Overview Of Supported Security Features - Cisco IP Phone Administration Manual

Chapter 1 An Overview of the Cisco Unified IP Phones
Table 1-3
Topic
Cisco Extension Mobility HTTPS support
802.1X Authentication for Cisco Unified IP
Phones

Overview of Supported Security Features

Table 1-4
more information about these features and about Cisco Unified Communications Manager and
Cisco Unified IP Phone security, see Cisco Unified Communications Manager Security Guide.
For information about current security settings on a phone, choose Settings > Security Configuration
and choose Settings > Device Configuration > Security Configuration. For more information, see
Security Configuration Menu, page
Most security features are available only if a certificate trust list (CTL) is installed on the phone. For
Note
more information about the CTL, see
Communications Manager Security Guide.
Table 1-4 Overview of Security Features
Feature
Image authentication
Customer-site certificate
installation
Device authentication
OL-23091-01
Cisco Unified IP Phones and Cisco Unified Communications Manager Security
Topics (continued)
provides an overview of the security features that the Cisco Unified IP Phones support. For
Description
Signed binary files (with the extension .sbn) prevent tampering with the firmware image
before it is loaded on a phone. Tampering with the image causes a phone to fail the
authentication process and reject the new image.
Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones
include a manufacturing installed certificate (MIC), but for additional security, you can
specify in Cisco Unified Communications Manager Administration that a certificate be
installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can
install a Locally Significant Certificate (LSC) from the Security Configuration menu on the
phone. See Configuring Security on the Cisco Unified IP Phones, page 3-15
information.
Occurs between the Cisco Unified Communications Manager server and the phone when each
entity accepts the certificate of the other entity. Determines whether a secure connection
between the phone and a Cisco Unified Communications Manager should occur, and if
necessary, creates a secure signaling path between the entities by using TLS protocol. Cisco
Unified Communications Manager will not register phones unless they can be authenticated
by the Cisco Unified Communications Manager.
Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)
Understanding Security Features for Cisco Unified IP Phones
Reference
What Networking Protocols are Used?, page 1-5
See
See these sections:
Supporting 802.1X Authentication on Cisco
•
Unified IP Phones, page 1-19
Security Configuration Menu, page 4-32
•
Status Menu, page 8-2
•
• Troubleshooting Cisco Unified IP Phone
Security, page 9-9
4-32.
Configuring the Cisco CTL Client

in Cisco Unified
for more
1-13