Setting System Features

Setting Security Features

TLS Record Protocol -- layered on top of a reliable transport protocol, such as SIP or TCH, it ensures that the connection is private by using symmetric data encryption and it ensures that the connection is reliable.

TLS Handshake Protocol -- allows authentication between the server and client and the negotiation of an encryption algorithm and cryptographic keys before the application protocol transmits or receives any data.

TLS is application protocol-independent. Higher-level protocols such as SIP can layer on top of the TLS protocol transparently.

SPA9x2 phones use UDP as a standard for SIP transport, but they also support SIP over TLS for added security.

To enable TLS for a SPA9x2 phone:

1.Log in to the SPA9x2 phone’s administration web browser.

2.Click Ext 1, then scroll to the SIP Settings section.

3.Select TLS from the SIP Transport drop-down box.

4.Click Submt All Changes.

SRTP and Securing Calls

Secure Real-Time Transport Protocol (SRTP) is a secure protocol for transporting real-time data over networks. SPA9x2 phones use SRTP to securely send and receive real-time voice traffic from other phones and gateways.

SRTP provides media encryption to ensure that media streams between devices are secure and that only the intended devices receive and read the data.

When a call is secure, the voice conversation is encrypted so that others cannot eavesdrop on the conversation. To enable this feature the SPA9x2 phone must have a mini-certificate installed.

The supplementary service Secure All Calls (*16)—Defaults to prefer to use encrypted media (voice codecs). Audio packets in both directions of outbound calls are encrypted using SRTP.

To use Secure Call on an extension, you must configure Mini Certificate and SRTP Private Key for that extension. These parameters appear on the Ext tabs (see ”Subscriber Information Parameters” section on page 102).

Secure Call Service is defined in the Phone tab (see ”Supplementary Services Parameters” section on page 89). Secure Call Service activates Linksys secure encryption of RTP streams between the two endpoints. You can disable this if the other endpoint (or gateway) does not support this Linksys proprietary method.

Users can enter *18 to Secure Next Call—Uses encrypted media for the next outbound call (on this call appearance only). This star code is redundant if all outbound calls are secure by default.

Linksys SPA9x2 Phone Administration Guide

36

Page 43
Image 43
Linksys SPA922, SPA962, SPA942, SPA932 manual Srtp and Securing Calls