Chapter 6: Security
Security overview
SIP-based Avaya J129 IP Phone provides several updated security features. When the phone is in
a locked state, a user can only receive calls or make emergency calls. User logs and data are
protected with the user account.
The following security features are available:
• Account management: The phone supports the following:
- Storage of passwords and user credentials using Federal Information Processing Standards
(FIPS 140–2)
- FIPS 140-2 cryptographic algorithms for application, processes, and users
- Identity certificate installation using Simple Certificate Enrollment Protocol (SCEP) for
enrollment and encrypted PKCS#12 file format to import both private key and certificate.
• Certificate management: The phone supports the following:
- X509v3 compliant certificates
- Public Key Infrastructure (PKI) for users who use third-party certificates for all Avaya
services including database
- Online Certificate Status Protocol (OCSP) for obtaining the revocation status of an X.509
digital certificate according to RFC 6960
• VLAN separation mode using system parameters.
• Synchronization of the system clock at configured intervals using system parameters.
• Display of SSH fingerprint in the Administration menu.
• Display of OpenSSH and OpenSSL version in the Administration menu.
• Maintenance of integrity when the phone is under Denial of Service (DoS) attack. In this case,
the phone goes into out-of-service mode.
• DRBG random number generator compliant with SSL FIPS 140–2.
• SHA2 hash algorithm and strong encryption (256 bit symmetric and RSA 2048 and 4096 bit
asymmetric keys) for all cryptographic operations.
• Deprecated support for SHA1 algorithms in all cryptographic algorithms.
• SRTP/SRTCP and TLS v1.2.
September 2017
Installing and Administering Avaya J129 IP Phone
51