Cisco Systems 8941 Security Profiles section on page 1-13for more information, Access section on

Page 24

Chapter

Understanding Security Features for Cisco Unified IP Phones

Table 1-4

Overview of Security Features (continued)

 

 

 

Feature

 

Description

 

 

Device authentication

Occurs between the Cisco Unified CM server and the phone when each entity

 

 

accepts the certificate of the other entity. Determines whether a secure

 

 

connection between the phone and a Cisco Unified CM should occur; and, if

 

 

necessary, creates a secure signaling path between the entities by using TLS

 

 

protocol. Cisco Unified CM will not register phones unless they can be

 

 

authenticated by the Cisco Unified CM.

 

 

File authentication

Validates digitally signed files that the phone downloads. The phone validates

 

 

the signature to make sure that file tampering did not occur after the file creation.

 

 

Files that fail authentication are not written to Flash memory on the phone. The

 

 

phone rejects such files without further processing.

 

 

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling

 

 

packets during transmission.

 

 

Manufacturing installed certificate

Each Cisco Unified IP Phone contains a unique manufacturing installed

 

 

certificate (MIC), which is used for device authentication. The MIC is a

 

 

permanent unique proof of identity for the phone, and allows Cisco Unified CM

 

 

to authenticate the phone.

 

 

Secure SRST reference

After you configure a SRST reference for security and then reset the dependent

 

 

devices in Cisco Unified CM Administration, the TFTP server adds the SRST

 

 

certificate to the phone cnf.xml file and sends the file to the phone. A secure

 

 

phone then uses a TLS connection to interact with the SRST-enabled router.

 

 

Media encryption

Uses SRTP to ensure that the media streams between supported devices proves

 

 

secure and that only the intended device receives and reads the data. Includes

 

 

creating a media master key pair for the devices, delivering the keys to the

 

 

devices, and securing the delivery of the keys while the keys are in transport.

 

 

Signaling encryption

Ensures that all SCCP signaling messages that are sent between the device and

 

 

the Cisco Unified CM server are encrypted.

 

 

CAPF (Certificate Authority Proxy

Implements parts of the certificate generation procedure that are too

Function)

 

processing-intensive for the phone, and interacts with the phone for key

 

 

generation and certificate installation. The CAPF can be configured to request

 

 

certificates from customer-specified certificate authorities on behalf of the

 

 

phone, or it can be configured to generate certificates locally.

 

 

 

Security profiles

 

Defines whether the phone is nonsecure or encrypted. See the “Understanding

 

 

Security Profiles” section on page 1-13for more information.

 

 

Encrypted configuration files

Lets you ensure the privacy of phone configuration files.

 

 

Optional disabling of the web server

You can prevent access to a phone’s web page, which displays a variety of

functionality for a phone

operational statistics for the phone. See the “Disabling and Enabling Web Page

 

 

Access” section on page 8-3.

 

 

 

 

Cisco Unified IP Phone 8941 and 8945 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)

