Security overview
Avaya J100 Series IP Phones provide several general, network, and application security features.
General Security features
-
Access control and security logging.
-
Password and user credentials storage using Federal Information Processing Standards (FIPS 140–3) encryption.
-
Department of Defense solution deployment with Joint Interoperability Test Command (JITC) compliance.
-
Encrypted storage of private keys using standards-compliant PKCS #7 and password-protected PKCS #12 file formats.
-
Enhanced random number generator algorithm.
-
Phone firmware integrity and authenticity ensured using a secure SHA-2 hash signature validation.
-
SHA-2 hash algorithm and strong AES-256 bit encryption available for all cryptographic operations.
-
Deprecated support for SHA-1 algorithms in all cryptographic algorithms.
-
Configurable Federal Information Processing Standard (FIPS) and non-FIPS runtime modes.
-
Remote access to the phone disabled by default. Phone access available using web UI and SSH.
-
System clock synchronization using Network Time Protocol (NTP) at configurable intervals.
Network Security features
-
Trust Certificates:
-
X.509 compliant certificates according to RFC 5280.
-
RSA (2048 and 4096 bit) keys support for certificates in truststore and received from servers during TLS connections.
-
Online Certificate Status Protocol (OCSP) for obtaining the revocation status of an X.509 digital certificate according to RFC 6960.
-
-
Identity certificates:
-
Public Key Infrastructure (PKI) for customers who use third-party certificates for all Avaya services.
-
RSA (2048 and 4096 bit) and limited ECC support keys for the installed identity certificates.
-
Certificate installation using one of the following methods:
-
Device Enrolment Services (DES)
-
Simple Certificate Enrollment Protocol (SCEP)
-
Enhanced Enrollment with Avaya Aura 8.3 or higher
-
PKCS #12 file format
-
-
-
Minimum TLS version defined up to TLS v1.3.
-
Secure Real-time Transport Protocol (SRTP) and Secure Real-time Transport Control Protocol (SRTCP) support.
-
802.1x L2 network authentication.
-
VLAN separation mode using system parameters.
-
Maintenance of integrity under Denial of Service (DoS) attacks. During DoS attacks, the phone goes into the out-of-service mode.
Application Security Features
-
Phone lock and user logout functionalities to protect user privacy. Users can only receive calls or make emergency calls on a locked phone.
-
User logs and data protected with the user account.