the config file can be downloaded. Authenticate Config file: This sets the WP810 to authenticate the configuration file before applying it. When set to “Yes”, the configuration file must include P value P1 with WP810 system’s administration password. If it is missed or does not match the password, the WP810 will not apply the config file.

  • Page 15: Figure 13 : Tr-069 Connection Settings

    CPE SSL Certificate: Configures the Cert File for the ATA to connect to the ACS via SSL. • CPE SSL Private Key: Specifies the Cert Key for the ATA to connect to the ACS via SSL Figure 13 : TR-069 Connection Settings P a g e WP810 Security Guide...

  • Page 16: Syslog

    Syslog The WP810 supports sending Syslog to a remote syslog server. By default, it’s sent via UDP and we recommend changing it to “SSL/TLS” so the syslog messages containing device information will be sent securely over TLS connection. The setting is under Maintenance → Syslog.

  • Page 17: Security Guidelines For Wp810 Deployment

    • Use TLS and SRTP for SIP calls On the WP810, it’s recommended to use TLS for SIP transport with “sips” in SIP URL scheme for SIP signaling encryption and use SRTP for media encryption. Below the SIP ports and RTPs port used on the WP810 if the network administrator needs to create firewall rules.
  • Page 18 HTTPS. Also, do not expose the WP810 web UI access to public network for normal usage. • Use HTTPS for firmware downloading and config file downloading Use HTTPS for firmware downloading and provisioning. Besides that, set up username and password for the HTTP/HTTPS server to require authentication.

Table of Contents