Cisco Unified CallManager Security Guide, Release 4.2(1) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - B - C - D - E - F - H - I - K - L - M - N - P - R - S - T - V -

Index

A

authentication

configuration checklist overview (table) 1-24

configuring devices for 5-6

configuring voice mail ports for 6-3

device security mode settings (table) 5-10, 6-7

installation 1-11

interactions 1-5

overview 1-20

restrictions 1-5

string 4-2

terminology (table) 1-2

B

barge

encryption restrictions 1-5, 9-52

C

Certificate Authority Proxy Function (CAPF)

authentication string 4-2

entering on phone 4-22

Cisco CAPF service 3-6

configuration

checklist (table) 4-9

generating a report 4-21

migrating existing data 4-11

serviceability 4-7

settings (table) 4-18

updating service parameter 4-13

interactions 4-5

key size 4-18

locally significant certificate (LSC)

deleting 4-16

finding phones with 4-22

installing/upgrading 4-15

operation status 4-18

overview 4-2

requirements 4-5

troubleshooting

authentication string entered incorrectly on phone 9-37

LSC validation fails 9-38

messages 9-36

verifying

CAPF certificate installation 9-38

LSC installation 9-39

MIC exists 9-40

certificates

CAPF 1-18

Cisco CallManager 1-18

Cisco Unity

SCCP device 1-18

server 1-18

HTTPS 1-18

locally significant (LSC) 1-18

manufacture-installed (MIC) 1-18

SRST-enabled gateway 1-18

Cisco CallManager

certificate described 1-18

Cisco IP Phone

calculating MD5 hash 9-27

certificates described 1-18

deleting CTL file 9-28

device security mode 5-6

hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

security features (table) 5-3

troubleshooting

authentication string entered incorrectly on phone 9-37

CTL errors 9-25

using MD5 application 9-27

verifying LSC installation 9-39

Cisco Unity

certificate

SCCP device 1-18

server 1-18

security

device security mode 6-3

overview 6-1

requirements 6-1

clusterwide security mode

configuring 3-11

updating 3-18

verifying 9-33

codec

security restrictions 1-5

CTL client

changing security token password 9-9

configuration checklist (table) 3-3

configuring 3-11

configuring TLS ports 3-6

CTL file

comparing files 9-27

creating 3-11

deleting entry 3-22

deleting on phone 9-28

deleting on server 9-29

migrating 3-10

running MD5 check 9-27

updating 3-16

determining version 9-35

Etoken 3-8

installing 3-8

service

Cisco CAPF 3-6

Cisco CTL Provider 3-5, 3-6

settings (table) 3-19

setting the Smart Card service 9-11

troubleshooting

locked security token 9-10

losing all security tokens 9-32

losing one security token 9-31

messages 9-12

phone errors 9-25

uninstalling 9-34

updating clusterwide security mode 3-18

upgrading plug-in 3-10

verifying

installation 9-34

security mode 9-33

CTL file

comparing 9-27

creating 3-11

deleting

entry 3-22

on phone 9-28

on server 9-29

running MD5 check 9-27

troubleshooting

losing all security tokens 9-32

losing one security token 9-31

updating 3-16

D

device authentication

configuring devices for 5-6

installation 1-11

overview 1-20

device security mode 5-6

configuring phone 5-6

settings (table) 5-10, 6-7

system default 5-7

voice mail ports 6-3

document

audience xii

conventions xv

organization xiii

purpose xii

related documentation xiv

documentation

related xiv

E

