Cisco SPA525G Administration Guide - Page 118

6 Configuring Security, Quality, and Network Features Setting Security Features In addition, the Auth INVITE option for Lines 1 and 2 enables the challenging of incoming initial SIP INVITE requests. SIP Over TLS Transport layer security (TLS) is a standard protocol for securing and authenticating communications over the Internet. SIP Over TLS eliminates the possibility of malicious activity by encrypting the SIP messages by the SIP proxy of the service provider and the end user. SIP Over TLS relies on the widely-deployed and standardized Transport Layer Security (TLS) protocol. Note that SIP Over TLS encrypts only the signaling messages and not the media. A separate secure protocol such as Secure Real-Time Transport Protocol (SRTP) (see below) can be used to encrypt voice packets. The TLS protocol has two layers: • TLS Record Protocol -- layered on top of a reliable transport protocol, such as SIP or TCH, it ensures that the connection is private by using symmetric data encryption and it ensures that the connection is reliable. • TLS Handshake Protocol -- allows authentication between the server and client and the negotiation of an encryption algorithm and cryptographic keys before the application protocol transmits or receives any data. TLS is application protocol-independent. Higher-level protocols such as SIP can layer on top of the TLS protocol transparently. The IP phones use UDP as a standard for SIP transport, but they also support SIP over TLS for added security. To enable TLS for the phone: STEP 1 Log in to the web administration interface. STEP 2 Click Admin Login and advanced. STEP 3 Click Ext , then scroll to the SIP Settings section. STEP 4 Select TLS from the SIP Transport drop-down box. STEP 5 Click Submit All Changes. 116 Cisco SPA and Wireless IP Phone Administration Guide