1-13
Cisco Unified IP Phone 7906G and 7911G Administration Guide for Cisco Unified CallManager
OL-10008-01
Chapter 1 An Overview of the Cisco Unified IP Phone
Understanding Security Features for Cisco Unified IP Phones
Table 1-3 Overview of Security Features
Feature Description
Image authentication Signed binary files (with the extension .sbn) prevent
tampering with the firmware image before it is loaded on a
phone. Tampering with the image causes a phone to fail the
authentication process and reject the new image.
Customer-site certificate installation Each Cisco Unified IP Phone requires a unique certificate for
device authentication. Phones include a manufacturing
installed certificate (MIC), but for additional security, you
can specify in Cisco Unified CallManager Administration
that a certificate be installed by using the Certificate
Authority Proxy Function (CAPF). Alternatively, you can
install an Locally Significant Certificate (LSC) from the
Security Configuration menu on the phone. See the
“Configuring Security on the Cisco Unified IP Phone”
section on page 3-17 for more information.
Device authentication Occurs between the Cisco Unified CallManager server and
the phone when each entity accepts the certificate of the other
entity. Determines whether a secure connection between the
phone and a Cisco Unified CallManager should occur, and, if
necessary, creates a secure signaling path between the entities
using TLS protocol. Cisco Unified CallManager will not
register phones configured in authenticated or encrypted
mode unless they can be authenticated by the
Cisco Unified CallManager. Phones in non-secure mode are
not authenticated because no TLS session is established.
File authentication Validates digitally-signed files that the phone downloads.
The phone validates the signature to make sure that file
tampering did not occur after the file creation. Files that fail
authentication are not written to Flash memory on the phone.
The phone rejects such files without further processing.
Signaling Authentication Uses the TLS protocol to validate that no tampering has
occurred to signaling packets during transmission.
