Supported Security Features - Cisco Unified IP Phone 8941 Administration Manual

Supported Security Features

Supported Security Features
Implementing security in the Cisco Unified Communications Manager system prevents identity theft of the
phone and Cisco Unified Communications Manager server, prevents data tampering, and prevents call signaling
and media stream tampering.
To alleviate these threats, the Cisco IP telephony network establishes and maintains secure communication
streams between a phone and the server, digitally signs files before they are transferred to a phone, and encrypts
media streams and call signaling between Cisco Unified IP phones.
The Cisco Unified IP Phone 8941 and 8945 use the Phone security profile, which defines whether the device
is nonsecure or encrypted. For information on applying the security profile to the phone, see the Cisco Unified
Communications Manager Security Guide.
If you configure security-related settings in Cisco Unified Communications Manager Administration, the
phone configuration file contains sensitive information. To ensure the privacy of a configuration file, you
configure it for encryption. For detailed information, see the "Configuring Encrypted Phone Configuration
Files" chapter in Cisco Unified Communications Manager Security Guide.
All Cisco Unified IP Phones that support Cisco Unified Communications Manager use a security profile,
which defines whether the phone is nonsecure or secure.
For information about configuring the security profile and applying the profile to the phone, see the Cisco
Unified Communications Manager Security Guide.
The following table provides an overview of the security features that the Cisco Unified IP Phone 8941 and
8945 support. For more information about these features and about Cisco Unified Communications Manager
and Cisco Unified IP Phone security, see Cisco Unified Communications Manager Security Guide.
For information about current security settings on a phone, choose Applications > Administrator Settings
> Security Setup.
Most security features are available only if a certificate trust list (CTL) is installed on the phone. For more
Note
information about the CTL, see "Configuring the Cisco CTL Client" chapter in Cisco Unified
Communications Manager Security Guide.
Table 11: Overview of Security Features
Feature
Image authentication
Customer-site certificate installation
Cisco Unified IP Phone 8941 and 8945 Administration Guide for Cisco Unified Communications Manager 10.0
(SCCP and SIP)
70
Description
Signed binary files (with the extension .sgn) prevent tampering with the firmware
image before it is loaded on a phone. Tampering with the image causes a phone
to fail the authentication process and reject the new image.
Each Cisco Unified IP Phone requires a unique certificate for device authentication.
Phones include a manufacturing installed certificate (MIC), but for additional
security, you can specify in Cisco Unified Communications Manager Administration
that a certificate be installed by using the Certificate Authority Proxy Function
(CAPF). Alternatively, you can install a Locally Significant Certificate (LSC) from
the Security Configuration menu on the phone.