Cisco Unified Communications Manager Security Guide, Release 9.1(1)
Preface
Downloads: This chapterpdf (PDF - 314.0KB) The complete bookPDF (PDF - 3.54MB) | Feedback

Preface

Preface

This preface describes the purpose, audience, organization, and conventions of this guide and provides information on how to obtain related documentation.

Purpose

Cisco Unified Communications Manager Security Guide helps system and phone administrators perform the following tasks:

  • Configure authentication.
  • Configure encryption.
  • Configure digest authentication.
  • Install server authentication certificate that is associated with HTTPS
  • Configure the Cisco CTL Client.
  • Configure security profiles.
  • Configure Certificate Authority Proxy Function (CAPF) to install, upgrade, or delete locally significant certificates on supported Cisco Unified IP Phone models.
  • Configure phone hardening.
  • Configure Survivable Remote Site Telephony (SRST) references for security.
  • Configure gateways and trunks for security.
  • Configure FIPS (Federal Information Processing Standard) 140-2 mode.

Audience

This guide provides a reference and procedural guide for system and phone administrators who plan to configure call security features for Cisco Unified Communications Manager.

Organization

The following table lists the major sections of this guide:

Table 1 Guide Overview

Chapter

Description

Security Basics

Security overview

Provides an overview of security terminology, system requirements, interactions and restrictions, installation requirements, and a configuration checklist; describes the different types of authentication and encryption.

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Provides an overview of HTTPS and describes how to install the server authentication certificate in the trusted folder.

Default security setup

Provides information about the Security by Default feature, which provides automatic security features for Cisco Unified IP Phones.

Cisco CTL Client setup

Describes how to configure authentication by installing and configuring the Cisco CTL Client.

Certificate setup

Describes how to manage certificates in the Certificate Configuration window.

Security for Phones and Voice Mail Ports

Phone security

Describes how Cisco Unified Communications Manager and the phone use security; provides a list of tasks that you perform to configure security for the phone.

Phone security profile setup

Describes how to configure the security profile and apply it to the phones in Cisco Unified Communications Manager Administration.

Secure and nonsecure indication tone setup

Describes how to configure a phone to play a secure-indication tone.

Encryption to analog endpoint setup

Describes how to configure a secure SCCP connection to analog endpoints.

Certificate authority proxy function

Provides an overview of Certificate Authority Proxy Function and describes how to install, upgrade, delete, or troubleshoot locally significant certificates on supported phones.

Encrypted phone configuration file setup

Describes how to configure encrypted phone configuration files in Cisco Unified Communications Manager Administration.

Digest authentication for SIP phones setup

Describes how to configure digest authentication on the phone that is running SIP in Cisco Unified Communications Manager Administration.

Phone hardening

Describes how to tighten the security on the phone by using Cisco Unified Communications Manager Administration.

Secure conference resources setup

Describes how to configure media encryption for secure conferences.

Voice-messaging ports security setup

Describes how to configure security for voice mail ports in Cisco Unified Communications Manager Administration.

Secure call monitoring and recording setup

Describes how to configure secure call monitoring and recording.

Virtual Private Networks for Cisco IP Phones

Virtual private network

Describes how to configure a virtual private network (VPN).

VPN gateway setup

Describes how to configure a VPN gateway.

VPN group setup

Describes how to configure a VPN group.

VPN profile setup

Describes how to configure a VPN profile.

VPN feature setup

Describes how to configure a VPN feature.

Security for CTI, JTAPI, and TAPI

Authentication and encryption setup for CTI, JTAPI, and TAPI

Describes how to configure the Application User CAPF Profile and End User CAPF Profiles in Cisco Unified Communications Manager Administration.

Security for SRST References, Gateways, Trunks, and Cisco Unified Mobility Advantage Servers

Secure Survivable Remote Site Telephony (SRST) reference

Describes how to configure the SRST reference for security in Cisco Unified Communications Manager Administration.

Encryption setup for gateways and trunks

Describes how Cisco Unified Communications Manager communicates with a secure gateway or trunk; describes IPSec recommendations and considerations.

SIP trunk security profile setup

Describes how to configure and apply the SIP trunk security profile in Cisco Unified Communications Manager Administration.

Digest authentication setup for SIP trunks

Describes how to configure digest authentication for the SIP trunk in Cisco Unified Communications Manager Administration.

Cisco Unified Mobility Advantage server security profile setup

Describes how to configure a Cisco Unified Mobility Advantage server security profile in Cisco Unified Communications Manager Administration.

FIPS 140-2 mode setup

Describes how to configure FIPS (Federal Information Processing Standard) 140-2 mode in Cisco Unified Communications Manager Administration.

Related documentation

Each chapter contains a list of related documentation for the chapter topic.

Refer to the following documents for further information about related Cisco IP telephony applications and products:

  • Cisco Unified IP Phone Administration Guide for Cisco Unified Communications Manager
  • Media and Signaling Authentication and Encryption Feature for Cisco IOS MGCP Gateways
  • Cisco Unified Communications Manager Integration Guide for Cisco Unity
  • Cisco Unified Communications Manager Integration Guide for Cisco Unity Connection
  • Cisco Unified Survivable Remote Site Telephony (SRST) administration documentation that supports the SRST-enabled gateway
  • The firmware release notes that support your phone model

Conventions

Notes use the following conventions:


Note


Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.


Tips use the following conventions:


Tip


Means the following are useful tips.


Cautions use the following conventions:


Caution


Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.


Obtaining documentation, support, and security guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation.

Cisco product security

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

Further information regarding U.S. export regulations may be found at the Bureau of Industry and Security of the US Department of Commerce.