Category:HowTo:Secure PUI

From Snom User Wiki

Jump to: navigation, search

Contents

How to secure a snom phone

snom phones offer multiple ways and options to provide security for various aspects. But with security comes inconvenience, so it might not be necessary or desired to enable all features in any environment.

This document gives an overview of the available security options to help snom phone users and administrators to find the appropriate solution for their security needs.

The most important security features are described in the sections 1-3. When the web interface of the phone is accessed for the first time, a special security page appears which allows you to set all three features at once.
That page is also reachable via the URL http://phoneIP/security.htm at any time.

HTTP(S) User and Password

  • The most essential security feature is to set a user name and a password to protect the web interface of the phone. As long as no user and password is set, anyone within the same network as the phone can access the web interface, which allows to read and modify the phone configuration.
  • When you set the password, it is recommended to use HTTPS instead of HTTP to access the web interface, otherwise an adversary could sniff the password from the unencrypted HTTP traffic. It is also possible to disable the HTTP access to enforce the use of HTTPS or to disable the web interface access completely. All options can be configured through the webserver connection type setting.
  • Additionally an automatic logout timer can be set which forces the user to reenter his credentials after the given time.

Admin Mode

  • If the phone user should not be allowed to change security relevant settings, it is recommended to enable the user mode, where the phone web interface and phone menu structure is restricted.
  • The admin mode, which has access to all settings, should be secured with a password too.
  • It is also possible to define which configuration items in the web interface are restricted for the user if the default isn't suitable.
  • To customize the user accessible menu options in the phone menu, it is necessary to provision custom XML menu definition files to the phone.

Hidden tags

Keyboard lock

SRTP and SIPS

  • Both the audio data and the SIP signalling information can be sniffed and/or spoofed on the network by an adversary unless they are encrypted. SRTP can be used to encrypt the audio data and SIPS(SIP over TLS) to secure the SIP signalling.
  • If the current call is secured by both SRTP and SIPS, a lock symbol is shown on the phone display to notify the user.

OpenVPN

Provisioning

  • Settings received by the phone via the provisioning process can overwrite any existing security setting. So it is essential to ensure that the phone fetches provisioning data only from trusted sources.
  • The setting provisioning_order defines which provisioning sources are tried in what order. Removing unused provisioning sources will reduce the available attack vectors.
  • To prevent attacks via rogue DNS servers or a man in the middle, it is also possible to enable server authentication, where the phone only trusts servers providing server certificates signed by a root certificate installed in the phone.
  • The provisioning server can also verify the client certificate stored in the phone to ensure that provisioning data containing credentials is only available for snom phones. snom 7xx and 8xx, MeetingPoint and M9 feature individual certificates containing the MAC address as common name, so for these phones it is possible to provide the provisioning data only to whitelisted MAC addresses.
  • It is highly recommended that you use HTTPS together with device verification based on the certificate to make sure that account data are only provisioned to snom devices. Otherwise it might be possible to get account data using CURL.

U-Boot Lock

  • As most snom phones (except snom MeetingPoint) contain user accessible serial ports, an adversary with physical access to the phone could tamper the phone firmware or extract secret data like account credentials from the flash storage via the serial port.
  • The U-Boot lock sets a password, which must be entered to gain access to the U-Boot bootloader via the serial console.
  • If a U-Boot lock lock is set, it also locks the recovery mode, so it can't be used without entering the password.

Tampering protection

  • A device secured with an U-Boot lock is still vulnerable to physical attackers who dismantle the phone.
  • Apart from restricting physical access to the phone there is no way to protect against such attack, but by applying security seals offered from third party vendors it is at least possible to detect phone tampering.

This category currently contains no pages or media.

Personal tools
Interoperability