Apply the following configuration settings in IP Office Manager using the File > Preferences > Security tab to ensures more secure IP Office communications and help keep configuration data away from unauthorized users:
Configuration
Parameter Settings
Request Login on Save
Enabled
Close Configuration/Security Settings After Send
Enabled
Save Configuration File After Load
Disabled
Backup Files on Send
Disabled
Enable Application Idle Timer (5 minutes)
Enabled
Secure Communications
Enabled
The Manager Certificate Checks on the File > Preferences > Security tab should be set according to the security policy. It should be set to None only for recovery purposes.
If mutual certificate authentication is required (that is, the IP Office configuration or security administration service will request a certificate from IP Office Manager) the File > Preferences > Security > Certificate offered to IP Office needs to be set with an identity certificate. If Current User is selected, it will only apply the current Windows user. If Local Machine is selected, it will be used for all Windows users of that PC.
To prevent other administrators from modifying the File > Preferences > Security tab settings, ensure those Service Users do not have the rights to edit security settings, or have the Administrator Manager Operator Role.
In IP Office Manager's File > Preferences > Directories tab, change the Working Directory to be different to the Binary Directory. If the two directory settings are the same, it potentially allows remote TFTP/HTTP file access to the folder containing copies of configuration files.
Ensure all offline configuration files, exported files or other configuration data are controlled.
