Cisco Unified CallManager Security Guide, Release 5.0(2)
Index
Downloads: This chapterpdf (PDF - 329.0KB) The complete bookPDF (PDF - 4.67MB) | Feedback

Index

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - P - S - T - V -

Index

A

authentication

configuring devices for 5-2

configuring for SIP trunk 14-2, 14-3

device security mode configuration settings (table) 5-3, 5-5

interactions 1-5, 1-6

overview 1-14

restrictions 1-5

with CTI/JTAPI/TAPI applications 11-2

authentication string 6-2, 11-4

entering on phone 6-9

finding phones using 6-8

authorization 1-14

configuring for SIP trunk 14-2, 14-3

interactions 1-6

overview 1-14

B

barge

encryption restrictions with 1-11

BAT

configuring with phone packet capturing 16-7

C

Certificate Authority Proxy Function (CAPF)

activating service 6-5, 11-8

authentication string 6-2

entering on phone 6-9

Cisco CAPF service 3-4

Cisco Unified CallManager Serviceability configuration 6-4

configuration checklist (table) 6-4

configuration settings (table)

for CTI/JTAPI/TAPI applications 11-11

configuring an application user or end user CAPF profile 11-10

deleting an application user or end user CAPF profile 11-13

finding an application user or end user CAPF profile 11-9

finding phones using LSC or authentication string 6-8

generating CAPF report 6-8

installation 1-11

interactions and requirements 6-3

with CTI/JTAPI/TAPI applications 11-5

interaction with Cisco Unified IP Phone 6-2

overview 6-2

overview for CTI/JTAPI/TAPI applications 11-4

phone configuration settings (table) 6-7

troubleshooting 16-5

LSC validation fails 16-6

verifying CAPF certificate installation 16-6

verifying MIC exists 16-7

updating service parameters 6-6

for CTI/JTAPI/TAPI 11-9

using for phone certificate operations 6-6

viewing certificate operation status for application user or end user 11-14

certificates

Internet Explorer certificate 2-2

Netscape certificate 2-5

troubleshooting 16-4

types 1-12

Cisco CTL client

Cisco CAPF service 3-4

Cisco CTL Provider service 3-3

clusterwide security mode

updating 3-11

configuration checklist (table) 3-2

configuration settings (table) 3-11

configuring 3-7

configuring TLS ports 3-4

deleting CTL file on phone 3-14

installation 1-11

installing 3-5

migrating 3-7

overview 3-1

security token password

changing 3-13

setting the Smart Card service 3-13

troubleshooting 16-4

uninstalling 3-15

upgrading 3-7

verifying 3-15

verifying security mode 3-12

version

determining 3-15

Cisco TFTP services 3-1

Cisco Unified IP Phone

CAPF configuration settings (table) 6-7

deleting CTL file 3-14

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

encrypted configuration file 7-1

configuration checklist (table) 7-4

configuring manual key distribution 7-5

disabling 7-7

enabling 7-4

entering symmetric key 7-6

manual key configuration checklist (table) 7-6

manual key distribution 7-2

phone support 7-3

symmetric key encryption with public key 7-3

using symmetric key encryption w/public key 7-6

verifying 7-7

entering authentication string 6-9

interaction with CAPF 6-2

security configuration checklist (table) 4-2

security icon restrictions 1-9

security icons 1-5

troubleshooting

authentication string 16-6

verifying LSC 16-6

understanding security 4-1

viewing security settings 4-2

cluster security mode

verifying 3-12

computer telephony integration (CTI)

