Chapter 1 An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Table 1-3

Overview of Security Features

 

 

 

Feature

 

Description

 

 

Image authentication

Signed binary files (with the extension .sbn) prevent tampering with the firmware

 

 

image before it is loaded on a phone. Tampering with the image causes a phone to

 

 

fail the authentication process and reject the new image.

 

 

Customer-site certificate installation

Each Cisco Unified IP Phone requires a unique certificate for device

 

 

authentication. Phones include a manufacturing installed certificate (MIC), but for

 

 

additional security, you can specify in Cisco Unified Communications Manager

 

 

Administration that a certificate be installed by using the CAPF (Certificate

 

 

Authority Proxy Function). Alternatively, you can install an LSC from the Security

 

 

Configuration menu on the phone. See the “Configuring Security on the Cisco

 

 

Unified IP Phone” section on page 3-12for more information.

 

 

Device authentication

Occurs between the Cisco Unified Communications Manager server and the phone

 

 

when each entity accepts the certificate of the other entity. Determines whether a

 

 

secure connection between the phone and a Cisco Unified Communications

 

 

Manager should occur, and, if necessary, creates a secure signaling path between

 

 

the entities using TLS protocol. Cisco Unified Communications Manager does not

 

 

register phones unless they can be authenticated by the

 

 

Cisco Unified Communications Manager.

 

 

File authentication

Validates digitally signed files that the phone downloads. The phone validates the

 

 

signature to make sure that file tampering did not occur after the file creation. Files

 

 

that fail authentication are not written to Flash memory on the phone. The phone

 

 

rejects such files without further processing.

 

 

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling

 

 

packets during transmission.

 

 

Manufacturing installed certificate

Each Cisco Unified IP Phone contains a unique manufacturing installed certificate

 

 

(MIC), which is used for device authentication. The MIC is a permanent unique

 

 

proof of identity for the phone, and allows Cisco Unified Communications

 

 

Manager to authenticate the phone.

 

 

Secure SRST reference

After you configure a SRST reference for security and then reset the dependent

(SCCP phones only)

devices in Cisco Unified Communications Manager Administration, the TFTP

server adds the SRST certificate to the phone cnf.xml file and sends the file to the

 

 

 

 

phone. A secure phone then uses a TLS connection to interact with the

 

 

SRST-enabled router.

 

 

Media encryption

Uses SRTP to ensure that the media streams between supported devices proves

 

 

secure and that only the intended device receives and reads the data. Includes

 

 

creating a media master key pair for the devices, delivering the keys to the devices,

 

 

and securing the delivery of the keys while the keys are in transport.

 

 

Signaling encryption

Ensures that all SCCP signaling messages that are sent between the device and the

(SCCP phones only)

Cisco Unified Communications Manager server are encrypted.

 

 

 

CAPF (Certificate Authority Proxy

Implements parts of the certificate generation procedure that are too

Function)

 

processing-intensive for the phone, and it interacts with the phone for key

 

 

generation and certificate installation. The CAPF can be configured to request

 

 

certificates from customer-specified certificate authorities on behalf of the phone,

 

 

or it can be configured to generate certificates locally.

 

 

 

 

 

Cisco Unified IP Phone 7970G/7971G-GE Administration Guide for Cisco Unified Communications Manager 7.0

 

 

 

 

 

 

OL-15299-01

 

 

1-11

 

 

 

 

 

Page 24 Page 26
Page 25
Image 25
Cisco Systems 7971G-GE, 7970G manual Feature Description, Unified IP Phone section on page 3-12for more information
Page 24 Page 26

7970G, 7971G-GE specifications

The Cisco Systems 7971G-GE is a sophisticated IP phone designed for enterprise communication, offering a range of features that enhance productivity and collaboration. As part of the Cisco Unified Communications portfolio, this phone is known for its impressive technology and reliable performance.

One of the main features of the 7971G-GE is its high-resolution color display. The 5-inch LCD screen provides users with a visually appealing and intuitive interface, allowing for easy navigation through menus and contacts. The phone supports up to six lines, making it ideal for users who require multiple lines for simultaneous calls. Users can effortlessly manage calls with the ability to switch between lines and access important call features like hold, transfer, and conference calling.

In terms of audio quality, the Cisco 7971G-GE is equipped with high-definition voice technology. This feature ensures crystal-clear sound during calls, reducing background noise and enhancing the clarity of conversations. The phone also supports wideband audio codecs, enabling a richer voice experience that is particularly valuable in business environments.

The phone is designed with user convenience in mind. It offers programmable buttons that can be customized to suit individual needs, allowing easy access to frequently used functions or contact lists. Additionally, the presence indicator feature lets users see the availability of their colleagues in real-time, promoting more effective communication and collaboration.

Networking capabilities are another strong point of the Cisco 7971G-GE. The phone supports both Power over Ethernet (PoE) and standard Ethernet connectivity. This enables easy deployment without the need for additional power outlets. Moreover, the device is compatible with various Cisco communication platforms, integrating seamlessly with existing Cisco infrastructure, which is essential for businesses looking to upgrade their communications systems.

Security is a crucial consideration for modern enterprises, and Cisco addresses this with robust encryption features that protect voice and video calls. The phone supports secure signaling and media encryption, ensuring that sensitive conversations remain confidential.

Overall, the Cisco Systems 7971G-GE is a feature-rich IP phone that combines advanced technology with user-friendly design. Its high-definition audio, customizable features, and seamless integration with Cisco networks make it a popular choice for businesses seeking to improve their communication systems. With its reliability and performance, the Cisco 7971G-GE continues to support effective collaboration in an increasingly connected world.
Top Page Image Contents