Configuring Security, Quality, and Network Features
Setting Security Features
Cisco Small Business SPA 300 Series, SPA 500 Series, and WIP310 IP Phone Administration Guide 117
5
SIP Initial INVITE and MWI Challenge
SIP INVITE (initial) and MWI message in a session can be challenged by the
endpoint. The purpose of this challenge is to restrict the SIP servers that are
permitted to interact with the devices on the service provider network, which
significantly increases the security of the VoIP network by preventing malicious
attacks against the device.
To configure SIP INVITE challenge:
STEP 1 Log in to the configuration utility.
STEP 2 Click Admin Login and advanced.
STEP 3 Click Ext <number>, then scroll to the
SIP Settings
section.
STEP 4 In the Auth INVITE field, choose yes.
STEP 5 Click Submit All Changes.
SIP Over TLS
Transport layer security (TLS) is a standard protocol for securing and
authenticating communications over the Internet.
SIP Over TLS eliminates the possibility of malicious activity by encrypting the SIP
messages by the SIP proxy of the service provider and the end user. SIP Over TLS
relies on the widely-deployed and standardized Transport Layer Security (TLS)
protocol. Note that SIP Over TLS encrypts only the signaling messages and not
the media. A separate secure protocol such as Secure Real-Time Transport
Protocol (SRTP) (see below) can be used to encrypt voice packets.
The TLS protocol has two layers:
• TLS Record Protocol -- layered on top of a reliable transport protocol, such
as SIP or TCH, it ensures that the connection is private by using symmetric
data encryption and it ensures that the connection is reliable.
• TLS Handshake Protocol -- allows authentication between the server and
client and the negotiation of an encryption algorithm and cryptographic
keys before the application protocol transmits or receives any data.
TLS is application protocol-independent. Higher-level protocols such as SIP can
layer on top of the TLS protocol transparently.
To Next Page
Loading...
