Cisco CallManager Security Guide, Release 4.1(2) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - C - D - E - F - H - I - L - M - P - S - T -

Index

A

authentication

configuring devices for 4-3

device security mode configuration settings (table) 4-7

installation 1-13

interactions 1-5

overview 1-16

restrictions 1-5

authentication string 3-2

C

Certificate Authority Proxy Function (CAPF)

authentication string 3-2

authentication string entered incorrectly on phone 5-37

Cisco CallManager Serviceability configuration 3-5

Cisco CAPF service 2-6

configuration checklist (table) 3-7

configuration settings (table) 3-18

deleting locally significant certificate 3-16

entering authentication string on phone 3-22

enterprise parameter configuration settings (table) 3-14

finding phones that use CAPF 3-22

generating a report 3-21

installing/upgrading locally significant certificates 3-15

interactions and requirements 3-3

messages 5-36

migrating existing data 3-9

overview 3-2

service parameter configuration settings (table) 3-12

service parameter procedure 3-11

verifying CAPF certificate installation 5-38

verifying manufacture-installed certificate exists 5-40

verifying the locally significant certificate installation 5-39

certificates

types 1-14

Cisco CTL client

changing security token password 5-9

Cisco CAPF service 2-6

Cisco CTL Provider service 2-5

comparing CTL files 5-27

configuration checklist (table) 2-3

configuration settings (table) 2-19

configuring 2-11

configuring TLS ports 2-6

deleting CTL file on phone 5-28

deleting CTL file on server 5-29

determining version 5-35

installing 2-8

locked security token 5-10

losing all security tokens 5-32

losing one security token 5-31

messages 5-5, 5-12

migrating CTL file 2-10

overview 2-2

setting the Smart Card service 5-11

troubleshooting 5-8

troubleshooting the phone 5-25

uninstalling 5-34

updating clusterwide security mode 2-18

upgrading plug-in 2-10

verifying 5-34

verifying security mode 5-33

Cisco IP Phone

authentication string entered incorrectly on phone 5-37

calculating MD5 hash 5-27

configuring hardening 4-11

deleting CTL file 5-28

disabling the GARP setting 4-9

disabling the PC Port setting 4-11

disabling the PC Voice VLAN Access setting 4-10

disabling the Setting Access setting 4-10

disabling the Web Access setting 4-9

security features (table) 1-6

troubleshooting for CTL errors 5-25

using MD5 application 5-27

verifying locally significant certificate installation 5-39

CTL client

changing security token password 5-9

Cisco CAPF service 2-6

Cisco CTL Provider service 2-5

comparing CTL files 5-27

configuration checklist (table) 2-3

configuration settings (table) 2-19

configuring 2-11

configuring TLS ports 2-6

deleting CTL file on phone 5-28

deleting CTL file on server 5-29

determining version 5-35

installing 2-8

locked security token 5-10

losing all security tokens 5-32

losing one security token 5-31

messages 5-5, 5-12

migrating CTL file 2-10

overview 2-2

setting the Smart Card service 5-11

troubleshooting 5-8

troubleshooting the phone 5-25

uninstalling 5-34

updating clusterwide security mode 2-18

upgrading plug-in 2-10

verifying 5-34

verifying security mode 5-33

CTL file

comparing 5-27

deleting entry 2-22

deleting on phone 5-28

deleting on server 5-29

losing all security tokens 5-32

losing one security token 5-31

updating 2-16

D

device authentication

configuring devices for 4-3

installation 1-13

overview 1-16

document

audience x

conventions xiii

organization xi

purpose x

related documentation xii

documentation

related xii

E

encryption

barge restrictions 5-49

configuring devices for 4-3

device security mode configuration settings (table) 4-7

installation 1-13

interactions 1-5

overview 1-18

restrictions 1-5

troubleshooting SRTP/SCCP 5-41

F

file authentication

configuring devices for 4-3

overview 1-16

H

HTTPS

copying the certificate to file (Internet Explorer) 2-17

deleting certificate 5-8

disabling 5-7

enabling 5-6

Internet Explorer support 2-13

Netscape support 2-18

overview 2-11

saving the certificate to trusted folder (Internet Explorer) 2-14

saving the certificate to trusted folder (Netscape) 2-19

troubleshooting 5-4

