Installation guide
1-13
Cisco Unified Wireless IP Phone 7921G Administration Guide for Cisco Unified CallManager Release 4.1, 4.2, 5.0
OL-10802-01
Chapter 1 An Overview of the Cisco Unified Wireless IP Phone 7921G
Understanding Security Features for Cisco Unified IP Phones
Secure SRST reference After you configure a SRST reference for security and then reset the
dependent devices in Cisco Unified CallManager Administration,
the TFTP server adds the SRST certificate to the phone cnf.xml file
and sends the file to the phone. A secure phone then uses a TLS
connection to interact with the SRST-enabled router.
Media encryption Uses SRTP to ensure that the media streams between supported
devices proves secure and that only the intended device receives and
reads the data. Includes creating a media master key pair for the
devices, delivering the keys to the devices, and securing the delivery
of the keys while the keys are in transport.
Signaling encryption Ensures that all SCCP signaling messages that are sent between the
device and the Cisco Unified CallManager server are encrypted.
CAPF (Certificate Authority
Proxy Function)
Implements parts of the certificate generation procedure that are too
processing-intensive for the phone, and it interacts with the phone
for key generation and certificate installation. The CAPF can be
configured to request certificates from customer-specified
certificate authorities on behalf of the phone, or it can be configured
to generate certificates locally.
Security profiles Defines whether the phone is non-secure, authenticated, or
encrypted. See the “Understanding Security Profiles” section on
page 1-14 for more information.
Encrypted configuration files Lets you ensure the privacy of phone configuration files.
Table 1-2 Overview of Security Features (continued)
Feature Description