Browse Tag

Snom

Snom BBC News story

A story was published on the BBC News website today regarding a vulnerability in snom phones that could allow someone to eavesdrop on you.

http://www.bbc.co.uk/news/technology-35579273

If you read this story earlier today, you should re-read it as it has been substantially edited in the last hour or so.

I would just like to reassure customers that this is not news to either ourselves or snom. It is just a case of setting decent passwords on the phone and using up to date firmware. Devices must be set up correctly to operate in a secure fashion, snom phones actually do more to remind you to do this than any other phone – they have messages on the LCD screens and web interfaces.

Also, ProVu advise customers on security best-practices and we can provision a sensible set of default settings to your IP phones.

Snom publish a best-practices guide here:

http://wiki.snom.com/FAQ/How_do_I_secure_my_phone

The gist of this is to use recent firmware, set a strong HTTP password and leave hidden-tags turned on.

This advice pretty much fits with any SIP phone (indeed, any device you connect to your network).

It’s a shame snom have been singled out here because they do more than many to secure their phones.

Paul.

How to page to the Snom D765 from the 2N Net Audio Decoder

You will need to open up the 2N IP Audio Control Panel on your PC, have your 2N Net Audio Decoder connected to your network and a functioning Snom D765. Click ‘Destination & Zones’ using the left hand sidebar, then click Create RTP destination again on the left hand sidebar. You can give the RTP destination a more meaningful name if you wish rather than ‘RTP destination 1’. For better quality sound, you should choose Linear PCM 16 bit Stereo (44.1kHz), then choose the IP address e.g. 239.255.1.10, then set the port number to 7000 and leave TTL as -1. You will then need to save your configuration using the ‘Save configuration’ button located near the top left hand side of the window.

After you have followed the previous steps, you will need to navigate to ‘Sessions’, then right click in the centre in the white space, and click ‘Create session’. On the left hand side, providing you have some media ready such as an Internet radio station, you will need to drag this into the new session you just created. The Internet radio station will then be displayed on the session. Finally, you need to drag the RTP destination you created earlier on, and drag this onto the ‘DESTINATIONS’ section on the session. That’s the main configuration complete for the 2N IP Audio Control Panel (2N Net Audio Decoder). The next step is to configure your Snom phone for multicast.

You will need to obtain the IP address of your Snom phone by pressing the Menu key, pressing key number 6, then pressing key number 2. This will show the System Info which will display the IP address of the phone e.g 192.168.1.64

Web browse to the IP address of the phone using your web browser. You may be prompted for a username and password which you may not know about. If this is the case, you will need to consult your system administrator. By default, there is no username and password set, if this is the case, you should see the Snom web interface.

That’s the end of the configuration process. All you need to do now is go back to the IP Audio Control Panel, click ‘Sessions’, then ensure MASTER CONTROL and Internet radio station is set to on and the volume bar is up. The radio station should now page to your Snom phone.

If there are any questions, please email matthew@provu.co.uk

Introducing the New Snom D375

We are pleased to announce the arrival of Snom’s next generation desk phone.

For those of you who are familiar with the Snom 370, the D375 features all of the same qualities, plus some excellent new ones. With 12 LED function keys (BLF), a large 4.3” high-resolution backlit colour display and 2 x Gigabit Ethernet Ports for high speed connectivity, this handset is ideal for users looking for the next-generation VoIP business phone.

Key Features Include:

  • Supports up to 12 SIP accounts
  • 10 dedicated function keys
  • USB connectivity
  • Built-in Bluetooth compatibility
  • PoE support
  • Electronic Hook Switch support (Requires the Snom EHS Advanced)

Trade pricing and stock information is available on our reseller portal ProSys.

Find out more information about the Snom D375.

Introducing the New Snom D710


The new Snom D710 is now in stock and available to purchase from ProVu. Joining the D7 series of IP phones, the new D710 will replace Snom’s current 710 model.

Providing the ideal entry-level handset for everyday business use, the D710 comes complete with a range of cost-effective features:

  • Supports up to 4 SIP accounts
  • PoE support
  • 4-line black and white backlit graphical display
  • 5 programmable function keys with multi-coloured LEDs
  • Superior, crystal-clear call quality
  • 2 x 10/100 Mbps ethernet switch

For more information, please see the Snom D710 webpage.

