|
|
|
|
TEMPEST Cisco 7962 VoIP Phone
DTD-7962-T2 is a TEMPEST certified version of the
Cisco 7962G Unified VoIP telephone set,
introduced in 2011 by CIS Secure
in Ashburn (Virginia, USA).
It is based on a standard Cisco 7962G,
to which fibre optic interfaces have been added, as well as shielding
against unwanted emanations, to military standards (TEMPEST). The price
for a single unit in 2011 was US$ 1999.
|
There are several modifications however.
The internal speaker is disabled in hands-free mode, as this is a
requirement of the TEMPEST standard. As a result it can not be used
to play the ringtone(s) on incoming calls, which is why an alternative
ringer has been fitted. Furthermore, the handset
and the external power supply unit
have been modified to meet TEMPEST requirements.
The original
Cisco 7962G Unified IP Phone
was introduced on 27 July 2007
and was sold until 1 February 2016 [1]. 1
The TEMPEST version, made by CIS Secure
(DTD-7962-T2), was approved for
critical applications on 17 May 2011 [2].
It was succeeded by the CIS TEMPEST Cisco 8841.
|
-
No support will be available from Cisco after 31 January 2021.
|
The diagrams below provide an overview of the controls and connections
on the DTD-7962. The front panel is identical to that of the Cisco 7962G
on which it is based, and so is its operation, with the exception of the
use of the built-in speaker whilst the handset is on-hook. On the DTD-7962
it is disabled, as this is a security requirement for TSG/TEMPEST approval.
Instead, a new ringer-device has been added. At the top right, a red
indicator/push-button has also been added.
All connections are at the rear of the device. At the left is a 4-pin
LEMO socket for connection of the external power supply unit
(which is also TEMPEST approved). At the right is a DE9 socket for
connection of the (modified) handset. At the centre are the
terminals for the optic fibres: one for connection to the local
area network (LAN) and one for an (optional) personal computer (PC).
The enclosure and the handset cable are shielded against unwanted
emanations.
Note that the power supply unit (PSU), which is included with the
kit, has to be connected to the mains network (100-240V AC) by means of
the supplied shielded cable, in order to meet TEMPEST requirements.
|
The DTD-7962 is based on a regular Cisco 7962G desktop telephone set,
that has been modified to meet TEMPEST requirements.
The most obvious (visual) modification is the black plastic enclosure that
has been added at the rear. It houses the optic fibre interfaces, and fills
two gaps in the front panel of the 7962G: at the top right
(where the red indicator
is) and in between the handset cradle and the display.
|
|
|
The original handset of the Cisco 7962 phone was modified to meet TEMPEST
requirements. It connects to the base unit via a shielded coiled
cable with a female 9-pin sub-D plug (DE9/F).
The handset can be placed in the cradle – as before – but is connected to
the DE9/M socket marked HANDSET at the rear of the base unit.
|
|
|
|
Power supply unit
DTD-7962-PWR
|
|
|
A standard Cisco 7962G telephone set can be powered via the Ethernet line
– using power-over-ethernet (PoE) – or by means of a simple wall socket
power adapter, neither of which meets the stringent TEMPEST requirements.
As the device uses optical interfaces, it can not be powered over the
optic fibres. For this reason, the special TEMPEST shielded power supply unit
(PSU) shown here, is supplied with the set.
|
|
|
|
Mains power cord
DTD-7962-PWR
|
|
|
The power supply unit (shown above) has a standard 3-pin socket for connection
to the mains AC network. Although it can be used with any regular power
cable, it was recommended to use the shielded one that was supplied with the
set, in order to meet TEMPEST requirements.
The cable has two large (black) ferite beads that are clamped on at either
end, to reduce any residual leakage of radio frequency (RF) signals,
that might appear on the power line.
|
|
|
The DTD07962 is well-constructed. Getting access to its interior, requires
the removal of quite a few screws, as one would expect from a TEMPEST
approved device. First, the vacuum-molded black plastic cover has to be removed.
This involves the removal of the 4 rubber feet and three recessed screws
around the edges of the case. Note that this breakes the two warranty seals.
|
The original PCB of the Cisco 7962 telephone, has been encapsuled in a metal
frame, to which a trapezium-shaped aluminium case
is bolted. This case contains the interfaces that convert the phone's
100BaseT interfaces to optic fibres.
The case also holds a PCB with relays that cut the wiring to the
handset and the (optional) headset, and the socket for connection
of the external power supply unit (PSU). The power socket is
contined in a metal box that contains appropriate filtering by means of
ferrite beads. Surprisingly, the handset wiring is not filtered.
|
|
|
Apparently, the fact that the wiring is shielded (and disconnected when the
handset is on-hook) was enough to obtain TEMPEST approval. The 100BaseT
interfaces of the original Cisco set, are still visible at the bottom. They
are wired to the fibre converters by means of short UTP cables.
|
Device Secure IP telephone Model DTD-7962-T2 Manufacturer Cisco, CIS Secure Years 2011-2021 Price US$ 1999 (in 2011) Interface 10, 100, 1000 mbps fibre Crypto no Standards see below Tempest yes, see below
|
|
CTP II TEMPEST certifications
|
|
|
-
Type A device, which means it does not required or rely on external
device(s).
|
LAN
|
|
Local Area Network
Typically an in-house or in-office computer network.
|
LED
|
|
Light Emitting Diode
In this case, the red indicator at the top right is an example of an LED.
|
RX
|
|
Receive (reception)
This line carries the incoming traffic.
|
TEMPEST
|
|
Codename, referring to (the study of) unwanted compromising emanations.
This includes the emission of unintentional and unwanted
intelligence-bearing signals.
If such signals were intercepted and analyzed, they might disclose sensitive
information. In cryptography, the interceptor might be able to reconstruct
(part of) the plain text.
➤ Wikipedia
|
TX
|
|
Transmit (transmission)
This line carries the outgoing traffic.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Tuesday 28 January 2020. Last changed: Tuesday, 13 February 2024 - 17:37 CET.
|
|
|
|
|