• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

I am sure that this is a popular topic I would appreciate any help or information

Recently hacking and fraud has become the norm, therefore we are rethinking if are current provisioning strategy is up to speed, we are responsible for approximately 4000 Polycom IP phones.....

We currently have a FTP server with all the provisioning files which includes the phones unique registration credentials.

Unfortunately to my knowledge there is no way of keeping the passwords encrypted on the FTP server so this is issue number one if someone is successful of hacking into our FTP server they got everything they need.

The files transferring from the FTP server to the phones while transferring if someone is able to hack into the network and capture the packets they could very easily extract the passwords.

Therefore I'm coming to you to ask which solutions are the most recommended and is there any providers selling just this part as a service helping provisioning or do you have any products from Polycom itself providing so doing mass provisioning and management.

Thanks

3 REPLIES 3
HP Recommended

Hello YK,

 

welcome to the Polycom Community.

 

You could utilize HTTPS or FTPS Provisioning or encrypt the configuration Files.

 

You will need to contact Polycom Support as described in this documentation => here <=

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thanks Steffen.

 

We are attempting what we thought would be simpler, having the phones connect to the provisioning server via FTP(S) to download their configuration files. We're not concerned about the phone encrypting its log or settings files when it sends them back to the provisioning server, we just want the phones to authenticate and download securely to prevent "man-in-the-middle" attacks.

 

Based on the list of Certificate Authorities (in this doc) trusted by SoundPoint phones we purchased a GeoTrust certificate and configured our FTP server (vsftpd) to use that cert and force SSL for login and data transfer. We confirmed this works with an FTP(S) client application (Transmit on Mac).

 

However when we configure a SoundPoint 331 to use FTP(S) it tells us it can't contact the boot server. Prior to forcing SSL we had vsftp running as a normal (no SSL) FTP server and verified that this phone could connect via FTP to the same server and download its config files.

 

Can you tell us what we're doing wrong? Thanks in advance for any wisdom you can pass our way.

HP Recommended

Oops I think we figured out the problem. I was thinking "FTP(S)" meant explicit SSL on port 21. The Soundpoint refers to implicit SSL on port 990 as "FTP(S)" and the version of vsftpd we're running doesn't support implicit SSL. Going to try to upgrade to a newer version of vsftpd that does support implicit SSL and try again. Will post back if it works.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.