Anonymous/Unsolicited Calls Protection ..................... 9 SRTP ..............................11 SECURITY FOR WP810 SERVICES ................12 Firmware Upgrade and Provisioning ....................12 TR-069 ..............................13 Syslog ..............................15 SECURITY GUIDELINES FOR WP810 DEPLOYMENT ..........16 P a g e WP810 Security Guide...
Page 3
Figure 10 : Settings to Block Anonymous Call .................... 10 Figure 11 : SRTP Settings ........................... 11 Figure 12 : Upgrade and Provisioning ......................12 Figure 13 : TR-069 Connection Settings ..................... 14 Figure 14 : Syslog Protocol ......................... 15 P a g e WP810 Security Guide...
We recommend disabling TR-069 if not used to avoid potential port exposure. • Deployment Guidelines for WP810 This section introduces protocols and ports used on the WP810 and recommendations for routers/firewall settings. This document is subject to change without notice.
Phones on public networks and it’s recommended not to do so. Web UI Access Protocols HTTP and HTTPS are supported to access the WP810’s web UI and can be configured under web UI → Maintenance → Security settings → Security.
Changing the default password at first time login is highly recommended. When accessing the WP810 phones for the first time or after factory reset, users will be asked to change the default administrator password before accessing WP810 Web interface.
UI access is needed. ➢ Change User Level Password upon the first login by following the below steps: 1. Access your WP810 web UI by entering its IP address in your favorite browser. 2. Enter your admin password.
• SIP transport protocol: The WP810 supports SIP transport protocol “UDP” “TCP” and “TLS”. By default, it’s set to “UDP”. It’s recommended to use “TLS” so the SIP signaling is encrypted. SIP transport protocol can be configured per Account under web UI → Accounts → Account X → SIP Settings → Basic Settings. When “TLS”...
5061. Anonymous/Unsolicited Calls Protection If the user would like to have anonymous calls blocked, please go to WP810’s Web GUI → Account X → Call Settings and set “Anonymous Call Rejection “to “Yes”: The WP810 will then reject all incoming calls with anonymous caller ID by sending a “486 Busy here”...
Accept Incoming SIP from Proxy Only: Set “Yes” to force the WP810 to Check SIP address of the Request URI in the incoming SIP message; if it doesn't match the SIP server address of the account, the call will be rejected.
SRTP To protect voice communication from eavesdropping, the WP810 support SRTP for media traffic using AES 128&256, AES 128 or only AES 256. It is recommended to use SRTP if it’s supported by the SIP server (Or the service provider). SRTP can be configured under Web GUI → Account X → Audio Settings.
SECURITY FOR WP810 SERVICES Firmware Upgrade and Provisioning The WP810 Cordless Wi-Fi IP Phones support downloading configuration file via TFTP, HTTP/HTTPS, FTP/FTPS. Below figure shows the related options under Web GUI → Maintenance → Upgrade and Provisioning Figure 12 : Upgrade and Provisioning...
Page 14
Upgrade/provisioning server and the config file can be downloaded. Authenticate Config file: This sets the WP810 to authenticate the configuration file before applying it. When set to “Yes”, the configuration file must include P value P1 with WP810 system’s administration password. If it is missed or does not match the password, the WP810 will not apply the config file.
CPE SSL Certificate: Configures the Cert File for the ATA to connect to the ACS via SSL. • CPE SSL Private Key: Specifies the Cert Key for the ATA to connect to the ACS via SSL Figure 13 : TR-069 Connection Settings P a g e WP810 Security Guide...
Syslog The WP810 supports sending Syslog to a remote syslog server. By default, it’s sent via UDP and we recommend changing it to “SSL/TLS” so the syslog messages containing device information will be sent securely over TLS connection. The setting is under Maintenance → Syslog.
• Use TLS and SRTP for SIP calls On the WP810, it’s recommended to use TLS for SIP transport with “sips” in SIP URL scheme for SIP signaling encryption and use SRTP for media encryption. Below the SIP ports and RTPs port used on the WP810 if the network administrator needs to create firewall rules.
Page 18
HTTPS. Also, do not expose the WP810 web UI access to public network for normal usage. • Use HTTPS for firmware downloading and config file downloading Use HTTPS for firmware downloading and provisioning. Besides that, set up username and password for the HTTP/HTTPS server to require authentication.