Chapter 1 An Overview of the Cisco Unified IP Phone

Understanding Security Features for Cisco Unified IP Phones

Table 1-3

Overview of Security Features

 

 

 

 

 

Feature

 

Description

 

 

 

 

Image authentication

Signed binary files (with the extension .sbn) prevent tampering with

 

 

 

the firmware image before it is loaded on a phone. Tampering with

 

 

 

the image causes a phone to fail the authentication process and

 

 

 

reject the new image.

 

 

 

 

Customer-site certificate

Each Cisco Unified IP Phone requires a unique certificate for device

 

installation

 

authentication. Phones include a manufacturing installed

 

 

 

certificate, but for additional security, you can specify in Cisco

 

 

 

Unified CallManager Administration that a certificate be installed

 

 

 

by using the CAPF. Alternatively, you can initiate the installation

 

 

 

of an LSC from the Security Configuration menu on the phone.

 

 

 

 

Device authentication

Occurs between the Cisco Unified CallManager server and the

 

 

 

phone when each entity accepts the certificate of the other entity.

 

 

 

Determines whether a secure connection between the phone and a

 

 

 

Cisco Unified CallManager should occur, and, if necessary, creates

 

 

 

a secure signaling path between the entities using TLS protocol.

 

 

 

Cisco Unified CallManager will not register phones unless they can

 

 

 

be authenticated by the Cisco Unified CallManager.

 

 

 

 

File authentication

Validates digitally-signed files that the phone downloads. The

 

 

 

phone validates the signature to make sure that file tampering did

 

 

 

not occur after the file creation. Files that fail authentication are not

 

 

 

written to Flash memory on the phone. The phone rejects such files

 

 

 

without further processing.

 

 

 

 

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to

 

 

 

signaling packets during transmission.

 

 

 

 

Manufacturing installed

Each Cisco Unified IP Phone contains a unique manufacturing

 

certificate

 

installed certificate (MIC), which is used for device authentication.

 

 

 

The MIC is a permanent unique proof of identity for the phone, and

 

 

 

allows Cisco Unified CallManager to authenticate the phone.

 

 

 

 

Media encryption

Uses SRTP to ensure that the media streams between supported

 

 

 

devices proves secure and that only the intended device receives

 

 

 

and reads the data. Includes creating a media master key pair for the

 

 

 

devices, delivering the keys to the devices, and securing the

 

 

 

delivery of the keys while the keys are in transport.

 

 

 

 

 

 

Cisco Unified IP Phone Administration Guide for Cisco Unified CallManager 5.1 (SIP), Cisco Unified IP Phones

 

 

 

 

OL-11524-01

 

 

 

1-15

 

 

 

 

Page 48 Page 50
Page 49
Image 49
Cisco Systems 7970G manual Feature Description
Page 48 Page 50
Top Page Image Contents