Chapter 1 An Overview of the Cisco Unified IP Phones

Understanding Security Features for Cisco Unified IP Phones

Table 1-4

Overview of Security Features (continued)

 

 

 

Feature

 

Description

 

 

File authentication

Validates digitally signed files that the phone downloads. The phone validates the signature to

 

 

make sure that file tampering did not occur after file creation. Files that fail authentication are

 

 

not written to Flash memory on the phone. The phone rejects such files without further

 

 

processing.

 

 

Signaling Authentication

Uses the TLS protocol to validate that no tampering has occurred to signaling packets during

 

 

transmission.

 

 

Manufacturing installed

Each Cisco Unified IP Phone contains a unique manufacturing installed certificate (MIC),

certificate

 

which is used for device authentication. The MIC is a permanent, unique proof of identity for

 

 

the phone, and allows Cisco Unified Communications Manager to authenticate the phone.

 

 

Secure SRST reference

After you configure an SRST reference for security and then reset the dependent devices in

 

 

Cisco Unified Communications Manager Administration, the TFTP server adds the SRST

 

 

certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then uses

 

 

a TLS connection to interact with the SRST-enabled router.

 

 

Media encryption

Uses SRTP to ensure that the media streams between supported devices proves secure and that

 

 

only the intended device receives and reads the data. Includes creating a media master key pair

 

 

for the devices, delivering the keys to the devices, and securing the delivery of the keys while

 

 

the keys are in transport.

 

 

Signaling encryption

Ensures that all SCCP and SIP signaling messages that are sent between the device and the

 

 

Cisco Unified Communications Manager server are encrypted.

 

 

CAPF (Certificate Authority

Implements parts of the certificate generation procedure that are too processing-intensive for

Proxy Function)

 

the phone, and interacts with the phone for key generation and certificate installation. The

 

 

CAPF can be configured to request certificates from customer-specified certificate authorities

 

 

on behalf of the phone, or it can be configured to generate certificates locally.

 

 

 

Security profiles

 

Defines whether the phone is nonsecure, authenticated, encrypted, or protected. See

 

 

Understanding Security Profiles, page 1-15for more information.

 

 

Encrypted configuration

Lets you ensure the privacy of phone configuration files.

files

 

 

 

 

Optional disabling of the

You can prevent access to a phone’s web page, which displays a variety of operational

web server functionality for

statistics for the phone.

a phone

 

 

 

 

 

 

Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-14

OL-23091-01

Page 27 Page 29
Page 28
Image 28
Cisco Systems 8.6 manual Feature Description
Page 27 Page 29
Top Page Image Contents