Cisco Unified Ip Phone 8961, 9951, And 9971 Administration Guide For Cisco Unified Communications Manager - Cisco 9971 Administration Manual

Supported Security Features
Feature
CAPF (Certificate Authority Proxy
Function)
Security profile
Encrypted configuration files
Optional web server disabling for a
phone
Phone hardening
802.1X Authentication
Secure SIP Failover for SRST
Signaling encryption
The Security Setup menu provides information about various security settings. The menu also provides access
to the Trust List menu and indicates whether the CTL or ITL file is installed on the phone.
The following table describes the options in the Security Setup menu.

Cisco Unified IP Phone 8961, 9951, and 9971 Administration Guide for Cisco Unified Communications Manager

10.0
162
Description
Implements parts of the certificate generation procedure that are too processing-intensive
for the phone, and interacts with the phone for key generation and certificate installation.
The CAPF can be configured to request certificates from customer-specified certificate
authorities on behalf of the phone, or it can be configured to generate certificates locally.
Defines whether the phone is nonsecure, authenticated, encrypted, or protected. Other entries
in this table describe security features. For more information about these features, about
Cisco Unified Communications Manager, and about Cisco Unified IP Phone security, see
the Cisco Unified Communications Manager Security Guide.
Lets you ensure the privacy of phone configuration files.
For security purposes, you can prevent access to the web pages for a phone (which display
a variety of operational statistics for the phone) and User Options web pages. For more
information, see Control Phone Web Page Access, on page
Additional security options, which you control from Cisco Unified Communications Manager
Administration:
• Disabling PC port
• Disabling Gratuitous ARP (GARP)
• Disabling PC Voice VLAN access
• Disabling access to the Setting menus, or providing restricted access that allows access
to the Preferences menu and saving volume changes only
• Disabling access to web pages for a phone
• Disabling Bluetooth Accessory Port
The Cisco Unified IP Phone can use 802.1X authentication to request and gain access to the
network. See 802.1X Authentication, on page 171
After you configure a Survivable Remote Site Telephony (SRST) reference for security and
then reset the dependent devices in Cisco Unified Communications Manager Administration,
the TFTP server adds the SRST certificate to the phone cnf.xml file and sends the file to the
phone. A secure phone then uses a TLS connection to interact with the SRST-enabled router.
Ensures that all SIP signaling messages that are sent between the device and the Cisco Unified
Communications Manager server are encrypted.
237.
for more information.