Manualshelf

Installation guide

ManualsBrandsCisco ManualsComputer equipment7921
11121314151617181920
Chapter 1 An Overview of the Cisco Unified Wireless IP Phone 7921G
Understanding Security Features for Cisco Unified IP Phones
1-12
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified CallManager Release 4.1, 4.2, 5.0
OL-10802-01
Table 1-2 Overview of Security Features
Feature Description
Image authentication Signed binary files (with the extension .sbn) prevent tampering with
the firmware image before it is loaded on a phone. Tampering with
the image causes a phone to fail the authentication process and
reject the new image.
Customer-site certificate
installation
Each Cisco Unified IP Phone requires a unique certificate for device
authentication. Phones include a manufacturing installed certificate
(MIC), but for additional security, you can specify in Cisco
Unified CallManager Administration that a certificate be installed
by using the Certificate Authority Proxy Function (CAPF).
Alternatively, you can install an LSC (locally significant certificate)
from the Security Configuration menu on the phone. See the
“Configuring the Security Certificate on the Phone” section on
page 5-17 for more information.
Device authentication Occurs between the Cisco Unified CallManager server and the
phone when each entity accepts the certificate of the other entity.
Determines whether a secure connection between the phone and a
Cisco Unified CallManager should occur, and, if necessary, creates
a secure signaling path between the entities using TLS protocol.
Cisco Unified CallManager will not register phones unless they can
be authenticated by the Cisco Unified CallManager.
File authentication Validates digitally-signed files that the phone downloads. The
phone validates the signature to make sure that file tampering did
not occur after the file creation. Files that fail authentication are not
written to Flash memory on the phone. The phone rejects such files
without further processing.
Signaling Authentication Uses the TLS protocol to validate that no tampering has occurred to
signaling packets during transmission.
Manufacturing installed
certificate
Each Cisco Unified IP Phone contains a unique manufacturing
installed certificate (MIC), which is used for device authentication.
The MIC is a permanent unique proof of identity for the phone, and
allows Cisco Unified CallManager to authenticate the phone.