Just wondering how far you guys go to make IPO secure for administration, SIP trunk & SIP/h323 endpoint registration.
Is any one using certificates and if so can anyone explain step by step as to how use them on IPO?
As far as I can see, a certificate identifies the system to a connecting client device ( usually manager running on a PC ) and if its is a trusted certificate registered with a Certificate Authority both a public and private key are used to encrypt/decrypt data between system and pc.
Can I generate a certificate just for my maintained systems and add this certificate to all our engineers PC's so only they connect?
Can I make it so that unless you have a certificate installed you cannot administer the system?
Do I need a separate certificate for every system or could I have one master one used for all systems?
Do we need pay a CA for a certificate so as to have an exchange of public / private key?
Any disadvantages with certificates? ( apologies if the above sounds stupid, but not worked with certificates before )
With SIP endpoints, what methods have you used to stop hackers registering ( hacking passwords ). Ideally we would like to open up the firewall to allow any device ( hardphone / softphone ) to register but not simply rely on user/passwords. With other systems we can tie this down to MAC address?
Any advice would be great.
Thanks
Is any one using certificates and if so can anyone explain step by step as to how use them on IPO?
As far as I can see, a certificate identifies the system to a connecting client device ( usually manager running on a PC ) and if its is a trusted certificate registered with a Certificate Authority both a public and private key are used to encrypt/decrypt data between system and pc.
Can I generate a certificate just for my maintained systems and add this certificate to all our engineers PC's so only they connect?
Can I make it so that unless you have a certificate installed you cannot administer the system?
Do I need a separate certificate for every system or could I have one master one used for all systems?
Do we need pay a CA for a certificate so as to have an exchange of public / private key?
Any disadvantages with certificates? ( apologies if the above sounds stupid, but not worked with certificates before )
With SIP endpoints, what methods have you used to stop hackers registering ( hacking passwords ). Ideally we would like to open up the firewall to allow any device ( hardphone / softphone ) to register but not simply rely on user/passwords. With other systems we can tie this down to MAC address?
Any advice would be great.
Thanks