Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding Security Features for Cisco Unified IP Phones

Table 1-3 Cisco Unified IP Phones and Cisco Unified Communications Manager Security Topics (continued)

Topic

Reference

 

 

Cisco Extension Mobility HTTPS support

See What Networking Protocols are Used?, page 1-5

 

 

802.1X Authentication for Cisco Unified IP

See these sections:

Phones

Supporting 802.1X Authentication on Cisco

 

 

Unified IP Phones, page 1-19

 

Security Configuration Menu, page 4-32

 

Status Menu, page 8-2

 

Troubleshooting Cisco Unified IP Phone

 

Security, page 9-9

 

 

Overview of Supported Security Features

 

 

 

Table 1-4provides an overview of the security features that the Cisco Unified IP Phones support. For

 

 

 

more information about these features and about Cisco Unified Communications Manager and

 

 

 

Cisco Unified IP Phone security, see Cisco Unified Communications Manager Security Guide.

 

 

 

For information about current security settings on a phone, choose Settings > Security Configuration

 

 

 

and choose Settings > Device Configuration > Security Configuration. For more information, see

 

 

 

Security Configuration Menu, page 4-32.

 

 

 

 

 

 

Note

Most security features are available only if a certificate trust list (CTL) is installed on the phone. For

 

 

 

more information about the CTL, see Configuring the Cisco CTL Client in Cisco Unified

 

 

 

Communications Manager Security Guide.

 

 

 

 

Table 1-4

Overview of Security Features

 

 

 

 

 

Feature

 

 

 

Description

 

 

 

Image authentication

 

Signed binary files (with the extension .sbn) prevent tampering with the firmware image

 

 

 

 

before it is loaded on a phone. Tampering with the image causes a phone to fail the

 

 

 

 

authentication process and reject the new image.

 

 

Customer-site certificate

Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones

installation

 

 

 

include a manufacturing installed certificate (MIC), but for additional security, you can

 

 

 

 

specify in Cisco Unified Communications Manager Administration that a certificate be

 

 

 

 

installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can

 

 

 

 

install a Locally Significant Certificate (LSC) from the Security Configuration menu on the

 

 

 

 

phone. See Configuring Security on the Cisco Unified IP Phones, page 3-15for more

 

 

 

 

information.

 

 

 

Device authentication

 

Occurs between the Cisco Unified Communications Manager server and the phone when each

 

 

 

 

entity accepts the certificate of the other entity. Determines whether a secure connection

 

 

 

 

between the phone and a Cisco Unified Communications Manager should occur, and if

 

 

 

 

necessary, creates a secure signaling path between the entities by using TLS protocol. Cisco

 

 

 

 

Unified Communications Manager will not register phones unless they can be authenticated

 

 

 

 

by the Cisco Unified Communications Manager.

 

 

 

 

 

 

 

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

 

 

 

 

 

 

OL-23091-01

 

 

1-13

 

 

 

 

 

Page 27
Image 27
Cisco Systems 8.6 manual Overview of Supported Security Features, Feature Description