There are a few basic steps to secure your phone from external access.
Step 1: Set a username and a password for the web user interface (WUI)
Look up the IP address of your phone in the phone's Settings menu, submenu Information -> System Info.
- Open a web browser on a PC in the same subnet as your phone and enter the phone's IP address in the address bar.
- On a new phone or on a phone that has been reset to factory values you will see the following page:
→ Advanced → QoS/Security
Make sure you set
- Administrator password (needs to be confirmed!)
- HTTP Server User and Password (WebUI)
- "Hidden Tags" to "on"
and click on the button " Apply".
Please do not forget to click on save at the top after every change in the web interface (WUI). Only then will your changes be permanently retained even after a restart of the phone.
You have taken the most important security measures. For an added layer of security, follow the below steps:
- In the vertical menu on the left side of the WUI, select Advanced and click the QoS/Security tab at the top of the page.
- Scroll down to the "HTTP Server" section and enter a username and a password. Select "Authentication scheme: Digest".
Confirm your changes with "Apply". These credentials will now be used to access the phone user interface.
Step 2: Disable admin mode and change the administrator password
Most users do not require the full functionality of either the phone web user interface or the phone menu.
In order to prevent users without admin rights from modifying the settings, you need to put the phone in user mode and change the default admin password (0000) on the "QoS/Security" tab.
Step 3: Set the web server to HTTPS only type
Select the "Network" tab of the Advanced page. Scroll down to the HTTP Section and set the "Webserver connection type" to "https only".
Click "Apply" on the bottom of the page to apply the settings.
Step 4: Set a PIN code and keyboard locking to prevent physical abuse
From the vertical menu on the left side of the WUI, select Preferences. Scroll down to "Lock Keyboard" and set a enable_keyboard_lock.