Cisco CallManager Security Guide, Release 4.1(3)
Index
Downloads: This chapterpdf (PDF - 329.0KB) The complete bookPDF (PDF - 1.94MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - H - I - K - L - M - N - P - R - S - T - V -

Index

A

authentication

configuration checklist overview (table) 1-24

configuring devices for 5-6

configuring voice mail ports for 6-3

device security mode settings (table) 5-10, 6-7

installation 1-11

interactions 1-5

overview 1-20

restrictions 1-5

string 4-2

terminology (table) 1-2

B

barge

encryption restrictions 1-5, 9-52

C

Certificate Authority Proxy Function (CAPF)

authentication string 4-2

entering on phone 4-22

Cisco CAPF service 3-6

configuration

checklist (table) 4-9

generating a report 4-21

migrating existing data 4-11

serviceability 4-7

settings (table) 4-18

updating service parameter 4-13

interactions 4-5

key size 4-18

locally significant certificate (LSC)

deleting 4-16

finding phones with 4-22

installing/upgrading 4-15

operation status 4-18

overview 4-2

requirements 4-5

troubleshooting

authentication string entered incorrectly on phone 9-37

LSC validation fails 9-38

messages 9-36

verifying

CAPF certificate installation 9-38

LSC installation 9-39

MIC exists 9-40

certificates

CAPF 1-18

Cisco CallManager 1-18

Cisco Unity

SCCP device 1-18

server 1-18

HTTPS 1-18

locally significant (LSC) 1-18

manufacture-installed (MIC) 1-18

SRST-enabled gateway 1-18

Cisco CallManager

certificate described 1-18

Cisco IP Phone

calculating MD5 hash 9-27

certificates described 1-18

deleting CTL file 9-28

device security mode 5-6

hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

security features (table) 5-3

troubleshooting

authentication string entered incorrectly on phone 9-37

CTL errors 9-25

using MD5 application 9-27

verifying LSC installation 9-39

Cisco Unity

certificate

SCCP device 1-18

server 1-18

security

device security mode 6-3

overview 6-1

requirements 6-1

clusterwide security mode

configuring 3-11

updating 3-18

verifiying 9-33

codec

security restrictions 1-5

CTL client

changing security token password 9-9

configuration checklist (table) 3-3

configuring 3-11

configuring TLS ports 3-6

CTL file

comparing files 9-27

creating 3-11

deleting entry 3-22

deleting on phone 9-28

deleting on server 9-29

migrating 3-10

running MD5 check 9-27

updating 3-16

determining version 9-35

Etoken 3-8

installing 3-8

service

Cisco CAPF 3-6

Cisco CTL Provider 3-5, 3-6

settings (table) 3-19

setting the Smart Card service 9-11

troubleshooting

locked security token 9-10

losing all security tokens 9-32

losing one security token 9-31

messages 9-12

phone errors 9-25

uninstalling 9-34

updating clusterwide security mode 3-18

upgrading plug-in 3-10

verifying

installation 9-34

security mode 9-33

CTL file

comparing 9-27

creating 3-11

deleting

entry 3-22

on phone 9-28

on server 9-29

running MD5 check 9-27

troubleshooting

losing all security tokens 9-32

losing one security token 9-31

updating 3-16

D

device authentication

configuring devices for 5-6

installation 1-11

overview 1-20

device security mode 5-6

configuring phone 5-6

settings (table) 5-10, 6-7

system default 5-7

voice mail ports 6-3

document

audience xii

conventions xv

organization xiii

purpose xii

related documentation xiv

documentation

related xiv

E

encryption

barge restrictions 1-5, 9-52

configuration checklist overview (table) 1-24

configuring devices for 5-6

configuring voice mail ports for 6-3

device security mode settings (table) 5-10, 6-7

gateway configuration checklist (table) 8-3

installation 1-11

interactions 1-5

MGCP gateway 8-1

overview 1-22

restrictions 1-5

terminology (table) 1-2

troubleshooting SRTP/SCCP 9-42

F

file authentication

configuring devices for 5-6

overview 1-20

H

HTTPS

certificate

copying to file (Internet Explorer) 2-17

deleting 9-8

described 1-18

saving to trusted folder (Internet Explorer) 2-15

saving to trusted folder (Netscape) 2-19

using third-party 2-110

viewing details (Internet Explorer) 2-16

disabling 9-7

enabling 9-6

Internet Explorer support 2-13

messages 9-5

Netscape support 2-18

overview 2-11

troubleshooting 9-4

virtual directories (table) 2-12

I

image authentication

overview 1-20

integrity

overview 1-20

IP Phone 5-6

calculating MD5 hash 9-27

certificates described 1-18

deleting CTL file 9-28

hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

security features (table) 5-3

troubleshooting

authentication string entered incorrectly on phone 9-37

CTL errors 9-25

using MD5 application 9-27

verifying LSC 9-39

IPSec

configuration checklist (table) 8-3

considerations 8-4

recommendations 8-4

K

key size 4-18

L

locally significant certificate (LSC)

