A lot of features exist without a good reason Bruce. I agree with the sentiment that it is mostly theatre. The system handling the SIP registrations is the more likely target, and the data source it is authenticating SIP registrations against, whether it's a .conf file, or database, all of that is in cleartext at some point, whether in transit or in process.
Encrypting the configuration files is valuable if they are being cached somewhere on disk, or in some content delivery system that is somehow isolated from the source data and you are concerned about that system being compromised. One pointer to anyone using HTTPS for transport with Polycoms -- ensure that you have SSL key verification enabled in the polycom configurations, otherwise the phone doesn't check that the certificate is from a trusted authority (as much as they can be trusted), and is then vulnerable to man-in-the-middle attacks. On Tue, Apr 17, 2012 at 11:05 AM, Bruce N <[email protected]> wrote: > @Duane, If the SDK (to encrypt) exists then it exists for a security > reason. > > @Reza, I don't think Polycom people approved anyone from Taug to become > channel partner. You should probably look elsewhere. > > -Bruce > > > On Tue, Apr 17, 2012 at 12:28 AM, Duane <[email protected]> wrote: > > > On 04/17/12 14:21, Jason Rose wrote: > > > >> Hey Duane, > >> > >> Actually if you secure anything you are good to go, if you leave > >> loopholes then you are delaying the inevitable... Yes new loopholes are > >> always found, but that is why being an IT manager anywhere is a full > time > >> job... > >> > >> > > What you describe above is commonly called "security theatre", having the > > appearance of security but actually having brittle security, in this case > > someone is trying to secure against someone else having physical access > to > > the server. > > > > If you actually want security, you need to have a secure physical server, > > preferably on the same LAN and behind a decent firewall, otherwise you > are > > just fooling yourself and all it takes is a disgruntled employee wiping > it > > out remotely on you, either your's or the hosting company, or if you are > > getting it rebadged, any other number of middle men as well! > > > > > > ------------------------------**------------------------------**--------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > >
