Linksys SPA942 Telephone User Manual


 
Linksys SPA9x2 Phone Administration Guide 36
Setting Security Features
Setting System Features
TLS Record Protocol -- layered on top of a reliable transport protocol, such as SIP or TCH,
it ensures that the connection is private by using symmetric data encryption and it
ensures that the connection is reliable.
TLS Handshake Protocol -- allows authentication between the server and client and the
negotiation of an encryption algorithm and cryptographic keys before the application
protocol transmits or receives any data.
TLS is application protocol-independent. Higher-level protocols such as SIP can layer on top of
the TLS protocol transparently.
SPA9x2 phones use UDP as a standard for SIP transport, but they also support SIP over TLS for
added security.
To enable TLS for a SPA9x2 phone:
1. Log in to the SPA9x2 phone’s administration web browser.
2. Click Ext 1, then scroll to the SIP Settings section.
3. Select TLS from the SIP Transport drop-down box.
4. Click Submt All Changes.
SRTP and Securing Calls
Secure Real-Time Transport Protocol (SRTP) is a secure protocol for transporting real-time data
over networks. SPA9x2 phones use SRTP to securely send and receive real-time voice traffic
from other phones and gateways.
SRTP provides media encryption to ensure that media streams between devices are secure and
that only the intended devices receive and read the data.
When a call is secure, the voice conversation is encrypted so that others cannot eavesdrop on
the conversation. To enable this feature the SPA9x2 phone must have a mini-certificate
installed.
The supplementary service Secure All Calls (*16)—Defaults to prefer to use encrypted media
(voice codecs). Audio packets in both directions of outbound calls are encrypted using SRTP.
To use Secure Call on an extension, you must configure Mini Certificate and SRTP Private Key for
that extension. These parameters appear on the Ext tabs (see ”Subscriber Information
Parameters” section on page 102).
Secure Call Service is defined in the Phone tab (see ”Supplementary Services Parameters”
section on page 89). Secure Call Service activates Linksys secure encryption of RTP streams
between the two endpoints. You can disable this if the other endpoint (or gateway) does not
support this Linksys proprietary method.
Users can enter *18 to Secure Next Call—Uses encrypted media for the next outbound call (on
this call appearance only). This star code is redundant if all outbound calls are secure by default.