using a third-party certificate 2-110

viewing certificate details (Internet Explorer) 2-15

virtual directories (table) 2-12

I

image authentication

overview 1-16

integrity

overview 1-16

IP Phone

authentication string entered incorrectly on phone 5-37

calculating MD5 hash 5-27

configuring hardening 4-11

deleting CTL file 5-28

disabling the GARP setting 4-9

disabling the PC Port setting 4-11

disabling the PC Voice VLAN Access setting 4-10

disabling the Setting Access setting 4-10

disabling the Web Access setting 4-9

security features (table) 1-6

troubleshooting for CTL errors 5-25

using MD5 application 5-27

verifying locally significant certificate installation 5-39

L

locally significant certificate

authentication string entered incorrectly on phone 5-37

verifying installation 5-39

M

media encryption

configuring devices for 4-3

installation 1-13

overview 1-18

MGCP gateway

security overview 1-10

P

phone

authentication string entered incorrectly on phone 5-37

calculating MD5 hash 5-27

configuring hardening 4-11

deleting CTL file 5-28

disabling the GARP setting 4-9

disabling the PC Port setting 4-11

disabling the PC Voice VLAN Access setting 4-10

disabling the Setting Access setting 4-10

disabling the Web Access setting 4-9

security features (table) 1-6

troubleshooting for CTL errors 5-25

using MD5 application 5-27

verifying locally significant certificate installation 5-39

phone hardening

configuring 4-11

disabling the GARP setting 4-9

disabling the PC Port setting 4-11

disabling the PC Voice VLAN Access setting 4-10

disabling the Setting Access setting 4-10

disabling the Web Access setting 4-9

S

security

alarms 5-2

authentication 1-16

best practices 1-10

Certificate Authority Proxy Function (CAPF) overview 3-2

certificate types 1-14

Cisco CAPF service 2-6

Cisco CTL client configuration checklist (table) 2-3

Cisco CTL client overview 2-2

Cisco CTL Provider service 2-5

encryption 1-18

Etoken 2-8

HTTPS 2-11

installation 1-13

interactions 1-5

log files 5-3

MGCP gateway 1-10

overview of configuration (table) 1-20

packet capturing for phones 5-41

performance monitor counters 5-3

rebooting the cluster 1-12

rebooting the server 1-12

resetting devices 1-12

restarting Cisco CallManager service 1-12

restrictions 1-5

SRST overview 5-1

system requirements 1-4

terminology (table) 1-2

TLS ports 2-6

token 2-8

using barge with encryption 5-49

where to find more information 1-24

signaling authentication

configuring devices for 4-3

installation 1-13

overview 1-16

signaling encryption

configuring devices for 4-3

installation 1-13

overview 1-18

signaling integrity

overview 1-16

SRST

certificate deleted on gateway 5-51

configuring secure references 5-4

deleting security for reference 5-50

security configuration checklist (table) 5-3

security configuration settings (table) 5-6

security overview 5-1

security-related messages 5-51

troubleshooting 5-50

SRST reference

certificate deleted on gateway 5-51

configuring security 5-4

deleting security 5-50

security configuration settings (table) 5-6

security-related messages 5-51

T

troubleshooting

analyzing captured packets 5-48

authentication string entered incorrectly on phone 5-37

CAPF messages 5-36

Cisco CTL client 5-8

Cisco CTL client messages 5-5, 5-12

deleting CTL file on phone 5-28

deleting CTL file on server 5-29

deleting security from SRST reference 5-50

HTTPS 5-4

locally significant certificate validation fails 5-38

locked security token 5-10

losing all security tokens 5-32

losing one security token 5-31

packet capturing configuration checklist (table) 5-42

packet capturing configuration settings (table) 5-47

packet capturing messages 5-49

packet capturing service parameters 5-43

security alarms 5-2

security log files 5-3

security performance monitor counters 5-3

SRST certificate deleted on gateway 5-51

SRST references 5-50

SRST security-related messages 5-51

SRTP/SCCP overview 5-41

using MD5 application 5-27

verifying CAPF certificate installation 5-38

verifying locally significant certificate installation 5-39

verifying manufacture-installed certificate exists 5-40

	Cisco CallManager Security Guide, Release 4.1(2)
	Index
