Security Enhancements for Your Phone Network
You can enable Cisco Unified Communications Manager 11.5(1) or later version to operate in an enhanced security environment. With these enhancements, your phone network operates under a set of strict security and risk management controls to protect you and your users.
The enhanced security environment includes the following features:
-
Contact search authentication.
-
TCP as the default protocol for remote audit logging.
-
FIPS mode.
-
An improved credentials policy.
-
Support for the SHA-2 family of hashes for digital signatures.
-
Support for a RSA key size of 512 and 4096 bits.
Note |
Your Cisco IP Phone can only store a limited number of Identity Trust List (ITL) files. ITL files cannot exceed 64K limit on phone so limit the number of files that the Cisco Unified Communications Manager sends to the phone. |
SIP OAuth Support
SIP OAuth mode allows you to use OAuth refresh tokens for phone authentication.
Cisco Unified Communications Manager (Unified CM) verifies the token presented by the phone and serves the configuration files only to authorized ones. OAuth token validation during SIP registration is completed when OAuth-based authorization is enabled on Unified CM cluster and Cisco IP phones.
Cisco IP phones support SIP OAuth authentication on Proxy Trivial File Transfer Protocol (TFTP) and Cisco Unified Survivable Remote Site Telephony (SRST).
-
SIP OAuth on TFTP requirements:
-
Cisco Unified Communications Manager Release 14.0(1)SU1 or later
-
Cisco IP Phone Firmware Release 14.1(1) or later
Note
Proxy TFTP and OAuth for Proxy TFTP aren't supported on Mobile Remote Access (MRA).
-
-
SIP OAuth on SRST requirements:
-
Cisco Unified Communications Manager 14.0(1)SU1 or later
-
Cisco IP Phone Firmware Release 14.2(1) or later
-
Cisco SRST Software Release: IOS XE 17.8.1a or later
-
Cisco SRST Hardware Models: ISR1100, ISR43xx, ISR44xx, Catalyst 8200, or Catalyst 8300 platform
-
For information about how to configure SIP OAuth, see SIP OAuth Mode in Security Guide for Cisco Unified Communications Manager.
Where to Find More Information about Phone Security
For additional information about security, see the following:
-
Security Guide for Cisco Unified Communications Manager (https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/14SU2/cucm_b_security-guide-14su2.html)
-
Cisco Unified SCCP and SIP SRST System Administration Guide (https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cusrst/admin/sccp_sip_srst/configuration/guide/SCCP_and_SIP_SRST_Admin_Guide/srst_roadmap.html)
-
System Configuration Guide for Cisco Unified Communications Manager, Release 14.0(1) or later (https://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-installation-and-configuration-guides-list.html).
-
Cisco IP Phone 7800 and 8800 Series Security Overview (https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-8800-series/white-paper-listing.html)