Securing Cisco IP phone communications is important that helps organizations protect trade secrets and facilitate business and compliance requirements. Cisco IP phones support secure communication for both control and data channels. The security that is incorporated into Cisco IP phones includes the encryption and authentication of signaling communications between the Cisco IP phones and the Cisco Unified Communications Manager. Moreover, Cisco Unified Communications Manager supports encryption, authentication, and anti-replay protection of the voice packets that are exchanged between Cisco IP phones.
Voice is secured utilizing Secure Real-Time Transport Protocol (SRTP), which exchanges keying material through signaling sessions. Signaling is secured using TLS or VPNs. Given the various methodologies for securing voice communication, certificates can play an important role in the authentication of voice endpoints. Moreover, administrators should utilize Locally Significant Certificates (LSC) on Cisco IP phones whenever possible. USB security tokens, used for Certificate Trust List (CTL) installation on the Cisco Unified Communications Manager in secure mode, must also be securely stored. The key sizes and algorithms that are used in the above protocols also need to be of acceptable security for today’s technology.
For more information on how to secure Cisco IP Phone communications, refer to our Cisco IP Phone Certificates and Secure Communications whitepaper.
The whitepaper summarizes the basic security and encryption features that are supported by Cisco IP phones, Cisco Unified Communications Manager servers, and related Cisco voice products. Furthermore, it is intended to provide best practices for enabling securely-encrypted Unified Communications frameworks.