Linksys SPA942 Telephone User Manual


 
Linksys SPA9x2 Phone Administration Guide 35
Setting Security Features
Setting System Features
3
Setting System Features
Use the System tab to enable web server access, set security features, the debug server, and
VLAN settings. See the following sections:
”Setting Security Features” section on page 35
”Ensuring Voice Quality” section on page 37
”Setting System Features” section on page 40
”Setting System Configuration Information” section on page 41
”Setting Internet, IP and PPPoE Information” section on page 42
”Setting Optional Network Parameters” section on page 43
”Configuring VLAN Settings” section on page 44
Setting Security Features
The following features help ensure that your SPA9x2 calls are secure and authenticated.
”SIP Initial INVITE and MWI Challenge” section on page 35
”SIP Over TLS” section on page 35
”SRTP and Securing Calls” section on page 36
SIP Initial INVITE and MWI Challenge
SIP INVITE (initial) and MWI message in a session can be challenged by the endpoint. The
purpose of this challenge is to restrict the SIP servers that are permitted to interact with the
devices on the service provider network, which significantly increases the security of the VoIP
network by preventing malicious attacks against the device.
In addition, the Auth INVITE option for Lines 1 and 2 enables the challenging of incoming initial
SIP INVITE requests.
SIP Over TLS
Transport layer security (TLS) is a standard protocol for securing and authenticating
communications over the Internet.
SIP Over TLS eliminates the possibility of malicious activity by encrypting the SIP messages by
the SIP proxy of the service provider and the end user. SIP Over TLS relies on the widely-
deployed and standardized Transport Layer Security (TLS) protocol. Note that SIP Over TLS
encrypts only the signaling messages and not the media. A separate secure protocol such as
Secure Real-Time Transport Protocol (SRTP) (see below) can be used to encrypt voice packets.
The TLS protocol has two layers: