Mike
2006-Jul-26 19:03 UTC
[asterisk-users] Polycom 501 provisioning : how to secure values located in plein text files
Hello, This is a follow up question to my issues setting up the Polycom 501 when i first received it. I've been playing with the provisioning aspect, and it works great. My only issue is the following: Its a tradeoff between efficient and secured, and I'd like to know if I can have my cake and eat it too. Context: I have 15 phones in my company. I have an FTP server, that contains a directory with a general sip.cfg setup, and 15 phonex.cfg, one for each phone. How can I prevent an educated idiot from getting a phonex.cfg file which isnt meant for him, finding out the reg username and reg.password values and then passing off as, let's say, his boss and wreaking havoc on the business' reputation by getting calls which weren't meant for him...? Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060726/a6fe5af9/attachment.htm
C F
2006-Jul-26 19:14 UTC
[asterisk-users] Polycom 501 provisioning : how to secure values located in plein text files
Use a username and password for the FTP. Of course that also means that you can't use the default username and password and an extra config step before deploying the phones, and also that with a network sniffer s/he can get the username and password. On 7/26/06, Mike <list@virtutel.ca> wrote:> > > Hello, > > This is a follow up question to my issues setting up the Polycom 501 when i > first received it. I've been playing with the provisioning aspect, and it > works great. My only issue is the following: Its a tradeoff between > efficient and secured, and I'd like to know if I can have my cake and eat it > too. > > Context: I have 15 phones in my company. I have an FTP server, that > contains a directory with a general sip.cfg setup, and 15 phonex.cfg, one > for each phone. > > How can I prevent an educated idiot from getting a phonex.cfg file which > isnt meant for him, finding out the reg username and reg.password values and > then passing off as, let's say, his boss and wreaking havoc on the business' > reputation by getting calls which weren't meant for him...? > > Mike > > > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > >
Michael Graves
2006-Jul-26 20:39 UTC
[asterisk-users] Polycom 501 provisioning : how to secure values located in plein text files
I've not had the need for such thigs myself but I noticed that Aastra provides a software product that encrypts the config files for their phones. I saw it offered when last I downloaded an upgrade for my 480i CTs. Doesn't help you with the Polycoms, but it's still good to know. Michael --Original Message Text--- From: Mike Date: Wed, 26 Jul 2006 22:03:20 -0400 Hello, This is a follow up question to my issues setting up the Polycom 501 when i first received it. I've been playing with the provisioning aspect, and it works great. My only issue is the following: Its a tradeoff between efficient and secured, and I'd like to know if I can have my cake and eat it too. Context: I have 15 phones in my company. I have an FTP server, that contains a directory with a general sip.cfg setup, and 15 phonex.cfg, one for each phone. How can I prevent an educated idiot from getting a phonex.cfg file which isnt meant for him, finding out the reg username and reg.password values and then passing off as, let's say, his boss and wreaking havoc on the business' reputation by getting calls which weren't meant for him...? Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060726/1e381d99/attachment.htm