secure user groups

adding application users and end users 11-7

securing

configuration checklist (table) 11-5

configuration file encryption 1-18

CTL client

Cisco CAPF service 3-4

Cisco CTL Provider service 3-3

clusterwide security mode

updating 3-11

configuration checklist (table) 3-2

configuration settings (table) 3-11

configuring 3-7

configuring TLS ports 3-4

deleting CTL file on phone 3-14

installing 3-5

migrating 3-7

overview 3-1

security token password

changing 3-13

setting the Smart Card service 3-13

troubleshooting 16-4

uninstalling 3-15

upgrading 3-7

verifying 3-15

verifying security mode 3-12

version

determining 3-15

CTL file

deleting entry 3-10

deleting on phone 3-14

updating 3-9

D

device authentication 1-14

configuring devices for 5-2

digest authentication 1-14

application user digest credential settings (table) 15-3

associating digest user with a phone 8-4

cluster ID 15-2

configuration checklist (table) for phones 8-1

configuration settings (table) for end user 8-3

configuring a SIP realm 15-4

configuring digest credentials for application user 15-2

configuring digest credentials for end user 8-3

configuring for SIP trunk 14-2, 14-3

configuring service parameters 8-2

deleting a SIP realm 15-5

finding a SIP realm 15-3

SIP realm configuration settings (table) 15-5

trunk configuration checklist (table) 15-1

document

audience xii

conventions xiv

organization xii

purpose xii

related documentation xiv

E

encryption

configuring devices for 5-2

configuring SRTP allowed check box 13-6

configuring with barge 1-11

device security mode configuration settings (table) 5-3, 5-5

encrypted configuration file 7-1

configuration checklist (table) 7-4

configuring manual key distribution 7-5

disabling 7-7

enabling 7-4

entering symmetric key 7-6

manual key configuration checklist (table) 7-6

manual key distribution 7-2

phone support 7-3

symmetric key encryption with public key 7-3

using symmetric key encryption w/public key 7-6

verifying 7-7

encrypted signaling

configuring for SIP trunk 14-2

gateway and trunk configuration checklist (table) 13-4

installation 1-11

interactions 1-5, 1-6

overview 1-18

overview for H.323/H.225/H.245 trunk 13-2

overview for H.323 gateway 13-2

overview for MGCP gateway 13-1

overview for SIP trunk 13-3

restrictions 1-5, 1-6

with authentication 1-7

with barge 1-7

with media resources 1-8

with packet capturing 1-9

with phone and trunk devices 1-8

with security icons 1-9

signaling

configuring for SIP trunk 14-3

troubleshooting

with packet capturing 16-7

with CTI/JTAPI/TAPI applications 11-3

etoken

changing password 3-13

troubleshooting 16-4

F

file authentication 1-14

configuring devices for 5-2

H

HTTPS

overview 2-1

virtual directories (table) 2-1

with Internet Explorer 2-2

with Netscape 2-5

I

image authentication 1-14

integrity

overview 1-14

IP Phone

CAPF configuration settings (table) 6-7

deleting CTL file 3-14

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

encrypted configuration file 7-1

configuration checklist (table) 7-4

configuring manual key distribution 7-5

disabling 7-7

enabling 7-4

entering symmetric key 7-6

manual key configuration checklist (table) 7-6

manual key distribution 7-2

phone support 7-3

symmetric key encryption with public key 7-3

using symmetric key encryption w/public key 7-6

verifying 7-7

entering authentication string 6-9

interaction with CAPF 6-2

security configuration checklist (table) 4-2

security icon restrictions 1-9

security icons 1-5

troubleshooting

authentication string 16-6

verifying LSC 16-6

understanding security 4-1

viewing security settings 4-2

IPSec 1-12

configuration checklist (table) 13-4

configuring 13-5

gateway or trunk considerations 13-5

infrastructure considerations 13-5

recommendations 13-5

J

JTAPI

configuring security service parameters 11-14

securing

configuration checklist (table) 11-5

L

locally significant certificate (LSC)

finding phones using 6-8

troubleshooting

validation fails 16-6

verifying installation 16-6

with CTI/JTAPI/TAPI applications 11-4

log files

troubleshooting 16-4

M

manufacture-installed certificate (MIC)

verifying 16-7

media encryption

configuring devices for 5-2

overview 1-18

MGCP gateway

configuring 13-5

security configuration checklist (table) 13-4

mode

mixed 1-9

nonsecure 1-9

P

phone

deleting CTL file 3-14

phone hardening

configuring 9-3

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

port

Cisco CTL Provider 3-4

Ethernet phone 3-4

SIP secure 3-4

S

secure sockets layer (SSL)

installation 1-11

with HTTPS 2-1

security

authentication overview 1-14

authorization overview 1-14

best practices 1-10

certificate types 1-12

Cisco CTL client overview 3-1

configuration checklist for authentication and encryption (table) 1-20

encryption overview 1-18

features list 1-4

features list (table) 1-5

files

backup and restore 16-4

HTTPS 2-1

installation 1-11

interactions 1-5, 1-6

rebooting the cluster 1-10

rebooting the server 1-10

resetting devices 1-10

restarting Cisco Unified CallManager service 1-10

restrictions 1-5, 1-6

cluster and device modes 1-9

system requirements 1-4

terminology (table) 1-2

tokens 3-1, 3-5, 3-7, 3-9, 3-13, 16-4

using barge with encryption 1-11

where to find more information 1-23

security mode

clusterwide

configuring 3-11

security profile

configuration settings (table) for SIP trunk 14-3

configuring for SIP trunk 14-2

finding for SIP trunk 14-1

overview for SIP trunk 14-1

signaling authentication 1-14

configuring devices for 5-2

signaling encryption

configuring devices for 5-2

overview 1-18

Site Administrator Security Token (SAST) 3-1

SRST

configuration checklist (table) 12-2

configuring references 12-3

overview 12-1

security settings (table) 12-4

troubleshooting 12-5

certificate deleted on gateway 12-5

deleting secured reference 12-5

security messages 12-5

SRST reference

configuring 12-3

security settings (table) 12-4

troubleshooting

certificate deleted on gateway 12-5

deleting secured reference 12-5

security messages 12-5

T

TAPI

configuring security service parameters 11-14

securing

configuration checklist (table) 11-5

TFTP services 3-1

trace files

troubleshooting 16-4

transport layer security (TLS) 1-12

port 3-4

transport security

and real-time protocol (RTP) 1-12

and secure real-time protocol (SRTP) 1-12

configuring for SIP trunk 14-2, 14-3

IPSec 1-12

TLS 1-12

troubleshooting

alarms 16-2

authentication string entered incorrectly on phone 16-6

CAPF 16-5

certificates 16-4

Cisco CTL client 16-4

configuring BAT with phone packet capturing 16-7

CTL security tokens 16-4

deleting CTL file on phone 3-14

log files 16-4

LSC validation fails 16-6

packet capturing 16-7

packet capturing with encryption 16-7

performance monitor counter descriptions (table) 16-3

performance monitor counters 16-2

SRST certificate deleted on gateway 12-5

SRST messages 12-5

SRST references 12-5

trace files 16-4

using the CLI 16-2

verifying CAPF certificate installation 16-6

verifying LSC installation 16-6

verifying MIC exists 16-7

V

voice messaging

security configuration checklist (table) 10-2

security overview 10-1

security requirements 10-1

voice messaging port

applying a security profile 10-3

applying a security profile using the Wizard 10-3

security configuration checklist (table) 10-2

security overview 10-1