Configuring Security, Quality, and Network Features
Setting Security Features
Cisco Small Business SPA300 Series, SPA500 Series, and WIP310 IP Phone Administration Guide
Network Standard
DHCP option 60
DHCP option 66
DHCP option 125
DHCP option 150
DHCP option 158
DHCP option 159
DHCP option 160
Challenging SIP Initial INVITE and MWI Messages
The SIP INVITE (initial) and Message Waiting Indication (MWI) messages in a
session can be challenged by the endpoint. The challenge restricts the SIP
servers that are permitted to interact with the devices on a service provider
network. This significantly increases the security of the VoIP network by
preventing malicious attacks against the device.
To configure SIP INVITE challenge, navigate to Admin Login > advanced > Voice >
Ext_n. Under SIP Settings in the Auth INVITE field, choose yes.
Encrypting Signaling with SIP Over TLS
Transport Layer Security (TLS) is a standard protocol for securing and
authenticating communications over the Internet. SIP Over TLS encrypts the SIP
messages between the service provider SIP proxy and the end user. SIP Over
TLS encrypts only the signaling messages, not the media. A protocol such as
Secure Real-Time Transport Protocol (SRTP) can be used to encrypt voice
packets (see
Securing Voice Traffic with
TLS has two layers:
•
TLS Record Protocol--layered on a reliable transport protocol, such as SIP
or TCH, it ensures that the connection is private by using symmetric data
encryption and it ensures that the connection is reliable.
Vendor class identifier
TFTP server name
Vendor-Identifying Vendor-Specific
Information
TFTP server
SRTP).
5
149