How to Secure your Tenor |
The following tips give you some ideas on important steps that you should take to secure your Tenor.
The AllowOnlyProxyCalls flag indicates whether or not the Tenor should only accept incoming calls that are routed through the configured SIP Server. Be sure that this is set to "1" (enabled - default) to impose greater security through the Proxy. P104 or later code has the latest SIP features.
Use the Endpoint Address Directory to configure specific IP and/or subnet masks that are allowed or are not allowed (barred) to make calls to this Tenor.
Passwords that you should consider strengthening include the following:
RADIUS shared secrets (User Server, Endpoint Server, Routing Server)
The following sites will generate several suggestions for fairly strong and easy-to-remember passwords. You are likely to see one on the list that you will find easy to remember, or it may trigger an idea for something similar.
Or, if you want to craft your own, here is a nice little how-to that gives good suggestions:
Consider changing them all at once every three months or so.
If you set the webserverport parameter to "0" (off) and submit the change, you will be able to continue to establish a Telnet/FTP session, but you (or anyone else) will not be able to initiate a new Configuration Manager session with this Tenor until someone re-enables this setting through the CLI.
If you set the ManagementAccess parameter to "0" (off) and submit the change, you will be able to continue your current Telnet/FTP session, but you (or anyone else) will not be able to initiate a new Telnet/FTP session with this Tenor until someone re-enables this setting using the Console/Serial Port or Configuration Manager.