Crestron Flex Series Manuale utente
Crestron Flex Phones
Security Reference Guide
Crestron Electronics, Inc.
The original language version of this document is U.S. English.
All other languages are a translation of the original document.
Crestron product development software is licensed to Crestron dealers and Crestron Service Providers (CSPs) under a
limited nonexclusive, nontransferable Software Development Tools License Agreement. Crestron product operating
system software is licensed to Crestron dealers, CSPs, and end-users under a separate End-User License Agreement.
Both of these Agreements can be found on the Crestron website at www.crestron.com/legal/software_license_
agreement.
The product warranty can be found at www.crestron.com/warranty.
The specific patents that cover Crestron products are listed online at www.crestron.com/legal/patents.
Certain Crestron products contain open source software. For specific information, please visit
www.crestron.com/opensource.
Crestron, the Crestron logo, and XiO Cloud are either trademarks or registered trademarks of Crestron Electronics, Inc.
in the United States and/or other countries. Bluetooth is either a trademark or registered trademark of Bluetooth SIG,
Inc. in the United States and/or other countries. Active Directory and Microsoft Teams are either trademarks or
registered trademarks of Microsoft Corporation in the United States and/or other countries. Wi-Fi is either a trademark
or registered trademark of Wi-Fi Alliance in the United States and/or other countries. Other trademarks, registered
trademarks, and trade names may be used in this document to refer to either the entities claiming the marks and names
or their products. Crestron disclaims any proprietary interest in the marks and names of others. Crestron is not
responsible for errors in typography or photography.
©2022 Crestron Electronics, Inc.
Contents
Overview 1
Ports and Protocols 3
Prerequisites 5
Operating Environment 5
Firmware Version 5
Device Access 5
Default Configuration Settings 5
Microsoft Teams Secure Deployment 6
Required Configuration 7
Create an Admin Account Password 7
Configure the Network 8
Wired Network Configuration 8
Wi-Fi Network Configuration 10
802.1XAuthentication 11
Set the Time and Date 14
Configure the Remote Syslog 15
Optional Configuration 17
Add Users and Groups 17
Configure Bluetooth Communications 17
Configure Automatic Updates 17
Configure a Connection to XiOCloud 18
Management Functions 20
Firmware Update 20
User and Group Management 20
Add a User 21
Delete a User 22
Add a Group 22
Delete a Group 23
ii • Contents Security Reference Guide — Doc. 9313A
Security Reference Guide — Doc. 9313A Crestron Flex Phones • 1
Overview
This document describes the steps needed to harden a Crestron® installation with Crestron Flex
Phones and assumes a basic understanding of security functions and protocols. This guide
provides information about the system configuration used for Crestron Flex Phones firmware
release 1.0.4.22 or later.
NOTE:The term "device"is used in this document to refer to all applicable Crestron Flex
Phone models unless specified otherwise.
The information in this guide pertains to the following device models:
Model Description
UC-P8-T Crestron Flex 8 in. Audio Desk Phone for Microsoft Teams® Software
UC-P8-T-I Crestron Flex 8 in. Audio Desk Phone for Microsoft Teams® Software,
International
UC-P8-T-HS Crestron Flex 8 in. Audio Desk Phone with Handset for Microsoft
Teams® Software
UC-P8-T-HS-I Crestron Flex 8 in. Audio Desk Phone with Handset for Microsoft
Teams® Software, International
UC-P8-T-C Crestron Flex 8 in. Video Desk Phone for Microsoft Teams® Software
UC-P8-T-C-I Crestron Flex 8 in. Video Desk Phone for Microsoft Teams® Software,
International
UC-P8-T-C-HS Crestron Flex 8 in. Video Desk Phone with Handset for Microsoft
Teams® Software
UC-P8-T-C-HS-I Crestron Flex 8 in. Video Desk Phone with Handset for Microsoft
Teams® Software, International
UC-P10-T Crestron Flex 10 in. Audio Desk Phone for Microsoft Teams® Software
UC-P10-T-I Crestron Flex 10 in. Audio Desk Phone for Microsoft Teams® Software,
International
UC-P10-T-HS Crestron Flex 10 in. Audio Desk Phone with Handset for Microsoft
Teams® Software
UC-P10-T-HS-I Crestron Flex 10 in. Audio Desk Phone with Handset for Microsoft
Teams® Software, International
UC-P10-T-C Crestron Flex 10 in. Video Desk Phone for Microsoft Teams® Software
UC-P10-T-C-I Crestron Flex 10 in. Video Desk Phone for Microsoft Teams® Software,
International
2 • Crestron Flex Phones Security Reference Guide — Doc. 9313A
Model Description
UC-P10-T-C-HS Crestron Flex 10 in. Video Desk Phone with Handset for Microsoft
Teams® Software
UC-P10-T-C-HS-I Crestron Flex 10 in. Video Desk Phone with Handset for Microsoft
Teams® Software, International
Security Reference Guide — Doc. 9313A Crestron Flex Phones • 3
Ports and Protocols
The following ports and protocols may be used by the device depending on the system design
and configuration.