encryption

barge restrictions 1-5, 9-52

configuration checklist overview (table) 1-24

configuring devices for 5-6

configuring voice mail ports for 6-3

device security mode settings (table) 5-10, 6-7

gateway configuration checklist (table) 8-3

installation 1-11

interactions 1-5

MGCP gateway 8-1

overview 1-22

restrictions 1-5

terminology (table) 1-2

troubleshooting SRTP/SCCP 9-42

F

file authentication

configuring devices for 5-6

overview 1-20

H

HTTPS

certificate

copying to file (Internet Explorer) 2-17

deleting 9-8

described 1-18

saving to trusted folder (Internet Explorer) 2-15

saving to trusted folder (Netscape) 2-19

using third-party 2-110

viewing details (Internet Explorer) 2-16

disabling 9-7

enabling 9-6

Internet Explorer support 2-13

messages 9-5

Netscape support 2-18

overview 2-11

troubleshooting 9-4

virtual directories (table) 2-12

I

image authentication

overview 1-20

integrity

overview 1-20

IP Phone 5-6

calculating MD5 hash 9-27

certificates described 1-18

deleting CTL file 9-28

hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

security features (table) 5-3

troubleshooting

authentication string entered incorrectly on phone 9-37

CTL errors 9-25

using MD5 application 9-27

verifying LSC 9-39

IPSec

configuration checklist (table) 8-3

considerations 8-4

recommendations 8-4

K

key size 4-18

L

locally significant certificate (LSC)

deleting 4-18

described 1-18

finding phones with 4-22

troubleshooting 4-18

authentication string entered incorrectly on phone 9-37

LSC validation fails 9-38

verifying installation 9-39

M

manufacture-installed certificate (MIC)

described 1-18

troubleshooting

authentication string entered incorrectly on phone 9-37

verifying 9-40

media encryption

configuring devices for 5-6

installation 1-11

overview 1-22

MGCP gateway

configuring IPSEC 8-4

security configuration checklist (table) 8-3

N

Network Address Translation

security restrictions 1-5

null string 4-18

P

packet capturing

analyzing 9-51

configuration checklist (table) 9-43

messages 9-52

overview 9-42

service parameters 9-44

settings 9-49

phone

calculating MD5 hash 9-27

certificates described 1-18

deleting CTL file 9-28

device security mode 5-6

hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

security features (table) 5-3

troubleshooting

authentication string entered incorrectly on phone 9-37

troubleshooting CTL errors 9-25

using MD5 application 9-27

verifying LSC installation 9-39

phone hardening

configuring 5-14

disabling GARP setting 5-12

disabling PC Port setting 5-14

disabling PC Voice VLAN Access setting 5-13

disabling Setting Access setting 5-13

disabling Web Access setting 5-12

R

replacement

secure publisher database server 1-14

secure subscriber server 1-16

restoration

secure cluster 1-17

secure data 1-13

secure publisher database server 1-14

secure subscriber server 1-16

S

security

authentication 1-20

configuring IPSec 8-4

CTL client

Cisco CTL Provider service 3-5

configuration checklist (table) 3-3

configuring 3-11

CTL file updates 3-16

installing 3-8

settings (table) 3-19

TLS ports 3-6

upgrading 3-10

device security mode

overview 5-6

settings (table) 5-10, 6-7

system default 5-7

encryption 1-22

Etoken 3-8

installation 1-11

locally significant certificate (LSC)

