Linksys SPA921 Cisco Small Business IP Telephony Devices Provisioning Guide - Page 22

How HTTPS Works, Server Certificate

Get Linksys SPA921 - Cisco - IP Phone PDF manuals and user guides
UPC - 745883570799
View all Linksys SPA921 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 How HTTPS Works HTTPS encrypts the communication between a client and a server, protecting the message contents from other intervening network devices. The encryption method for the body of the communication between a client and a server is based on symmetric key cryptography. With symmetric key cryptography, a single secret key is shared by a client and a server over a secure channel protected by Public/ Private key encryption. Messages encrypted by the secret key can only be decrypted using the same key. HTTPS supports a wide range of symmetric encryption algorithms. The IP Telephony Device implements up to 256-bit symmetric encryption, using the American Encryption Standard (AES), in addition to 128-bit RC4. HTTPS also provides for the authentication of a server and a client engaged in a secure transaction. This feature ensures that a provisioning server and an individual client cannot be spoofed by other devices on the network. This is an essential capability in the context of remote endpoint provisioning. Server and client authentication is performed by using public/private key encryption with a certificate that contains the public key. Text that is encrypted with a public key can be decrypted only by its corresponding private key (and vice versa). The IP Telephony Device supports the RSA algorithm for public/ private key cryptography. Server Certificate Each secure provisioning server is issued an SSL server certificate, directly signed by Cisco. The firmware running on the IP Telephony Device recognizes only a Cisco certificate as valid. When a client connects to a server via HTTPS, it rejects any server certificate that is not signed by Cisco. This mechanism protects the service provider from unauthorized access to the IP Telephony Device, or any attempt to spoof the provisioning server. Without such protection, an attacker might be able to reprovision the IP Telephony Device, to gain configuration information, or to use a different VoIP service. Cisco Small Business IP Telephony Devices Provisioning Guide 20

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
Provisioning Cisco Small Business VoIP Devices
Using HTTPS
Cisco Small Business IP Telephony Devices Provisioning Guide
20
1
How HTTPS Works
HTTPS encrypts the communication between a client and a server, protecting the
message contents from other intervening network devices. The encryption
method for the body of the communication between a client and a server is based
on symmetric key cryptography. With symmetric key cryptography, a single secret
key is shared by a client and a server over a secure channel protected by Public/
Private key encryption.
Messages encrypted by the secret key can only be decrypted using the same
key. HTTPS supports a wide range of symmetric encryption algorithms. The IP
Telephony Device implements up to 256-bit symmetric encryption, using the
American Encryption Standard (AES), in addition to 128-bit RC4.
HTTPS also provides for the authentication of a server and a client engaged in a
secure transaction. This feature ensures that a provisioning server and an
individual client cannot be spoofed by other devices on the network. This is an
essential capability in the context of remote endpoint provisioning.
Server and client authentication is performed by using public/private key
encryption with a certificate that contains the public key. Text that is encrypted
with a public key can be decrypted only by its corresponding private key (and
vice versa). The IP Telephony Device supports the RSA algorithm for public/
private key cryptography.
Server Certificate
Each secure provisioning server is issued an SSL server certificate, directly
signed by Cisco. The firmware running on the IP Telephony Device recognizes
only a Cisco certificate as valid. When a client connects to a server via HTTPS, it
rejects any server certificate that is not signed by Cisco.
This mechanism protects the service provider from unauthorized access to the IP
Telephony Device, or any attempt to spoof the provisioning server. Without such
protection, an attacker might be able to reprovision the IP Telephony Device, to
gain configuration information, or to use a different VoIP service.