Supported Security Features
Feature
Customer-site certificate
installation
Device authentication
File authentication
Signaling Authentication
Manufacturing installed
certificate
Secure Cisco Unified SRST
reference
Media encryption
Signaling encryption by using
TLS
Cisco Unified Wireless IP Phone 7925G, 7925G-EX, and 7926G Administration Guide
16
Description
Authenticates each Cisco Unified IP Phone by using a unique certificate.
Phones include a manufacturing installed certificate (MIC), but for
additional security, you can specify in Cisco Unified Communications
Manager Administration that a certificate be installed by using the
Certificate Authority Proxy Function (CAPF). Alternatively, you can install
a locally significant certificate (LSC) from the Security Configuration
menu on the phone. See
Set Up Phone Security Certificate
information.
Occurs between the Cisco Unified Communications Manager server and
the phone when each entity accepts the certificate of the other entity.
Determines whether a secure connection between the phone and a
Cisco Unified Communications Manager should occur, and, if necessary,
creates a secure signaling path between the entities using TLS protocol.
Cisco Unified Communications Manager will not register phones unless
authenticated by the Cisco Unified Communications Manager.
Validates digitally signed files that the phone downloads. The phone
validates the signature to make sure that file tampering did not occur after
the file creation. Files that fail authentication are not written to Flash
memory on the phone. The phone rejects such files without further
processing.
Uses the TLS protocol to validate that no tampering has occurred to
signaling packets during transmission.
Each Cisco Unified IP Phone contains a unique manufacturing installed
certificate (MIC), which is used for device authentication. The MIC is a
permanent unique proof of identity for the phone, and allows Cisco Unified
Communications Manager to authenticate the phone.
After you configure a Cisco Unified Survivable Remote Site Telephony
(SRST) reference for security and then reset the dependent devices in
Cisco Unified Communications Manager Administration, the TFTP server
adds the SRST certificate to the phone cnf.xml file and sends the file to
the phone. A secure phone then uses a TLS connection to interact with the
SRST-enabled router.
Uses SRTP to ensure that the media streams between supported devices
proves secure and that only the intended device receives and reads the
data. Includes creating a media master key pair for the devices, delivering
the keys to the devices, and securing the delivery of the keys while the
keys are in transport.
Ensures that all SCCP signaling messages that are sent between the device
and the Cisco Unified Communications Manager server are encrypted.
Cisco Unified Wireless IP Phone
for more
Друкувати сторінку