Do I need to open up t*f*t*p (69) for external phones?

[fishfilet]

I will have a few external phones in my setup. Right now the phones inside download their config from t*f*t*p. I was wondering if I need to open up port 69 which is t*f*t*p i think on my router so that external phones can download their configs or is this a bad idea?

Also I am using polycom 601's right now. Is there anything special I need to do to make them work externally?

 

[jmullinix]

If you open t*f*t*p to the public, when your phones boot, they will phone home and if I am watching your traffic, I will have the required credentials to become one of your extensions. I think the only safe way to provision remote phones would be through dedicated bandwidth or a VPN, but not the open Internet.

 

[jeffmac]

I don't think it would even require watching the traffic. A t*f*t*p server open to the internet is one of the first things any security person shuts down. As soon as some interloper finds the t*f*t*p server open, he can simply download anything thats there. So the provisioning files (which DO contain all the info jmullinix describes) are there for the taking.

A more secure method is a must.

Jeff

 

[fishfilet]

Thank you I thought it seems very insecure but I wanted to make sure.

 

[fishfilet]

Is this only needed for provisioning? If so can I just provision the phones and then send them out to my remote users? I guess the only problem would be if I wanted to make any changes.