Download Print this page

Encryption And The Ip Phone; Configuration File Encryption Method - Aastra 480i Administrator's Manual

Sip ip phone release 1.3

Hide thumbs Also See for 480i:

Administrator's manual (504 pages)

,

User manual (95 pages)

,

Release notes (60 pages)

Table Of Contents

Table of Contents

Advertisement

Enlarged version

Encryption and the

IP Phone

An encryption feature for the IP

phone allows Service Providers the

capability of storing encrypted files

on their server to protect against

unauthorized access and

tampering of sensitive information

(i.e., user accounts, login

passwords, registration

information). Service Providers

also have the capability of locking a

phone to use a specific server-

provided configuration only.

Configuration File Encryption

Method

Only a System Administrator can

encrypt/decrypt the configurations

files for an IP Phone.

System Administrators use a

password distribution scheme to

manually pre-configure or

automatically configure the phones

to use the encrypted configuration

with a unique key.

From a Microsoft Windows

command line, the System

Administrator uses an Aastra-

supplied encryption tool called

"anacrypt.exe".

Note: Aastra also supplies encryption

tools to support Linux platforms

(anacrypt.linux) and Solaris plat-

forms (anacrypt.sunos) if

required.

This tool processes the plain text

<mac>.cfg and aastra.cfg files and

creates triple-DES encyrpted

versions called <mac>.tuz and

aastra.tuz. Encryption is

performed using a secret password

that is chosen by the administrator.

The encryption tool is also used to

create an additional encrypted tag

file called security.tuz, which

controls the decryption process on

the IP phones. If security.tuz is

present on the TFTP/FTP/HTTP

54 IP Phone SIP Admin Guide

server, the IP phones download it

and use it locally to decrypt the

configuration information from the

aastra.tuz and <mac>.tuz files.

Because only the encrypted

versions of the configuration files

need to be stored on the server, no

plain-text configuration or

passwords are sent across the

network, thereby ensuring security

of the configuration data.

To make changes to the

configuration files, the System

Administrator must decrypt the

files, make the changes, and re-

encrypt the files. The encrypted

files must then be downloaded to

the IP phones again.

Note: If the use of encrypted configura-

tion files is enabled (via secu-

rity.tuz or pre-provisioned on

the IP phone) the aastra.cfg and

<mac>.cfg files are ignored, and

only the encrypted equivalent

files aastra.tuz and <mac>.tuz

are read.

Table of Contents

Advertisement

Table of Contents

This manual is also suitable for:

480i ct 9112i 9133i