Yealink Forums
how about securing this phone ? - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: Dect Phone Series (/forumdisplay.php?fid=6)
+--- Forum: W52P (Wireless) (/forumdisplay.php?fid=23)
+--- Thread: how about securing this phone ? (/showthread.php?tid=943)



how about securing this phone ? - frankc - 10-23-2013 04:00 AM

how about add a feature ANY phone has, which is
REQUIRE REGISTRATION TO RECEIVE CALLS, basically

if phone gets a sip packet from an ip that it's not regg'ed to , DROP it..


RE: how about securing this phone ? - Yealink Support - 10-23-2013 11:10 AM

Hi frankc,

Do you mean add a feature to define the IP address to control your phone like other Yealink phones?
Or when phone is controlled, it should pop up a prompt in LCD of phone?
I submit your requestion to our product department and hope it can be added in next version.
Thanks for your advice.


RE: how about securing this phone ? - frankc - 10-24-2013 12:08 AM

no popup...

just anything to SECURE incoming SIP

meaning REJECT non registrated ip's

JIM has phone 1.2.3.4 to Server 4.3.2.1

BOB on 7.8.9.0 sends a SIP invite to 1.2.3.4 (REJECT) the phone has no idea who is 7.8.9.0

Server sends a call to 1.2.3.4 (ACCEPT) - > server is known to the phone because phone is regged to it.


RE: how about securing this phone ? - Yealink Support - 11-02-2013 11:00 AM

Hi frankc,

You can set a proxy server that can limit some SIP messages.


RE: how about securing this phone ? - phlobot - 11-05-2013 04:24 AM

(11-02-2013 11:00 AM)Yealink Support Wrote:  Hi frankc,

You can set a proxy server that can limit some SIP messages.

If the phone is at a remote location and adding network hardware in not an option, is there a way to secure the phone superficially with a simple whitelist of ips or domains?


RE: how about securing this phone ? - Yealink Support - 11-06-2013 11:16 AM

Hi phlobot,

We have a solution for your request which can allow sip messages only from the registration sip server or outbound proxy server.
In the latest version, we just need to add a syntax using auto-provisioning cfg template.
Please add below syntax to your cfg.
---------------------------------------------------------------------------
#!version:1.0.0.1

#The x of the parameter "account.x.sip_trust_ctrl " ranges from 1 to max accounts. For example, x ranges from 1 to 5.

account.x.sip_trust_ctrl=1
------------------------------------------------------------------------------------------

When you want to enable this sip trust control for account 1, fill 1 to “account.1.sip_trust_ctrl”.
Then SIP messages from other servers will refuse by the phone.

Please kindly test and give a feed back to me.
Thanks for your cooperation.

@frankc
Please also try above steps to protect your phone. Smile


RE: how about securing this phone ? - phlobot - 11-06-2013 10:37 PM

(11-06-2013 11:16 AM)Yealink Support Wrote:  Hi phlobot,

We have a solution for your request ...


Please kindly test and give a feed back to me.
Thanks for your cooperation.


Thank you for your response, I'll test it very soon.


RE: how about securing this phone ? - phlobot - 02-07-2014 11:37 PM

hey guys, I thought I'd update with the solution that worked for me...

adding

[ IPCall ]
path = /config/Features/Phone.cfg
IsAllowIPCall = 0

to my y0000000000x.cfg file seemed to do the trick. I should mention that these phones are using old firmware, and the documentation for this is immensely difficult to find anymore.