1-14
Cisco Unified IP Phone 7931G Administration Guide for Cisco Unified Communications Manager 8.0 (SCCP and SIP)
OL-20798-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Related Topics
• Understanding Security Profiles, page 1-14
• Identifying Authenticated, Encrypted, and Protected Phone Calls, page 1-15
• Establishing and Identifying Secure Conference Calls, page 1-15
• Supporting 802.1X Authentication on Cisco Unified IP Phones, page 1-18
• Security Restrictions, page 1-19
• Device Configuration Menu, page 4-17
Understanding Security Profiles
Cisco Unified IP Phones that support Cisco Unified CM 7.0 use a security profile, which defines whether
the phone is nonsecure, authenticated, or encrypted. For information about configuring the security
profile and applying the profile to the phone, see the Cisco Unified Communications Manager Security
Guide.
Signaling encryption Ensures that all SCCP and SIP signaling messages that are sent between the device and the
Cisco Unified CM server are encrypted.
CAPF (Certificate
Authority Proxy Function)
Implements parts of the certificate generation procedure that are too processing-intensive for the
phone, and it interacts with the phone for key generation and certificate installation. The CAPF
can be configured to request certificates from customer-specified certificate authorities on
behalf of the phone, or it can be configured to generate certificates locally.
Security profiles Defines whether the phone is nonsecure, authenticated, encrypted or protected. For more
information, see Understanding Security Profiles, page 1-14.
Encrypted configuration
files
Lets you ensure the privacy of phone configuration files.
Optional disabling of the
web server functionality
for a phone
You can prevent access to a phone’s web page, which displays a variety of operational statistics
for the phone.
Phone hardening Additional security options, which you control from Cisco Unified CM Administration:
• Disabling PC port
• Disabling Gratuitous ARP (GARP)
• Disabling PC Voice VLAN access
• Disabling access to the Setting menus, or providing restricted access that allows access to
the User Preferences menu and saving volume changes only
• Disabling access to web pages for a phone.
Note You can view current settings for the PC Port Disabled, GARP Enabled, and Voice
VLAN enabled options by looking at the phone’s Security Configuration menu. For
more information, see Device Configuration Menu, page 4-17.
802.1X Authentication The Cisco Unified IP Phone can use 802.1X authentication to request and gain access to the
network. For more information, see Supporting 802.1X Authentication on Cisco Unified
IP Phones, page 1-18.
Table 1-4 Overview of Security Features (continued)
Feature Description