Filter
Top Products
1-18
Cisco Unified IP Phone 8961, 9951, and 9971 Administration Guide for Cisco Unified Communications Manager 8.5 (SIP)
OL-20861-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Related Topics
• Identifying Secure (Encrypted) Phone Calls, page 1-19
• Security Restrictions, page 1-23
CAPF (Certificate Authority Proxy
Function)
Implements parts of the certificate generation procedure that are too
processing-intensive for the phone, and interacts with the phone for key generation and
certificate installation. The CAPF can be configured to request certificates from
customer-specified certificate authorities on behalf of the phone, or it can be
configured to generate certificates locally.
Security profiles Defines whether the phone is nonsecure, authenticated, encrypted, or protected. See
Table 1-6, which provides an overview of the security features that the Cisco Unified
IP Phone 9971 supports. For more information about these features and about
Cisco Unified Communications Manager and Cisco Unified IP Phone security, refer to
the Cisco Unified Communications Manager Security Guide.
Encrypted configuration files Lets you ensure the privacy of phone configuration files.
Optional disabling of the web
server functionality for a phone
For security purposes, you can prevent access to a phone’s web page (which displays
a variety of operational statistics for the phone) and user options pages. For more
information, see the “Enabling and Disabling Web Page Access” section on page 11-3.
Phone hardening Additional security options, which you control from Cisco Unified Communications
Manager Administration:
• Disabling PC port
• Disabling Gratuitous ARP (GARP)
• Disabling PC Voice VLAN access
• Disabling access to the Setting menus, or providing restricted access that allows
access to the Preferences menu and saving volume changes only
• Disabling access to web pages for a phone
• Disabling Bluetooth Accessory Port
802.1X Authentication The Cisco Unified IP Phone can use 802.1X authentication to request and gain access
to the network. See the “Supporting 802.1X Authentication on Cisco Unified IP
Phones” section on page 1-22 for more information.
Secure SIP Failover for SRST After you configure an SRST reference for security and then reset the dependent
devices in Cisco Unified CM Administration, the TFTP server adds the SRST
certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then
uses a TLS connection to interact with the SRST-enabled router.
Signaling encryption Ensures that all SCCP and SIP signaling messages that are sent between the device and
the Cisco Unified CM server are encrypted.
Table 1-6 Overview of Security Features (continued)
Feature Description