1-13
Cisco IP Phone Administration Guide for Cisco CallManager, Cisco IP Phone 7961G/7961G-GE and 7941G/7941G-GE
OL-6966-01
Chapter 1 An Overview of the Cisco IP Phone
Understanding Security Features for Cisco IP Phones
Note Most security features are available only if a certificate trust list (CTL) is installed
on the phone. For more information about the CTL, refer to the
Cisco CallManager Security Guide.
• Image authentication—Signed binary files (with the extension.sbn) prevent
tampering with the firmware image before it is loaded on a phone. Tampering
with the image causes a phone to fail the authentication process and reject the
new image.
• Customer-site certificate installation—Each Cisco IP Phone requires a
unique certificate for device authentication. Phones include a manufacturing
installed certificate, but for additional security, you can specify in Cisco
CallManager Administration that a certificate be installed by using the CAPF.
Alternatively, you can initiate the installation of an LSC from the Security
Configuration menu on the phone.
• Device authentication—Occurs between the Cisco CallManager server and
the phone when each entity accepts the certificate of the other entity.
Determines whether a secure connection between the phone and a
Cisco CallManager should occur, and, if necessary, creates a secure signaling
path between the entities using TLS protocol. Cisco CallManager will not
register phones unless they can be authenticated by the Cisco CallManager.
• File authentication—Validates digitally-signed files that the phone
downloads. The phone validates the signature to make sure that file
tampering did not occur after the file creation. Files that fail authentication
are not written to Flash memory on the phone. The phone rejects such files
without further processing.
• Signaling Authentication—Uses the TLS protocol to validate that no
tampering has occurred to signaling packets during transmission.
• Manufacturing installed certificate—Each Cisco IP Phone contains a unique
manufacturing installed certificate (MIC), which is used for device
authentication. The MIC is a permanent unique proof of identity for the
phone, and allows Cisco CallManager to authenticate the phone.
To Next Page
Loading...
Need help?
General
