• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

can anyone tell me please how i can secure polycom phones?  we have 100's of yealink and cisco phones and we have no issues, but with polycom phones we have hackings every day, they are making calls to the most expensive areas in the world,     we are changing the SIP passwords, but a day or 2 later its all over, they somehow get the new SIP credentials, and this is only from polycom phones,  we use the latest FW 4.0.9

7 REPLIES 7
HP Recommended

Hello naftula,

welcome back to the Polycom Community.

Can you describe a bit more in detail what you believe is being actually hacked in this instance ?

 

Are you disabling the web interface or changing the standard password or port ?

 

As you are a service provider you may want to open a support ticket so we can look at this as I have not heard such reports prior to this.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

I would open a ticket with support and look at the below in the meantime.

 

If your provisioning server is available from an unsecured network make sure any config files with passwords are encrypted or you are using a secure protocol like SFTP or HTTPS.  SIP over TLS is a good idea if supported by your phone system.  Check network firewall logs if applicable.

HP Recommended

Hello all,

Config File encryption needs to be requested from Polycom support as we need to clear some details on export regulations.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

i really have no clue as of yet what the issue can be, 

 

1) the phones do NOT have a provisioning server as of now, (we took down the provisioning server untill we find out what the issue is)

 

2) we diabled the phone web interface 3 days ago,  and are in the procces of changing all SIP passwords and update the new passwords in the phones,

 

3) this issue is ongoing for the last 5-8 months,  (we have about 2000 phones, 200 of those are polycom) and it happens only on polycom phones, somehow they find out the SIP passwords, 

 

 

4) no we cannot have SIP over TLS

 

 

5) we did have an issue of "ghost calls" calls from 1000 or so.... 

so we updated our provisioning file with this,

<voIpProt.SIP.requestValidation voIpProt.SIP.requestValidation.1.method="source" voIpProt.SIP.requestValidation.1.request="INVITE" voIpProt.SIP.requestValidation.1.request.1.event="" voIpProt.SIP.requestValidation.1.request.2.event="" voIpProt.SIP.requestValidation.2.method="" 

is this good enough? or we should add something like

requestValidation also for NOTIFY, REFER, PRACK, UPDATE or anything alse?

or can anyone suggest any other tightening of security that we can add to the phones?


 

HP Recommended

Hello naftula,

I would defenately add REFER to that as well.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

we will add REFER

also this is one of the reasons i asked for this 

http://community.polycom.com/t5/VoIP/Web-interface-lockout-duration/m-p/73689

 

any other suggestion someone might have?

 

HP Recommended

Hello naftula,

you should really work with support on this as I would assume our security department would be keen to find out what is actually being hacked.

 

Can you provide me with a MAC address and some details (if you want via community mail) so I can point you towards the right people?

 

We obviously have hundreds of thousands of phones (or more) with our service provider partners and we need to investigate this properly.

 

Any way you could setup a "bait" phone and monitor the traffic via wireshark ?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.