Overview Of Supported Security Features - Cisco 6901 Administration Manual

Unified ip phone communications manager 8.6 (sccp and sip)

Hide thumbs Also See for 6901:

User manual (62 pages)

User giude (54 pages)

Manual (28 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

Table of Contents

Understanding Security Features for Cisco Unified IP Phones

Overview of Supported Security Features

Table 1-5

support. For more information about these features and about Cisco Unified Communications Manager

and Cisco Unified IP Phone security, refer to Cisco Unified Communications Manager Security Guide.

Note

Most security features are available only if a certificate trust list (CTL) is installed on the phone. For

more information about the CTL, refer to "Configuring the Cisco CTL Client" chapter in Cisco Unified

Communications Manager Security Guide.

Table 1-5

Overview of Security Features

Feature

Image authentication

Customer-site certificate installation

Device authentication

File authentication

Signaling Authentication

Manufacturing installed certificate

Cisco Unified IP Phone 6901 and 6911 Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)

1-12

provides an overview of the security features that the Cisco Unified IP Phone 6901 and 6911

Description

Signed binary files (with the extension .zz.sgn) prevent tampering with the firmware

image before it is loaded on a phone. Tampering with the image causes a phone to

fail the authentication process and reject the new image.

Each Cisco Unified IP Phone requires a unique certificate for device authentication.

Phones include a manufacturing installed certificate (MIC), but for additional

security, you can specify in Cisco Unified Communications Manager

Administration that a certificate be installed by using the Certificate Authority

Proxy Function (CAPF). See the

Phone" section on page 3-10

Occurs between the Cisco Unified Communications Manager server and the phone

when each entity accepts the certificate of the other entity. Determines whether a

secure connection between the phone and a Cisco Unified Communications

Manager should occur and, if necessary, creates a secure signaling path between the

entities by using TLS protocol. Cisco Unified Communications Manager will not

Unified Communications Manager.

Validates digitally signed files that the phone downloads. The phone validates the

signature to make sure that file tampering did not occur after the file creation. Files

that fail authentication are not written to Flash memory on the phone. The phone

rejects such files without further processing.

Uses the TLS protocol to validate that no tampering has occurred to signaling

packets during transmission.

Each Cisco Unified IP Phone contains a unique manufacturing installed certificate

(MIC), which is used for device authentication. The MIC is a permanent unique

proof of identity for the phone, and allows Cisco Unified Communications Manager

to authenticate the phone.

Chapter 1

An Overview of the Cisco Unified IP Phone

"Configuring Security on the Cisco Unified IP

for more information.

OL-24582-01

Table of Contents

Show Quick Links

Quick Links:
Performing a Factory Reset

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

6911

Overview Of Supported Security Features - Cisco 6901 Administration Manual

Overview of Supported Security Features

Hide quick links:

Troubleshooting

Related Manuals for Cisco 6901

Related Content for Cisco 6901

This manual is also suitable for:

Table of Contents