Supported Security Features
Table 19: Overview of Security Features
Feature
Image authentication
Customer-site certificate installation
Device authentication
File authentication
Signaling Authentication
Manufacturing installed certificate
Cisco IP Phone 7800 Series Administration Guide for Cisco Unified Communications Manager
74
Cisco IP Phone Administration
Description
Signed binary files (with the extension .sbn) prevent
tampering with the firmware image before it is loaded
on a phone. Tampering with the image causes a phone
to fail the authentication process and reject the new
image.
Each Cisco IP Phone requires a unique certificate for
device authentication. Phones include a manufacturing
installed certificate (MIC), but for additional security,
you can specify in Cisco Unified Communications
Manager Administration that a certificate be installed
by using the Certificate Authority Proxy Function
(CAPF). Alternatively, you can install a Locally
Significant Certificate (LSC) from the Security
Configuration menu on the phone.
Occurs between the Cisco Unified Communications
Manager server and the phone when each entity
accepts the certificate of the other entity. Determines
whether a secure connection between the phone and
a Cisco Unified Communications Manager should
occur; and, if necessary, creates a secure signaling
path between the entities by using TLS protocol. Cisco
Unified Communications Manager will not register
phones unless they can be authenticated by the Cisco
Unified Communications Manager.
Validates digitally signed files that the phone
downloads. The phone validates the signature to make
sure that file tampering did not occur after the file
creation. Files that fail authentication are not written
to Flash memory on the phone. The phone rejects such
files without further processing.
Uses the TLS protocol to validate that no tampering
has occurred to signaling packets during transmission.
Each Cisco IP Phone contains a unique manufacturing
installed certificate (MIC), which is used for device
authentication. The MIC is a permanent unique proof
of identity for the phone, and allows Cisco Unified
Communications Manager to authenticate the phone.