Specifications

ManualsBrandsSiemens ManualsIP PhoneHIPATH V1.2.33

331

332

333

334

335

336

337

338

339

340

Explorers Nur für den internen Gebrauch

A31003-H3580-M103-2-76A9, 01-2009

7-204 HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation

hg-07.fm

Payload

7.7.6.4 Edit Security Configuration

The Edit SPE Security Setup mask lets you customize the security settings for signaling and

payload encryption (SPE) to satisfy the customer’s security requirements. This affects the en-

cryption of signaling and user data in communications between the gateway and VoIP clients

as well as between two gateways.

WBM path:

WBM > Explorers > Payload > (right-click) Signaling & Payload Encryption (SPE) > Edit Secu-

rity Configuration

Procedure:

Proceed as follows to edit the SPE security configuration:

1. Select: WBM > Explorers > Payload > (right-click) Signaling & Payload Encryption (SPE)

> Edit Security Configuration. The Edit SPE Security Setup mask is displayed. You can edit

the following data in this mask:

● Minimal length of RSA keys: Select the minimum length of the RSA key for the certifi-

cates. The following lengths are possible: 512, 1024 and 2048. The higher the value,

the more secure the key.

● Certificate validation with CRL verification required: Select this checkbox if you want

to use a certification revocation list to check if a certificate is invalid.

You can use the certificate revocation list (CRL) to specify whether and why a certifi-

cate should be blocked/revoked. If a certificate or certification authority (CA) declares

a certificate invalid, it enters the certificate’s serial number in its list. You can download

this list for certification inspection. You need an Internet connection to the certification

authority for this.

● Minimum Re-Keying interval [hours]: Enter how long a specific key should be used for

the encryption of signaling and user data. A new key is generated when this interval

expires.

● Subjectname check: Activate this checkbox if you want to check the subject name in

the certificate of a VoIP client.

By checking the subject name in the certificate of a gateway (HG 1500) its identity can

be checked. The subject name contains the IP address or the DNS name (DNS: Do-

main Name System) of the respective gateway.

● Salt Key Usage: Select this checkbox if you want to perform high encryption for pass-

words.

You can use this procedure to perform high encryption for passwords. This procedure

makes the decryption of these passwords much more difficult or even impossible. Fol-

lowing encryption, it is therefore impossible to tell if two users are using the same pass-

word.