DescriptionFeature
Implements parts of the certificate generation procedure that are too processing-intensive
for the phone, and interacts with the phone for key generation and certificate installation.
The CAPF can be configured to request certificates from customer-specified certificate
authorities on behalf of the phone, or it can be configured to generate certificates locally.
CAPF (Certificate Authority Proxy
Function)
Defines whether the phone is nonsecure, authenticated, encrypted, or protected. Other entries
in this table describe security features.
Security profile
Lets you ensure the privacy of phone configuration files.Encrypted configuration files
For security purposes, you can prevent access to the web pages for a phone (which display
a variety of operational statistics for the phone) and Self Care Portal.
Optional web server disabling for a
phone
Additional security options, which you control from Cisco Unified Communications Manager
Administration:
•
Disabling PC port
•
Disabling Gratuitous ARP (GARP)
•
Disabling PC Voice VLAN access
•
Disabling access to the Setting menus, or providing restricted access that allows access
to the Preferences menu and saving volume changes only
•
Disabling access to web pages for a phone
•
Disabling Bluetooth Accessory Port
Phone hardening
The Cisco IP Phone can use 802.1X authentication to request and gain access to the network.
See 802.1X Authentication, on page 108 for more information.
802.1X Authentication
After you configure a Survivable Remote Site Telephony (SRST) reference for security and
then reset the dependent devices in Cisco Unified Communications Manager Administration,
the TFTP server adds the SRST certificate to the phone cnf.xml file and sends the file to the
phone. A secure phone then uses a TLS connection to interact with the SRST-enabled router.
Secure SIP Failover for SRST
Ensures that all SIP signaling messages that are sent between the device and the Cisco Unified
Communications Manager server are encrypted.
Signaling encryption
When the Trust List updates on the phone, the Cisco Unified Communications Manager
receives an alarm to indicate the success or failure of the update. See the following table for
more information.
Trust List update alarm
Cisco IP Phone 8800 Series Administration Guide for Cisco Unified Communications Manager
86
Supported Security Features
To Next Page
Loading...
Need help?
General