1-12

OL-20851-01

Image 24
Contents Americas Headquarters Text Part Number OL-20851-01Page N T E N T S Power Outage 802.1X Authentication and Status Troubleshooting and Maintenance Cable Specifications C-2 Network and Access Port Pinouts C-2 Viii Overview AudienceOrganization Chapter DescriptionCisco Unified Communications Manager Administration Related DocumentationCisco Unified IP Phone 8900 Series Cisco Unified Communications Manager Business EditionDocument Conventions Cisco Product Security OverviewConvention Description Boldface fontImportant Safety Instructions An Overview of the Cisco Unified IP Phone Understanding the Cisco Unified IP Phones 8941 Features on the Cisco Unified IP Phone 8941 What Networking Protocols are Used? Networking Protocol Purpose Usage NotesDynamic Host Configuration Protocol chapter Authentication on Cisco Unified IP Phones sectionCDP DhcpSee the LLDP-MED and Cisco Discovery Protocol Nologieswhitepaper0900aecd804cd46d.shtmlSIP Communications Manager Security Guide Chapter in the Cisco Unified CommunicationsManager System Guide Related TopicsFeature Overview Configuring Telephony FeaturesRelated Topic Understanding Security Features for Cisco Unified IP Phones Providing Users with Feature InformationRefer to the Troubleshooting Guide for Cisco Unified Topic ReferenceCommunications Manager Overview of Supported Security Features Feature DescriptionAccess section on Security Profiles section on page 1-13for more informationConfiguration Menu section on Understanding Security ProfilesIdentifying Encrypted Phone Calls Unified IP Phones section on page 1-16for more informationEstablishing and Identifying Secure Audio Conference Calls Feature Used Initiator’s PhoneResults of Action Supporting 802.1X Authentication on Cisco Unified IP Phones OverviewSecurity Restrictions Configuring Cisco Unified IP Phones in Cisco Unified CM Purpose For More Information Communications Manager Administration Guide Communications Manager Administration Guide, CiscoCisco Communications Manager Communications Manager Administration Guide, End Task Purpose For More InformationUnified Communications Manager Installing Cisco Unified IP Phones See the Providing Power to the Cisco Unified IP PhoneSee the Installing the Cisco Unified IP Phone section See the Footstand section onRefer to Cisco Unified IP Phone 8941 and 8945 User Guide for Cisco Unified Communications ManagerUser Guide Administration and System Guides Terminology DifferencesA P T E R Related Topic Providing Power to the Cisco Unified IP Phone Understanding the Phone Startup Process, Network Setup Menu,Power Guidelines Power OutagePower Type Guidelines Understanding Phone Configuration Files Obtaining Additional Information about PowerResolving Startup Problems, Understanding the Phone Startup ProcessPurpose Related Topics Adding Phones to the Cisco Unified CM DatabaseRefer to the Cisco Unified Communications Manager Adding Phones to the Cisco Unified CM Database Adding Phones with Auto-RegistrationRequires MAC Method Address? TapsAdding Phones with Auto-Registration and Taps Adding Phones with Cisco Unified CM Administration Adding Phones with BATDetermining the MAC Address for a Cisco Unified IP Phone OL-20851-01 Before You Begin Network RequirementsCisco Unified Communications Manager Configuration Network and Access PortsNetwork and Access Ports, Handset, Speakerphone, Headset, Handset SpeakerphoneHeadset Audio Quality Subjective to the User Installing the Cisco Unified IP Phone See the Network and Access Ports section onSee the Headset section on page 3-3for supported See the Adding Phones to the Cisco Unified CMCisco Unified IP Phone 8941 and 8945 Cable Connections Reducing Power Consumption on the Phone FootstandChapter Footstand Higher Viewing Angle Verifying the Phone Startup Process Lower Viewing AngleHold Mute Speaker Configuring Startup Network Settings Configuring Security on the Cisco Unified IP PhoneBefore You Begin Procedure Configuring Settings on the Cisco Unified IP Phone Configuration Menus on the Cisco Unified IP PhoneDisplaying a Configuration Menu Select Administrator SettingsUnlocking and Locking Options, Editing Values, Network Setup Menu, IPv4 Setup Menu Options, Unlocking and Locking OptionsEditing Values Network Setup Menu Option Description To ChangeSelect Configuration PC VlanDevice Phone Phone IPv4 Setup Menu Options Related Topics Security Configuration Menu 802.1X Authentication and StatusDevice Phone Phone Configuration Trust List MenuChoose Applications Administrator Settings Security ConfigAuthentication Device Authentication Settings Security SetupOL-20851-01 Configuring Features, Templates, Services, and Users Feature Description Configuration Reference Choose System Service Parameter and selectSet Builtin Bridge Enable to On Configuration System Enterprise Phone Configuration Device Device SettingsCommon Phone Profile Features and Services Guide, Cisco Call Features and Services Guide, Call DisplayAdministration Guide, Directory Number Forward Maximum Hop Count service parameterServices Guide, Call Park and Directed Call Services Guide, Monitoring and RecordingUnderstanding Directory Numbers ParkSystem Guide, Understanding Directory NumbersUnified