Hi,
Do you mean for a provisioning server? Rather than the management
web interface of device.
If for a provisioning server
1) use devices with unique factory installed client certificates.
(Snom, Yealink, Cisco, Panasonic). Verify the MAC presented matches
that in the certificate
Jeff,
It depends on the device manufacturer and what they support. We use a
combination of these where the hardware vendor supports them.
1) Mutual TLS with the built in certs.
2) Encryption of the configuration files.
3) Matching user agents (this can easily be spoofed but it's better then
For providers that have centralized SIP device management that is available
on the internet how have you been protecting your configurations from
unauthorized access over https?
Are there any specific measures that you found most helpful?
I am assuming that certificate authentication is probably