deleting 4-16, 4-18

finding phones with 4-22

installing/upgrading 4-15

troubleshooting 4-18

overview

best practices 1-9

Certificate Authority Proxy Function (CAPF) 4-2

certificates 1-18

Cisco CTL client 3-2

configuration (table) 1-24

HTTPS 2-11

interactions 1-5

MGCP gateway 8-1

rebooting cluster 1-10

rebooting server 1-10

resetting devices 1-10

restarting Cisco CallManager service 1-10

restrictions 1-5

SRST 7-1

system requirements 1-4

terminology (table) 1-2

voice mail 6-1

where to find more information 1-29

replacement

publisher database server 1-14

subscriber server 1-16

restoration

data 1-13

replacing cluster 1-17

replacing publisher database server 1-14

replacing subscriber server 1-16

service

Cisco CAPF 3-6

Cisco CTL Provider 3-5

TLS ports 3-6

token 3-8

troubleshooting

alarms 9-2

log files 9-3

packet capturing 9-42

performance monitor counters 9-3

using barge with encryption 9-52

server

replacement

secure publisher database 1-14

secure subscriber 1-16

signaling authentication

configuring devices for 5-6

installation 1-11

overview 1-20

signaling encryption

configuring devices for 5-6

installation 1-11

overview 1-22

signaling integrity

overview 1-20

SRST

security

configuration checklist (table) 7-3

configuring references 7-4

gateway certificate described 1-18

overview 7-1

settings (table) 7-6

troubleshooting 9-53

certificate deleted on gateway 9-54

deleting security for reference 9-53

security messages 9-54

SRST reference

security

configuring 7-4

settings (table) 7-6

troubleshooting

certificate deleted on gateway 9-54

deleting security 9-53

security messages 9-54

T

troubleshooting

security

alarms 9-2

analyzing captured packets 9-51

authentication string entered incorrectly on phone 9-37

CAPF messages 9-36

Cisco CTL client 9-8

Cisco CTL client messages 9-12

deleting CTL file on phone 9-28

deleting CTL file on server 9-29

deleting security for SRST reference 9-53

HTTPS 9-4, 9-6, 9-7, 9-8

HTTPS messages 9-5

locked security token 9-10

log files 9-3

losing all security tokens 9-32

losing one security token 9-31

LSC validation fails 9-38

packet-capturing configuration checklist (table) 9-43

packet-capturing configuration settings 9-49

packet-capturing messages 9-52

packet-capturing service parameters 9-44

performance monitor counters 9-3

phone errors 9-25

SRST certificate deleted on gateway 9-54

SRST messages 9-54

SRST references 9-53

SRTP/SCCP overview 9-42

using MD5 application 9-27

verifying CAPF certificate installation 9-38

verifying LSC installation 9-39

verifying MIC exists 9-40

V

voice mail

security

configuration checklist (table) 6-8

finding port 6-7

overview 6-1

requirements 6-1

settings (table) 6-7

system default 6-3

voice mail port

security

configuration checklist (table) 6-8

device security mode 6-3

finding 6-7

overview 6-1

requirements 6-1

settings (table) 6-7

system default 6-3

	Cisco Unified CallManager Security Guide, Release 4.2(1)
	Index
Cisco Unified CallManager Security Guide, Release 4.2(1) Index Preface Security Overview Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Configuring the Cisco CTL Client Using the Certificate Authority Proxy Function Configuring the Phones for Security Configuring Voice Mail Ports forSecurity Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Configuring a Secure MGCP Gateway Troubleshooting	Download this chapter Index Download the complete book PDF of Entire Book (PDF - 2 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - K - L - M - N - P - R - S - T - V - Index A authentication configuration checklist overview (table) 1-24 configuring devices for 5-6 configuring voice mail ports for 6-3 device security mode settings (table) 5-10, 6-7 installation 1-11 interactions 1-5 overview 1-20 restrictions 1-5 string 4-2 terminology (table) 1-2 B barge encryption restrictions 1-5, 9-52 C Certificate Authority Proxy Function (CAPF) authentication string 4-2 entering on phone 4-22 Cisco CAPF service 3-6 configuration checklist (table) 4-9 generating a report 4-21 migrating existing data 4-11 serviceability 4-7 settings (table) 4-18 updating service parameter 