Communications Manager Features Services GuideServices Guide, Cisco Web Dialer CMCServices Guide, Immediate Divert Services Guide, Do Not DisturbFeature, see the Cisco Unified Communications Manager Features and Services Guide, HoldAdministration Guide, Hunt Group Communications Manager Feature Services Guide, IntercomRefer to Cisco Unified Communications Manager System Guide, Cisco Unified IPFeatures and Services Guide, Malicious Administration Guide, Message WaitingServices Guide, Music On Hold Features and Services Guide Barge Administration Guide, Phone ButtonFeatures and Services Guide, Quality Unified IP Phone 8941 and 8945 User GuideOverview of Supported Security Features Administration Guide, ConferenceBridge Configuration Creating Custom Phone Rings sectionServices Administration Guide, Time Period Bridge Configuration chapter Administration Guide, Cisco Voice-MailPort Configuration Join and Direct Transfer PolicyConfiguring Corporate and Personal Directories Configuring Corporate DirectoriesConfiguring Personal Directory Modifying Phone Button Templates SynchronizerFor PAB, enter the following URL Configuring Softkey Templates Supported as aDND Setting Up Services Adding Users to Cisco Unified Communications Manager Giving Users Access to the User Options Web Pages Managing the User Options Web PagesClick Add Selected Click Device Association Enter the appropriate search criteria and click FindClick Save Selected/Changes Chapter Managing the User Options Web Pages Chapter Managing the User Options Web Pages Customizing and Modifying Configuration Files Customizing the Cisco Unified IP PhoneCreating Custom Phone Rings DistinctiveRingList File Format RequirementsConfiguring a Custom Phone Ring PCM File Requirements for Custom Ring TypesConfiguring the Idle Display Field Description OL-20851-01 Model Information Screen Model Information Screen, Status Menu,Status Menu Status Messages ScreenSelect Status Messages Phones with Cisco Unified CM Administration Network Setup Menu section on page 4-4forAddress. See the Network Setup Menu section Message Description Possible Explanation and ActionNetwork Setup Menu section on Menu section on page 4-4for detailsSetup Menu section on page 4-4for details on Network Statistics Screen Select Status Network StatisticsDhcp Disabled Dhcp RebootDhcp Waiting Coldboot Timeout SET Dhcp ColdbootCall Statistics Screen Select Call StatisticsVoice Quality Metrics MOS LQKSecurity Configuration Select Administrator Settings Select Security SetupMonitoring the Cisco Unified IP Phone Remotely Accessing the Web Page for a Phone Http//IPaddressDisabling and Enabling Web Page Access Device InformationChoose Device Phone Network Setup UDIDescription Description Network Statistics Lldp Device Logs Streaming StatisticsStream Streaming Statistics Configuring Settings on the Cisco Unified IP Phone chapter Troubleshooting and Maintenance Resolving Startup ProblemsChapter Resolving Startup Problems Identifying Error Messages Verifying DNS Settings Choose Tools Control Center Feature ServicesSymptom Cisco Unified IP Phone Unable to Obtain IP Address Cisco Unified IP Phone Resets Unexpectedly Verifying Dhcp SettingsVerifying the Physical Connection Identifying Intermittent Network OutagesChecking Static IP Address Settings Verifying the Voice Vlan ConfigurationVerifying that the Phones Have Not Been Intentionally Reset Eliminating DNS or Other Connectivity ErrorsTroubleshooting Cisco Unified IP Phone Security Checking Power ConnectionProblem Possible Cause General Troubleshooting Tips Summary Explanation Locking Options section on page 4-3 for detailsHalfduxcollisionexceedthreshold Resetting or Restoring the Cisco Unified IP Phone Performing a Basic ResetPerforming a Factory Reset Operation Performing ExplanationMonitoring the Voice Quality of Calls Troubleshooting Tips Metric Change ConditionWhere to Go for More Troubleshooting Information Cleaning the Cisco Unified IP PhoneChapter Cleaning the Cisco Unified IP Phone Providing Information to Users Via a Website How Users Access a Voice Messaging System How Users Configure Personal Directory Entries Installing the SynchronizerConfiguring the Synchronizer Programs Cisco Systems TabSyncInstalling the Cisco Unified CM Locale Installer Support for International Call LoggingOL-20851-01 Physical and Operating Environment Specifications Specification Value or RangeCable Specifications Network and Access Port PinoutsNetwork Port Connector Pin Number FunctionAccess Port Connector OL-20851-01 Basic Phone Administration Steps Example User Information for these ProceduresAdding a User to Cisco Unified CM Adding a User From an External Ldap DirectoryChoose System Ldap Ldap Directory Click Perform Full Sync NowConfiguring the Phone Proceed to the section Configuring the Phone, page D-3Example doe Appendix Configuring the Phone Appendix Configuring the Phone Performing Final End User Configuration Steps Choose User Management End UserClick Device Associations Protocol Features Sccp SIPAppendix EFT Draft Cisco Confidential Tool Numerics IN-2 IN-3 IN-4 LLDP-MED IN-5MIC Cast CDP Dhcp Http Rtcp RTP Sccp SIP Srtp TCP Tftp TLS UDPIN-7 Srst Srtp IN-8IN-9 Vlan
Related manuals
Manual 42 pages 53.39 Kb