Chapter 1 An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Overview of Supported Security Features

Table 1-5provides an overview of the security features that the Cisco Unified IP Phone 6901 and 6911 support. For more information about these features and about Cisco Unified Communications Manager and Cisco Unified IP Phone security, refer to Cisco Unified Communications Manager Security Guide.

 

Note

 

Most security features are available only if a certificate trust list (CTL) is installed on the phone. For

 

 

 

more information about the CTL, refer to “Configuring the Cisco CTL Client” chapter in Cisco Unified

 

 

 

Communications Manager Security Guide.

 

 

 

 

 

Table 1-5

Overview of Security Features

 

 

 

 

 

 

Feature

 

 

 

Description

 

 

 

 

Image authentication

 

Signed binary files (with the extension .zz.sgn) prevent tampering with the firmware

 

 

 

 

image before it is loaded on a phone. Tampering with the image causes a phone to

 

 

 

 

fail the authentication process and reject the new image.

 

 

 

Customer-site certificate installation

Each Cisco Unified IP Phone requires a unique certificate for device authentication.

 

 

 

 

Phones include a manufacturing installed certificate (MIC), but for additional

 

 

 

 

security, you can specify in Cisco Unified Communications Manager

 

 

 

 

Administration that a certificate be installed by using the Certificate Authority

 

 

 

 

Proxy Function (CAPF). See the “Configuring Security on the Cisco Unified IP

 

 

 

 

Phone” section on page 3-10for more information.

 

 

 

 

Device authentication

 

Occurs between the Cisco Unified Communications Manager server and the phone

 

 

 

 

when each entity accepts the certificate of the other entity. Determines whether a

 

 

 

 

secure connection between the phone and a Cisco Unified Communications

 

 

 

 

Manager should occur; and, if necessary, creates a secure signaling path between the

 

 

 

 

entities by using TLS protocol. Cisco Unified Communications Manager will not

 

 

 

 

register phones unless they can be authenticated by the Cisco

 

 

 

 

Unified Communications Manager.

 

 

 

 

File authentication

 

Validates digitally signed files that the phone downloads. The phone validates the

 

 

 

 

signature to make sure that file tampering did not occur after the file creation. Files

 

 

 

 

that fail authentication are not written to Flash memory on the phone. The phone

 

 

 

 

rejects such files without further processing.

 

 

 

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling

 

 

 

 

packets during transmission.

 

 

 

Manufacturing installed certificate

Each Cisco Unified IP Phone contains a unique manufacturing installed certificate

 

 

 

 

(MIC), which is used for device authentication. The MIC is a permanent unique

 

 

 

 

proof of identity for the phone, and allows Cisco Unified Communications Manager

 

 

 

 

to authenticate the phone.

 

 

 

 

 

 

 

 

Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.5 (SCCP and SIP)

 

 

 

 

 

 

OL-23874-01

 

 

1-13

 

 

 

 

 

Page 25
Image 25
Cisco Systems 6901 manual Overview of Supported Security Features, Feature Description

6901 specifications

Cisco Systems 6901 is a versatile, compact, and powerful router designed to meet the networking needs of small to medium-sized businesses, as well as enterprise branch offices. This model is part of Cisco's ISR (Integrated Services Router) portfolio, which is known for its capability to integrate multiple services into a single platform, ensuring high efficiency and cost-effectiveness.

One of the main features of the Cisco 6901 is its ability to support advanced routing protocols, including RIP, EIGRP, OSPF, and BGP. This versatility allows for seamless integration into various network architectures, facilitating efficient communication and data transfer across multiple locations. The device is also built to handle high-bandwidth applications, making it an ideal choice for businesses that rely on robust network performance.

In terms of connectivity, Cisco 6901 offers multiple Ethernet ports, supporting both 10/100/1000 Mbps speeds. This ensures that users can connect a variety of devices, ranging from office computers to network printers, all while maintaining optimal network performance. Additionally, the router supports both LAN and WAN interfaces, providing flexibility in deployment options.

Security is a crucial aspect of networking, and the Cisco 6901 does not disappoint in this regard. It comes equipped with advanced security features, including firewall capabilities, intrusion prevention, and VPN support. These features ensure that sensitive business data is protected from unauthorized access, while also providing secure remote access for employees.

Another essential characteristic of the Cisco 6901 is its support for various multimedia applications. The router comes with Quality of Service (QoS) features that prioritize voice, video, and data traffic, ensuring high-quality performance for applications such as VoIP and video conferencing. This is particularly valuable in today's business landscape, where effective communication is critical for success.

The Cisco 6901 is also designed for ease of management and configuration. It features a user-friendly interface that simplifies the setup process, along with comprehensive monitoring tools that enable administrators to keep an eye on network performance and address any issues proactively.

In summary, the Cisco Systems 6901 is a powerful, feature-rich router that combines advanced routing capabilities with robust security measures and multimedia support. Its flexibility, ease of management, and comprehensive service integration make it an excellent choice for businesses seeking to enhance their networking infrastructure. With the Cisco 6901, organizations can achieve efficient communication, secure data exchange, and high-performance network operations, positioning themselves well for future growth.