VoIP Security

Regarding IP telephony the subject VoIP Security becomes more and more important. VoIP must have the same confidentiality, authenticity, availability and integrity as traditional telephony solutions.

Buzzwords to improve the above mentioned properties are SPE, TLS, SRTP and PKI.

HiPath platforms like HiPath 3000 or OpenScape Office MX use the most current technology to protect voice and signalling data from unauthorized access.

How to use secure VoIP on optiPoint SIP phones in general:

Activate Signalling and Payload Encryption (SPE) on a OpenStage HFA Phone
To enable security support on the optipoint HFA phones following settings must be done via local configuration or administration web page.
 * Configure transport mode LocalAdmin: Administration -> System -> Security -> Signalling main = TLS
 * Configure transport mode WEB: Admin -> System -> Security -> Secure H.235 main = TLS
 * Configure C-TC TLS port in accordance to the CGW configuration (AMO-CGWB: (…), TYP=globif, TLSP=;), default: 4061
 * H.225 TLS port: 1300 (fixed)
 * Transport mode: TLS
 * Certificate validation main can now be enabled, in this case certificate must be downloaded via DLS
 * If you use the feature SRSR. And the standby System is using SPE too, then please configure also Secure H.235 standby(WEB) -or- Signalling standby(LocalAdmin). And Certificate validation standby (if used)

Activate Signalling and Payload Encryption (SPE) on a optiPoint HFA Phone
To enable security support on the optipoint HFA phones following settings must be done via local configuration or administration web page.
 * Configure transport mode: Administration -> System -> Signaling & Payload Encryption (SPE)
 * Configure C-TC TLS port in accordance to the CGW configuration (AMO-CGWB: (…), TYP=globif, TLSP=;), default: 4061
 * H.225 TLS port: 1300 (fixed)
 * Transport mode: TLS
 * Certificate check can now be enabled, in this case certificate must be downloaded via DLS

IEEE 802.1X
How to configure IEEE 802.1X by DLS:

Associated DLS Technical Description:

Basic Requirements For 802.1x Certificates
 * 802.1x Certificates
 * 802.1x Zertifikate

Certificate Management (an alternative, available on optiPoint phones only)
How to implement and set up a secure environment and provide optiPoint phones with configuration data by the use of XML files via secure Web server (note, that this type of interface is not provided by OpenStage phones):