Content

Page tree

There are a few basic steps to secure your phone from external access.


Step 1: Set a username and a password for the web user interface (WUI)

Look up the IP address of your phone in the phone's  Settings  menu, submenu Information  ->  System Info.


  • Open a web browser on a PC in the same subnet as your phone and enter the phone's IP address in the address bar.
  • On a new phone or on a phone that has been reset to factory values you will see the following page:

→ Advanced → QoS/Security

Make sure you set

  1. Administrator password (needs to be confirmed!)
  2. HTTP Server User and Password (WebUI)
  3. "Hidden Tags" to "on"

and click on the button " Apply".

ATTENTION PLEASE:

Please do not forget to click on save at the top after every change in the web interface (WUI). Only then will your changes be permanently retained even after a restart of the phone.

You have taken the most important security measures. For an added layer of security, follow the below steps:

  • In the vertical menu on the left side of the WUI, select  Advanced  and click the  QoS/Security  tab at the top of the page.
  • Scroll down to the "HTTP Server" section and enter a username and a password. Select "Authentication scheme: Digest".



Confirm your changes with "Apply". These credentials will now be used to access the phone user interface.

NOTE:  If you use remote provisioning and do not need access to the web user interface, you can disable it within your provisioning using [this] setting in order to harden your phone even more.



Step 2: Disable admin mode and change the administrator password

Most users do not require the full functionality of either the phone web user interface or the phone menu.
In order to prevent users without admin rights from modifying the settings, you need to put the phone in user mode and change the default admin password (0000) on the "QoS/Security" tab.



Step 3: Set the web server to HTTPS only type

Select the "Network" tab of the  Advanced  page. Scroll down to the HTTP Section and set the "Webserver connection type" to "https only".


Click "Apply" on the bottom of the page to apply the settings.

NOTE:  once you press "Apply" the web user interface will no longer be available via  http://ip_address_of_phone/  but via  https://ip_address_of_phone/



Step 4: Set a PIN code and keyboard locking to prevent physical abuse

From the vertical menu on the left side of the WUI, select  Preferences. Scroll down to "Lock Keyboard" and set a  enable_keyboard_lock.