Information Technology Reference
In-Depth Information
Cisco IP phones support the following security modes:
■
Nonsecure mode:
In this mode, a Cisco IP phone does not support secure calls.
■
Authenticated mode:
A Cisco IP phone does support authenticated calls.
■
Encrypted mode:
A Cisco IP phone does support encrypted calls.
After authentication and encryption have been enabled in a Cisco IP telephony network, it is possible to secure voice signaling and
media traffic.
To secure voice media traffic, it is also necessary to secure voice signaling because the keys that are used to secure voice media are
exchanged using voice signaling messages.
Skinny Client Control Protocol (SCCP) and Session Initiation Protocol (SIP) messages sent between Cisco IP phones and Cisco
CUCM can be authenticated and encrypted. And to protect voice media RTP packets, Secure RTP (SRTP, RFC 3711) can be used.
SRTP provides a framework for encryption and authentication of RTP streams. SRTP takes advantage of cryptographic algorithms
such AES and HMAC-SHA1.
Figure 7-3
illustrates how SCCP voice signaling and RTP media traffic can be secured using SCCP over Transport Layer Security
(TLS) and SRTP.
FIguRE 7-3
Securing Voice
Signaling and Media
Using SCCP over TLS
and SRTP.
CUCM
SCCP
over TLS
SCCP
over TLS
V
SRTP