Pricing and stock information is available on our reseller portal, ProSys. If you would like to become a ProVu reseller, you can apply via our online reseller application form.

Using secure SIP and RTP with SARK PBX and Snom or Yealink phones

This involves two levels of encryption. The first is SIPS/TLS which is encryption of SIP signalling between the SARK PBX and your IP phone. It works in much the same way as HTTPS certificates do.

You can either purchase a certificate from a trusted source or generate your own self signed certificates. I’ll use self-signed certificates here because they are free and do the job for what I wanted.

The second part of encrypting your phone calls is the actual audio stream itself, the RTP. We can use SRTP, this is simply a case of turning it on but there’s no real point to doing this without firstly configuring SIPS/TLS because the keys used in SRTP encryption are passed in the SIP messages.

For me, there’s two reasons for doing all this.

The most obvious one is security, encrypting your phone calls means that anyone who is able to sniff your network traffic cannot extract your phone calls. For most people this is pretty unlikely but could happen all the same.

Perhaps of much more use is for remote or home workers and this is what made me get this working with SARK. One of the biggest problems in the world of VoIP is SIP-ALGs on routers making incorrect alterations to SIP packets. If your SIP packets are encrypted then any router they pass through cannot possibly make any alterations to them!

The steps to getting this working are (basically the same process on a SARK PBX as on any Asterisk PBX).

1) Generate self-signed certificates (commands issued at the Linux command prompt on SARK):

  • cd /etc/asterisk
  • mkdir ssl
  • cd ssl
  • echo 00 > file.srl
  • openssl req -out ca.pem -new -x509 -days 365
  • openssl genrsa -out server.key 2048
  • openssl req -key server.key -new -out server.req -days 365
  • openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out server.pem -days 365

2) Configure Asterisk:

Edit the file ‘sark_sip_header.conf’ either from the command line or in Asterisk File Edit in the SARK web interface. Add the following:

tlsenable=yes
tlsbindaddr=xx.xx.xx.xx
tlscafile=/etc/asterisk/ssl/ca.pem
tlsprivatekey=/etc/asterisk/ssl/server.key
tlscertfile=/etc/asterisk/ssl/server.pem
tlsclientmethod=tlsv1
tlscipher=ALL
tlsdontverifyserver=yes

Replacing xx.xx.xx.xx with your system’s own IP address. The last line isn’t essential for us but means if Asterisk is connecting as a client to a TLS server (so you’d need a SIP service provider who does TLS), whether to verify their certificate or not. If you do verify their certificate then they cannot be using self-signed certificates.

3) Configure extensions:

You can specify which extensions will use TLS & SRTP (and any you don’t, stay using unencrypted SIP & RTP).

In the SARK web interface, edit the extension and go to the “asterisk” tab. Add these lines:

transport=tls
port=5061
encryption=yes

This will turn on both TLS and SRTP for that single extension.

It’s important to note that once you’ve applied this, the phone MUST use it and trying to Register without encryption will now fail.

4) Configure the firewall:

By default SARK PBX only allow in SIP over UDP but TLS uses TCP. You need to add a rule in the ‘firewall’ section of the SARK web interface to allow TCP port 5061 (SIPS/TLS uses 5061 by default). Note, you don’t need to allow RTP over TCP, SRTP still uses UDP normally.

5) Configure the phones:

This assumes you already have a phone configured and working using normal SIP, this is how to convert them to use SIPS/TLS & SRTP.

Snom phones (note, you’ll probably need a fairly recent firmware version)

  • In identity #, add an outbound proxy such as “sip.mydomain.com:5061;transport=tls”. Where sip.mydomain.com is your SARK PBX’s hostname or IP address. You could also set up the correct DNS-SRV records for this (hint, _sips._tcp) but I’ll not go in to that here.

  • In the RTP tab, turn on RTP Encryption, set SRTP Auth-tag to AES-80 and RTP/SAVP to Mandatory

Then when making or receiving a call, look out for the little “lock” symbol on the phone screen to signify SIPS/TLS & SRTP are both in use in the call in progress.

