Encryption
AES is standard on RealPresence Group Series systems. When enabled, your system automatically
encrypts calls with other systems using AES.
A locked padlock icon displays on the connected monitor(s) when a call is encrypted. If a call is
unencrypted, you see an unlocked padlock. In a multipoint call, some connections might be encrypted
while others aren’t. The padlock may not accurately indicate encryption status if the call is cascaded or
includes an audio-only endpoint. To avoid security ambiguity, participants can verbally communicate the
state of their padlock icon at the beginning of a call.
Remember the following about AES encryption:
• AES encryption is not supported on systems registered to an Avaya H.323 gatekeeper.
• Systems in a call support only 256-bit encryption key with an XT5000 or XT7000 Avaya endpoint.
• For systems with a maximum speed of 6 Mbps for unencrypted calls, the maximum speed for
encrypted SIP calls is 4 Mbps.
The following AES cryptographic algorithms ensure flexibility when negotiating secure media transport:
• H.323 (per H.235.6)
◦ AES-CBC-128 / DH-1024
◦ AES-CBC-256 / DH-2048
• SIP (per RFCs 3711, 4568, 6188)
◦ AES_CM_128_HMAC_SHA1_32
◦ AES_CM_128_HMAC_SHA1_80
◦ AES_CM_256_HMAC_SHA1_32
◦ AES_CM_256_HMAC_SHA1_80
The systems also support the use of FIPS 140 validated cryptography, which is required in some
instances, such as when used by the U.S. federal government. When the you enable the Require FIPS
140 Cryptography setting, all cryptography used on the system comes from a software module that has
been validated to FIPS 140-2 standards. You can find its FIPS 140-2 validation certificate here: http://
csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1747.
Configure Encryption
You can configure encryption settings on your system.
Procedure
1. In the system web interface, go to Admin Settings > Security > Global Security > Encryption.
2. Configure these settings.
Securing the System
Polycom, Inc. 97
To Next Page
Loading...
Need help?
General
