Friday, August 19, 2011
The button on the base
As most of you have probably noticed, there is a button on the base next to the power supply. This button has two functions. The first function is to send a hardware reset to the base, so that no-matter-what-is-going-on the base reboots. This is triggered by the transition from not-pressed to pressed.
The other function which is not so well-known is that you can use this button to factory reset the device. This is triggered when the button is pressed while the system boots up. There is simply a piece of software that checks during the boot up sequence, if the button is pressed and if that is the case, it erases the configuration file(s). So in order to factory rese the device, and your base is running, you have to press the reset button and hold it down for about 30 seconds, until the device has performed a whole reboot cycle. You can see by the change of the LED when the reboot cycle has finished.
The point about the reset button is that if you have lost the password or you have totally screwed up the configuration, you can just use this hardware button to get the device into a state like it was when it came out of the factory (well, it does keep the firmware that you have loaded). Many routers and switches have the same functionality and it has become a widely used standard to “nuke” devices this way.
It is definitively a security relevant feature. For those of you who have the responsibility to run a reliable service for a company, you have to consider that physical access means that whoever has physical access can nuke the device. Because the base does not have to be in the same room where the users have their handset, you should consider putting the device into a location that cannot easily be accessed by walk-in people. For example, the perfect location would be the ceiling of a storage room in the middle of the building. If you put the base above the ceiling cladding (where all the cable runs anyway), it would be invisible and have a great connection into the whole office. The LLDP asset ID comes in handy when you wonder where you exactly played hide and seek with the m9 base station.
Not all versions did the factory reset to perfection. But at least 9.4.7 should do it well. We just found out that e.g. the address book survives the factory reset, this is something that 9.4.8 will take care about; but at least you have a safe way to recover the device in case you should have lost your password.