deleting 4-18

described 1-18

finding phones with 4-22

troubleshooting 4-18

authentication string entered incorrectly on phone 9-37

LSC validation fails 9-38

verifying installation 9-39

M

manufacture-installed certificate (MIC)

described 1-18

troubleshooting

authentication string entered incorrectly on phone 9-37

verifying 9-40

media encryption

configuring devices for 5-6

installation 1-11

overview 1-22

MGCP gateway

configuring IPSEC 8-4

security configuration checklist (table) 8-3

N

Network Address Translation

security restrictions 1-5

null string 4-18

P

packet capturing

analyzing 9-51

configuration checklist (table) 9-43

messages 9-52

overview 9-42

service parameters 9-44

settings 9-49

phone

calculating MD5 hash 9-27

certificates described 1-18

deleting CTL file 9-28

device security mode 5-6

hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

security features (table) 5-3

troubleshooting

authentication string entered incorrectly on phone 9-37

troubleshooting CTL errors 9-25

using MD5 application 9-27

verifying LSC installation 9-39

phone hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

R

replacement

secure publisher database server 1-14

secure subscriber server 1-16

restoration

secure cluster 1-17

secure data 1-13

secure publisher database server 1-14

secure subscriber server 1-16

S

security

authentication 1-20

configuring IPSec 8-4

CTL client

Cisco CTL Provider service 3-5

configuration checklist (table) 3-3

configuring 3-11

CTL file updates 3-16

installing 3-8

settings (table) 3-19

TLS ports 3-6

upgrading 3-10

device security mode

overview 5-6

settings (table) 5-10, 6-7

system default 5-7

encryption 1-22

Etoken 3-8

installation 1-11

locally significant certificate (LSC)

deleting 4-16, 4-18

finding phones with 4-22

installing/upgrading 4-15

troubleshooting 4-18

overview

best practices 1-9

Certificate Authority Proxy Function (CAPF) 4-2

certificates 1-18

Cisco CTL client 3-2

configuration (table) 1-24

HTTPS 2-11

interactions 1-5

MGCP gateway 8-1

rebooting cluster 1-10

rebooting server 1-10

resetting devices 1-10

restarting Cisco CallManager service 1-10

restrictions 1-5

SRST 7-1

system requirements 1-4

terminology (table) 1-2

voice mail 6-1

where to find more information 1-29

replacement

publisher database server 1-14

subscriber server 1-16

restoration

data 1-13

replacing cluster 1-17

replacing publisher database server 1-14

replacing subscriber server 1-16

service

Cisco CAPF 3-6

Cisco CTL Provider 3-5

TLS ports 3-6

token 3-8

troubleshooting

alarms 9-2

log files 9-3

packet capturing 9-42

performance monitor counters 9-3

using barge with encryption 9-52

server

replacement

secure publisher database 1-14

secure subscriber 1-16

signaling authentication

configuring devices for 5-6

installation 1-11

overview 1-20

signaling encryption

configuring devices for 5-6

installation 1-11

overview 1-22

signaling integrity

overview 1-20

SRST

security

configuration checklist (table) 7-3

configuring references 7-4

gateway certificate described 1-18

overview 7-1

settings (table) 7-6

troubleshooting 9-53

certificate deleted on gateway 9-54

deleting security for reference 9-53

security messages 9-54

SRST reference

security

configuring 7-4

settings (table) 7-6

troubleshooting

certificate deleted on gateway 9-54

deleting security 9-53

security messages 9-54

T

troubleshooting

security

alarms 9-2

analyzing captured packets 9-51

authentication string entered incorrectly on phone 9-37

CAPF messages 9-36

Cisco CTL client 9-8

Cisco CTL client messages 9-12

deleting CTL file on phone 9-28

deleting CTL file on server 9-29

deleting security for SRST reference 9-53

HTTPS 9-4, 9-6, 9-7, 9-8

HTTPS messages 9-5

locked security token 9-10

log files 9-3

losing all security tokens 9-32

losing one security token 9-31

LSC validation fails 9-38

packet-capturing configuration checklist (table) 9-43

packet-capturing configuration settings 9-49

packet-capturing messages 9-52

packet-capturing service parameters 9-44

performance monitor counters 9-3

phone errors 9-25

SRST certificate deleted on gateway 9-54

SRST messages 9-54

SRST references 9-53

SRTP/SCCP overview 9-42

using MD5 application 9-27

verifying CAPF certificate installation 9-38

verifying LSC installation 9-39

verifying MIC exists 9-40

V

voice mail

security

configuration checklist (table) 6-8

finding port 6-7

overview 6-1

requirements 6-1

settings (table) 6-7

system default 6-3

voice mail port

security

configuration checklist (table) 6-8

device security mode 6-3

finding 6-7

overview 6-1

requirements 6-1

settings (table) 6-7

system default 6-3