Yealink phones (I used v72 firmware, older may work too)

  • In Account #, Register tab, set Transport to TLS, set Server Host Port to 5061.
  • In the Advanced tab, set RTP Encryption(SRTP) to ‘Compulsory’

Much like Snom, the phone will also display a “lock” symbol on the screen during a call with SIPS/TLS & SRTP in use.

One last thing to note, both Snom and Yealink phones do not verify server certificates by default. This means that there is no protection against a man-in-the-middle attack (someone else pretending to be your SIP server). You can turn on certificate verification on either phone but you MUST also do one of the following in order for SIPS/TLS to continue to work:

  • Purchase a certificate from a trusted source, much like you would if setting up a HTTPS website. Please speak to us first so we can advise you on the best place to buy as the phones have a limited number of CAs built into them in comparison to a web browser.
  • Continue with your self-signed certificate but load the CA it was signed against into the phone. This is the “ca.pem” file generated earlier on. It is safe to distribute this to your phones, it cannot be used to be generate more certificates without the key (which you need to keep safe).

Any questions to paul@provu.co.uk

Snom 7 Series End of Life Notice

We have received an end of life notice from Snom for their current 710, 720 and 760 models. We are currently holding significant stocks of each of these models and fully expect to be able to continue to supply these for the remainder of 2015 and most likely for some weeks in to the New Year.

The replacement models will be the D710, D715, D725 and D765. Although these new models look the same, they are black in colour and have completely new hardware and firmware. All of the D7 series models except the D710 are in stock and available to order now. We expect the D710 to arrive in the next few weeks.

If you have any queries or would like to discuss how these changes may effect any projects you are working on, please call the sales team on: 01484 840048 or you can email: contact@provu.co.uk.

The New Snom D765 has arrived!

The new Snom D765 is now available from ProVu. Joining the D7-series of IP phones, the D765 is the perfect companion for users requiring cutting-edge design and high-end functionality.

This new desk phone will replace the Snom 760 and is the first in the range to feature integrated Bluetooth connectivity and a large 3.5″ high resolution colour TFT display.

Key Features Include

  • Up to 12 SIP accounts
  • USB connectivity (allowing easy connection of the D7 expansion keypad, USB headset or WiFi dongle)
  • Two x gigabit ethernet switches
  • PoE support
  • RJ9, EHS, USB or Bluetooth headset support
  • 16 programmable function keys with built-in LEDs for visual call indication

    • For more information, please visit the D765 webpage.

Snom 300 still going strong

Launched in 2006 and having gone through several revisions the Snom 300 has stood the test of time and is still going strong. Over the years the Snom 300 has become one of the most popular SIP Phones ever. Proving to be the ideal choice for those volume applications where a relatively low cost but reliable and robust phone are essential requirements.

Although compact the Snom 300 has the same high quality handset and audio as the larger models and supports PoE as well as a 2 line backlit LCD display and headset port. It also has all the the most commonly used telephony features required for business use.

Key Features Include:

  • Call hold
  • Blind or attended call transfer
  • Speakerphone
  • DND mode (do not disturb)
  • 3 way conference call

With a retail price of just £55.00 the Snom 300 represents outstanding value and with its reputation for robustness and reliability it provides a great return on investment.

Convergence Summit South 2015

This year will mark our 3rd year of exhibiting at the Convergence Summit South, taking place at Sandown Park Racecourse on the 7th & 8th October. Joining us this year will be Sangoma, Snom, Gigaset and Yealink.

The exhibition is free to attend and is a great opportunity to meet new and existing clients.

Please register your attendance below and don’t forget to come and visit us at stand 73!

Pre Register now to attend the show

How to set-up JPEG stream on an IP bold door entry for a Snom 760

Here is a guide on how to set up a Snom 760 to be able to view the video stream from a Alphatech IP bold door entry unit.

1. Log in to the web user interface of the Snom 760

2. Go to Function keys

3. Select a key to active the video stream and set the fields to the following

Context —> Active
Type —–> Action URL
Number —-> http://IPADDRESSOFBOLD/snom01.xml ,
Short text —-> Description of button.

4. Once the following fields have been set click apply and then save.

5. To view the stream go to the Snom 760 and press the function key that has been assigned to active the stream of the video.

5b. To stop the stream press the X button on the Snom 760.