Cisco CallManager Security Guide, Release 4.1(2) Index Preface Security Overview Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Configuring the Cisco CTL Client Using the Certificate Authority Proxy Function Configuring the Phones for Security Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Troubleshooting	Download this chapter Index Download the complete book PDF of Entire Book (PDF - 1 MB) Feedback Table Of Contents A - C - D - E - F - H - I - L - M - P - S - T - Index A authentication configuring devices for 4-3 device security mode configuration settings (table) 4-7 installation 1-13 interactions 1-5 overview 1-16 restrictions 1-5 authentication string 3-2 C Certificate Authority Proxy Function (CAPF) authentication string 3-2 authentication string entered incorrectly on phone 5-37 Cisco CallManager Serviceability configuration 3-5 Cisco CAPF service 2-6 configuration checklist (table) 3-7 configuration settings (table) 3-18 deleting locally significant certificate 3-16 entering authentication string on phone 3-22 enterprise parameter configuration settings (table) 3-14 finding phones that use CAPF 3-22 generating a report 3-21 installing/upgrading locally significant certificates 3-15 interactions and requirements 3-3 messages 5-36 migrating existing data 3-9 overview 3-2 service parameter configuration settings (table) 3-12 service parameter procedure 3-11 verifying CAPF certificate installation 5-38 verifying manufacture-installed certificate exists 5-40 verifying the locally significant certificate installation 5-39 certificates types 1-14 Cisco CTL client changing security token password 5-9 Cisco CAPF service 2-6 Cisco CTL Provider service 2-5 comparing CTL files 5-27 configuration checklist (table) 2-3 configuration settings (table) 2-19 configuring 2-11 configuring TLS ports 2-6 deleting CTL file on phone 5-28 deleting CTL file on server 5-29 determining version 5-35 installing 2-8 locked security token 5-10 losing all security tokens 5-32 losing one security token 5-31 messages 5-5, 5-12 migrating CTL file 2-10 overview 2-2 setting the Smart Card service 5-11 troubleshooting 5-8 troubleshooting the phone 5-25 uninstalling 5-34 updating clusterwide security mode 2-18 upgrading plug-in 2-10 verifying 5-34 verifying security mode 5-33 Cisco IP Phone authentication string entered incorrectly on phone 5-37 calculating MD5 hash 5-27 configuring hardening 4-11 deleting CTL file 5-28 disabling the GARP setting 4-9 disabling the PC Port setting 4-11 disabling the PC Voice VLAN Access setting 4-10 disabling the Setting Access setting 4-10 disabling the Web Access setting 4-9 security features (table) 1-6 troubleshooting for CTL errors 5-25 using MD5 application 5-27 verifying locally significant certificate installation 5-39 CTL client changing security token password 5-9 Cisco CAPF service 2-6 Cisco CTL Provider service 2-5 comparing CTL files 5-27 configuration checklist (table) 2-3 configuration settings (table) 2-19 configuring 2-11 configuring TLS ports 2-6 deleting CTL file on phone 5-28 deleting CTL file on server 5-29 determining version 5-35 installing 2-8 locked security token 5-10 losing all security tokens 5-32 losing one security token 5-31 messages 5-5, 5-12 migrating CTL file 2-10 overview 2-2 setting the Smart Card service 5-11 troubleshooting 5-8 troubleshooting the phone 5-25 uninstalling 5-34 updating clusterwide security mode 2-18 upgrading plug-in 2-10 verifying 5-34 verifying security mode 5-33 CTL file comparing 5-27 deleting entry 2-22 deleting on phone 5-28 deleting on server 5-29 losing all security tokens 5-32 losing one security token 5-31 updating 2-16 D device authentication configuring devices for 4-3 installation 1-13 overview 1-16 document audience x conventions xiii organization xi purpose x related documentation xii documentation related xii E encryption barge restrictions 5-49 configuring devices for 4-3 device security mode configuration settings (table) 4-7 installation 1-13 interactions 1-5 overview 1-18 restrictions 1-5 troubleshooting SRTP/SCCP 5-41 F file authentication configuring devices for 4-3 overview 1-16 H HTTPS copying the certificate to file (Internet Explorer) 2-17 deleting certificate 5-8 disabling 5-7 enabling 5-6 Internet Explorer support 2-13 Netscape support 