Crestron Control Devices
Function Destination Port From (Sender) To (Listener) Notes
Crestron-
CIP
41794/TCP Device Control
System
Crestron Internet Protocol
Crestron-
SCIP
41796/TCP Device Control
System
Secure Crestron Internet
Protocol
HTTPS 49200/TCP Remote
Device
Device Web APIfor Crestron HTML5
User Interfaces
Common Ports
Function Destination Port From (Sender) To (Listener) Notes
NTP 123/UDP Device NTP Server Network Time Protocol
(NTP)
SSH 22/TCP Admin
Workstation
Device Used for configuration
and console.
LDAP 389/TCP Device Admin Server
LDAPS 636/TCP Device Admin Server
HTTPS 443/TCP Admin or End
User
Workstation
Device Secure web configuration
HTTPS 443/TCP Device XiOCloud®
Service
For XiO Cloud services
only and not required for
device functionality. A
persistent connection is
made via AMQP over
WebSockets. HTTPS
services such as routing
lookups and file transfers
may be used.
4 • Crestron Flex Phones Security Reference Guide — Doc. 9313A
Function Destination Port From (Sender) To (Listener) Notes
HTTPS 443/TCP Device Microsoft
Portal
For Microsoft portal
services only and not
required for device
functionality. HTTPS
services such as routing
lookups and file transfers
may be used.
HTTPS 443/TCP Device Firmware
Server
Firmware upgrade path
HTTPS 443/TCP Device APKServer APKupgrade path
DHCP 67/UDP Device DHCP Server DHCP addressing
DHCP 68/UDP DHCP Server Device DHCP addressing
HTTP 80/TCP End User
Workstation
Device Web configuration
WPAD 80/TCP Device WPADFile
Server
Gets the PACfile from
the server.
Remote Syslog Configurable Device Remote Syslog
Server
Uses TLS
HTTPProxy Configurable Device Proxy Server
HTTPSProxy Configurable Device Proxy Server
Kerberos 88/TCP Device KDC(Key
Distribution
Center)
DNS 3/TCP/UDP Device DNSserver
Security Reference Guide — Doc. 9313A Crestron Flex Phones • 5
Prerequisites
In order to perform a secure configuration, the following prerequisites must be met.
Operating Environment
Crestron assumes the following about the operating environment of its systems:
lThe system is not capable of Multi-Factor Authentication (MFA). If your organization's
policy requires MFA, you cannot use the system.
lPhysical security is commensurate with the value of the system and the data it contains
and is assumed to be provided by the environment.
lAdministrators are trusted to follow and provide all administrator guidance.
Firmware Version
Crestron Flex Phones must be running firmware version 1.0.4.22 or later.
Device Access
The administrator can access and configure the device by using a web browser. Additionally,
some aspects of configuration can be performed via the XiOCloud® service. This document
describes device configuration using the web browser.
The device also provides local setup pages for commonly used configuration settings. The local
setup pages can be accessed from the touch screen display by tapping the gear icon on the home
page and then selecting Device Settings.
Default Configuration Settings
In order to configure the device, it must first be placed in its factory default state. A device can
be returned to this state as follows:
1. Disconnect the Ethernet cable from the LAN port that supplies the device power over PoE
(Power over Ethernet).
2. Reconnect the Ethernet cable to the LANport. The device starts to boot.
3. When the LEDlightbar below the touch screen display starts to flash green, press and
hold the Volume Up and Microphone Mute buttons simultaneously for at least 10 seconds.
A page is displayed asking whether a factory restore should be performed.
6 • Crestron Flex Phones Security Reference Guide — Doc. 9313A
4. Use the Volume Up or Volume Down buttons to select Yes, and then press the Microphone
Mute button to confirm the selection.
5. Wait 5 to 10 minutes for the self-recovery process to complete.
6. Proceed with the network configuration.
Microsoft Teams Secure Deployment
The device runs the Microsoft Teams® software app. For more information on how to securely
deploy Microsoft Teams across an enterprise, refer to docs.microsoft.com/en-
us/MicrosoftTeams/security-compliance-overview.
Questo manuale è adatto per i seguenti modelli
18
Indice
Altri manuali Crestron Telefono IP
