VAIL Security (Windows CE 5.0)
Security for devices that use the VAIL requires special attention because the network interface provides an access point to a device. This access point could be used remotely by an attacker. If the security of the device is compromised, it could compromise the security of the other network elements.
The VAIL is are designed for use over a network. To mitigate potential security risks, use available network security resources.
Best Practices
Use Authentication
VAIL uses the authentication method specified by the application that uses it to authenticate itself to the SIP server. For example, the TUI uses the VAIL; the TUI specifies the authentication method. This helps prevent an intruder from connecting to your network and placing calls.
VAIL defers the authentication to the RTC Client API and so supports the same authentication methods as the RTC Client API: Kerberos, NTLM, Digest, and Basic (only over TLS).
For more information about authentication in the RTC Client API, see Authentication. For information about how VAIL uses authentication, see CONFIG_DATA_PHONE_SIP_AUTHTYPE in CONFIG_DATA_.
Use tamper-resistant and privacy-enhanced technologies when exchanging information with the SIP server
To protect data and other assets from being accessed, changed, and deleted, use Secure Sockets Layer (SSL) protocol.
SSL encrypts data as it travels between client and server, and it uses message authentication codes to provide data integrity. For more information, see SSL to Enhance Security of Network Communication.
Require a PIN to access network and user information on the phone
To protect network information and personal information accessible on the phone, such as telephone numbers and speed dial lists, provide a mechanism for locking certain types of information on the phone.
Use authentication if you include a Web server on the phone
If you use the Web server for remote administration, use authentication.
By default, be sure the phone requires administrator authentication.
For more information, see Web Server Security.
Add a firewall to your internal network
To isolate internal packets from exposure to the Internet, you can add a network firewall. This also prevents random Internet traffic from entering your internal network. For more information, see Firewall.
Use a UUID instead of a MAC address for unique phone identification
MAC addresses can be discovered and spoofed, which could enable someone to intercept phone calls. Using a UUID instead of a MAC address can assure a truly unique identity for each device. For more information, see GUIDs and UUIDs.
Default Registry Settings
Be aware of registry settings that impact security
If a value has security implications, you will find a Security Note in the registry settings documentation.
For registry information, see VAIL Registry Settings.
See Also
Enhancing the Security of a Device | RTC Client API Security | TUI Security | IP Phone Security | Exchange Client Security
Send Feedback on this topic to the authors