2-18 overview 2-11 saving the certificate to trusted folder (Internet Explorer) 2-14 saving the certificate to trusted folder (Netscape) 2-19 troubleshooting 5-4 using a third-party certificate 2-110 viewing certificate details (Internet Explorer) 2-15 virtual directories (table) 2-12 I image authentication overview 1-16 integrity overview 1-16 IP Phone authentication string entered incorrectly on phone 5-37 calculating MD5 hash 5-27 configuring hardening 4-11 deleting CTL file 5-28 disabling the GARP setting 4-9 disabling the PC Port setting 4-11 disabling the PC Voice VLAN Access setting 4-10 disabling the Setting Access setting 4-10 disabling the Web Access setting 4-9 security features (table) 1-6 troubleshooting for CTL errors 5-25 using MD5 application 5-27 verifying locally significant certificate installation 5-39 L locally significant certificate authentication string entered incorrectly on phone 5-37 verifying installation 5-39 M media encryption configuring devices for 4-3 installation 1-13 overview 1-18 MGCP gateway security overview 1-10 P phone authentication string entered incorrectly on phone 5-37 calculating MD5 hash 5-27 configuring hardening 4-11 deleting CTL file 5-28 disabling the GARP setting 4-9 disabling the PC Port setting 4-11 disabling the PC Voice VLAN Access setting 4-10 disabling the Setting Access setting 4-10 disabling the Web Access setting 4-9 security features (table) 1-6 troubleshooting for CTL errors 5-25 using MD5 application 5-27 verifying locally significant certificate installation 5-39 phone hardening configuring 4-11 disabling the GARP setting 4-9 disabling the PC Port setting 4-11 disabling the PC Voice VLAN Access setting 4-10 disabling the Setting Access setting 4-10 disabling the Web Access setting 4-9 S security alarms 5-2 authentication 1-16 best practices 1-10 Certificate Authority Proxy Function (CAPF) overview 3-2 certificate types 1-14 Cisco CAPF service 2-6 Cisco CTL client configuration checklist (table) 2-3 Cisco CTL client overview 2-2 Cisco CTL Provider service 2-5 encryption 1-18 Etoken 2-8 HTTPS 2-11 installation 1-13 interactions 1-5 log files 5-3 MGCP gateway 1-10 overview of configuration (table) 1-20 packet capturing for phones 5-41 performance monitor counters 5-3 rebooting the cluster 1-12 rebooting the server 1-12 resetting devices 1-12 restarting Cisco CallManager service 1-12 restrictions 1-5 SRST overview 5-1 system requirements 1-4 terminology (table) 1-2 TLS ports 2-6 token 2-8 using barge with encryption 5-49 where to find more information 1-24 signaling authentication configuring devices for 4-3 installation 1-13 overview 1-16 signaling encryption configuring devices for 4-3 installation 1-13 overview 1-18 signaling integrity overview 1-16 SRST certificate deleted on gateway 5-51 configuring secure references 5-4 deleting security for reference 5-50 security configuration checklist (table) 5-3 security configuration settings (table) 5-6 security overview 5-1 security-related messages 5-51 troubleshooting 5-50 SRST reference certificate deleted on gateway 5-51 configuring security 5-4 deleting security 5-50 security configuration settings (table) 5-6 security-related messages 5-51 T troubleshooting analyzing captured packets 5-48 authentication string entered incorrectly on phone 5-37 CAPF messages 5-36 Cisco CTL client 5-8 Cisco CTL client messages 5-5, 5-12 deleting CTL file on phone 5-28 deleting CTL file on server 5-29 deleting security from SRST reference 5-50 HTTPS 5-4 locally significant certificate validation fails 5-38 locked security token 5-10 losing all security tokens 5-32 losing one security token 5-31 packet capturing configuration checklist (table) 5-42 packet capturing configuration settings (table) 5-47 packet capturing messages 5-49 packet capturing service parameters 5-43 security alarms 5-2 security log files 5-3 security performance monitor counters 5-3 SRST certificate deleted on gateway 5-51 SRST references 5-50 SRST security-related messages 5-51 SRTP/SCCP overview 5-41 using MD5 application 5-27 verifying CAPF certificate installation 5-38 verifying locally significant certificate installation 5-39 verifying manufacture-installed certificate exists 5-40
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks