Supported Security Features
The following table provides an overview of the security features that the Cisco Unified IP Phone 7975G,
7971G-GE, 7970G, 7965G, and 7945G supports. For more information about these features and about
Cisco Unified Communications Manager and Cisco Unified IP Phone security, see the
Cisco
Unified Communications Manager Security Guide
.
For information about current security settings on a phone, look at the Security Configuration menus on the
phone (choose
Settings
>
Security Configuration
and choose
Settings
>
Device Configuration
>
Security
Configuration
).
Most security features are available only if a CTL is installed on the phone. For more information about
the CTL, see the
“
Configuring the Cisco CTL Client
”
chapter in the
Cisco Unified Communications
Manager Security Guide
.
Note
Table 4: Overview of security features
Description
Feature
Signed binary files (with the extension .sbn) prevent tampering with the
firmware image before it loads on a phone. Tampering with the image
causes a phone to fail the authentication process and reject the new image.
Image authentication
Each Cisco Unified IP Phone requires a unique certificate for device
authentication. Phones include a manufacturing installed certificate (MIC),
but for additional security, you can specify in Cisco
Unified Communications Manager Administration that a certificate be
installed by using the CAPF (Certificate Authority Proxy Function).
Alternatively, you can install a Locally Significant Certificate (LSC) from
the Security Configuration menu on the phone.
Customer-site certificate
installation
Occurs between the Cisco Unified Communications Manager server and
the phone when each entity accepts the certificate of the other entity.
Determines whether a secure connection between the phone and a
Cisco Unified Communications Manager should occur, and, if necessary,
creates a secure signaling path between the entities that use TLS protocol.
Cisco Unified Communications Manager does not register phones unless
it can authenticate them.
Device authentication
Validates digitally signed files that the phone downloads. The phone
validates the signature to make sure that file tampering did not occur after
file creation. Files that fail authentication are not written to Flash memory
on the phone. The phone rejects such files without further processing.
File authentication
Uses the TLS protocol to validate that no tampering has occurred to
signaling packets during transmission.
Signaling authentication
Cisco Unified IP Phone 7975G, 7971G-GE, 7970G, 7965G, and 7945G Administration Guide for Cisco Unified
Communications Manager 9.0 (SCCP and SIP)
15
Cisco Unified IP Phone
Supported Security Features