Linksys SPA921 Cisco Small Business IP Telephony Devices Provisioning Guide - Page 22
How HTTPS Works, Server Certificate
UPC - 745883570799
View all Linksys SPA921 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 22 highlights
Provisioning Cisco Small Business VoIP Devices Using HTTPS 1 How HTTPS Works HTTPS encrypts the communication between a client and a server, protecting the message contents from other intervening network devices. The encryption method for the body of the communication between a client and a server is based on symmetric key cryptography. With symmetric key cryptography, a single secret key is shared by a client and a server over a secure channel protected by Public/ Private key encryption. Messages encrypted by the secret key can only be decrypted using the same key. HTTPS supports a wide range of symmetric encryption algorithms. The IP Telephony Device implements up to 256-bit symmetric encryption, using the American Encryption Standard (AES), in addition to 128-bit RC4. HTTPS also provides for the authentication of a server and a client engaged in a secure transaction. This feature ensures that a provisioning server and an individual client cannot be spoofed by other devices on the network. This is an essential capability in the context of remote endpoint provisioning. Server and client authentication is performed by using public/private key encryption with a certificate that contains the public key. Text that is encrypted with a public key can be decrypted only by its corresponding private key (and vice versa). The IP Telephony Device supports the RSA algorithm for public/ private key cryptography. Server Certificate Each secure provisioning server is issued an SSL server certificate, directly signed by Cisco. The firmware running on the IP Telephony Device recognizes only a Cisco certificate as valid. When a client connects to a server via HTTPS, it rejects any server certificate that is not signed by Cisco. This mechanism protects the service provider from unauthorized access to the IP Telephony Device, or any attempt to spoof the provisioning server. Without such protection, an attacker might be able to reprovision the IP Telephony Device, to gain configuration information, or to use a different VoIP service. Cisco Small Business IP Telephony Devices Provisioning Guide 20