Filter
Top Products
1-13
Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager 8.6 (SCCP and SIP)
OL-23091-01
Chapter 1 An Overview of the Cisco Unified IP Phones
Understanding Security Features for Cisco Unified IP Phones
Overview of Supported Security Features
Table 1-4 provides an overview of the security features that the Cisco Unified IP Phones support. For
more information about these features and about Cisco Unified Communications Manager and
Cisco
Unified IP Phone security, see Cisco Unified Communications Manager Security Guide.
For information about current security settings on a phone, choose Settings > Security Configuration
and choose Settings > Device Configuration > Security Configuration. For more information, see
Security Configuration Menu, page 4-32.
Note Most security features are available only if a certificate trust list (CTL) is installed on the phone. For
more information about the CTL, see
Configuring the Cisco CTL Client in Cisco Unified
Communications Manager Security Guide.
Cisco Extension Mobility HTTPS support See What Networking Protocols are Used?, page 1-5
802.1X Authentication for Cisco Unified IP
Phones
See these sections:
• Supporting 802.1X Authentication on Cisco
Unified IP Phones, page 1-19
• Security Configuration Menu, page 4-32
• Status Menu, page 8-2
• Troubleshooting Cisco Unified IP Phone
Security, page 9-9
Table 1-3 Cisco Unified IP Phones and Cisco Unified Communications Manager Security
Topics (continued)
Topic Reference
Ta b l e 1-4 Overview of Security Features
Feature Description
Image authentication Signed binary files (with the extension .sbn) prevent tampering with the firmware image
before it is loaded on a phone. Tampering with the image causes a phone to fail the
authentication process and reject the new image.
Customer-site certificate
installation
Each Cisco Unified IP Phone requires a unique certificate for device authentication. Phones
include a manufacturing installed certificate (MIC), but for additional security, you can
specify in Cisco Unified
Communications Manager Administration that a certificate be
installed by using the Certificate Authority Proxy Function (CAPF). Alternatively, you can
install a Locally Significant Certificate (LSC) from the Security Configuration menu on the
phone. See
Configuring Security on the Cisco Unified IP Phones, page 3-15 for more
information.
Device authentication Occurs between the Cisco Unified Communications Manager server and the phone when each
entity accepts the certificate of the other entity. Determines whether a secure connection
between the phone and a Cisco Unified Communications Manager should occur, and if
necessary, creates a secure signaling path between the entities by using TLS protocol. Cisco
Unified Communications Manager will not register phones unless they can be authenticated
by the Cisco Unified
Communications Manager.