I am researching the best method to provision my Digium phones.
My server sits in a data centre connected to the public Internet. My users work from their homes on standard broadband connections. They buy their own D40s, connect them up and select option 2 from the menu. They put in the address of the server and their phone is automatically configured so they can start working.
I use MAC authentication. I have watched the SIP conversation while one of these phones requests it’s configuration from my server. I can see it sends it’s MAC address in the clear followed by a key. My assumption is that the server uses this key to encrypt the configuration that it sends back the phone so everything is secure.
My concern is that a MAC address could be spoofed and the configuration given out to an unscrupulous sole that wants to hijack my phone lines.
Can someone assure me whether MAC address authentication for the provisioning of a Digium phone set up in the way I have identified is safe? And if not, what would be the best solution for my environment?