4-13 interactions 4-5 key size 4-18 locally significant certificate (LSC) deleting 4-16 finding phones with 4-22 installing/upgrading 4-15 operation status 4-18 overview 4-2 requirements 4-5 troubleshooting authentication string entered incorrectly on phone 9-37 LSC validation fails 9-38 messages 9-36 verifying CAPF certificate installation 9-38 LSC installation 9-39 MIC exists 9-40 certificates CAPF 1-18 Cisco CallManager 1-18 Cisco Unity SCCP device 1-18 server 1-18 HTTPS 1-18 locally significant (LSC) 1-18 manufacture-installed (MIC) 1-18 SRST-enabled gateway 1-18 Cisco CallManager certificate described 1-18 Cisco IP Phone calculating MD5 hash 9-27 certificates described 1-18 deleting CTL file 9-28 device security mode 5-6 hardening configuring 5-14 disabling GARP setting 5-12 disabling PC Port setting 5-14 disabling PC Voice VLAN Access setting 5-13 disabling Setting Access setting 5-13 disabling Web Access setting 5-12 security features (table) 5-3 troubleshooting authentication string entered incorrectly on phone 9-37 CTL errors 9-25 using MD5 application 9-27 verifying LSC installation 9-39 Cisco Unity certificate SCCP device 1-18 server 1-18 security device security mode 6-3 overview 6-1 requirements 6-1 clusterwide security mode configuring 3-11 updating 3-18 verifying 9-33 codec security restrictions 1-5 CTL client changing security token password 9-9 configuration checklist (table) 3-3 configuring 3-11 configuring TLS ports 3-6 CTL file comparing files 9-27 creating 3-11 deleting entry 3-22 deleting on phone 9-28 deleting on server 9-29 migrating 3-10 running MD5 check 9-27 updating 3-16 determining version 9-35 Etoken 3-8 installing 3-8 service Cisco CAPF 3-6 Cisco CTL Provider 3-5, 3-6 settings (table) 3-19 setting the Smart Card service 9-11 troubleshooting locked security token 9-10 losing all security tokens 9-32 losing one security token 9-31 messages 9-12 phone errors 9-25 uninstalling 9-34 updating clusterwide security mode 3-18 upgrading plug-in 3-10 verifying installation 9-34 security mode 9-33 CTL file comparing 9-27 creating 3-11 deleting entry 3-22 on phone 9-28 on server 9-29 running MD5 check 9-27 troubleshooting losing all security tokens 9-32 losing one security token 9-31 updating 3-16 D device authentication configuring devices for 5-6 installation 1-11 overview 1-20 device security mode 5-6 configuring phone 5-6 settings (table) 5-10, 6-7 system default 5-7 voice mail ports 6-3 document audience xii conventions xv organization xiii purpose xii related documentation xiv documentation related xiv E encryption barge restrictions 1-5, 9-52 configuration checklist overview (table) 1-24 configuring devices for 5-6 configuring voice mail ports for 6-3 device security mode settings (table) 5-10, 6-7 gateway configuration checklist (table) 8-3 installation 1-11 interactions 1-5 MGCP gateway 8-1 overview 1-22 restrictions 1-5 terminology (table) 1-2 troubleshooting SRTP/SCCP 9-42 F file authentication configuring devices for 5-6 overview 1-20 H HTTPS certificate copying to file (Internet Explorer) 2-17 deleting 9-8 described 1-18 saving to trusted folder (Internet Explorer) 2-15 saving to trusted folder (Netscape) 2-19 using third-party 2-110 viewing details (Internet Explorer) 2-16 disabling 9-7 enabling 9-6 Internet Explorer support 2-13 messages 9-5 Netscape support 2-18 overview 2-11 troubleshooting 9-4 virtual directories (table) 2-12 I image authentication overview 1-20 integrity overview 1-20 IP Phone 5-6 calculating MD5 hash 9-27 certificates described 1-18 deleting CTL file 9-28 hardening configuring 5-14 disabling GARP setting 5-12 disabling PC Port setting 5-14 disabling PC Voice VLAN Access setting 5-13 disabling Setting Access setting 5-13 disabling Web Access setting 5-12 security features (table) 5-3 troubleshooting authentication string entered incorrectly on phone 9-37 CTL errors 9-25 using MD5 application 9-27 verifying LSC 9-39 IPSec configuration checklist (table) 8-3 considerations 8-4 recommendations 8-4 K key size 4-18 L locally significant certificate (LSC) deleting 4-18 described 1-18 finding phones with 4-22 troubleshooting 4-18 authentication string entered incorrectly on phone 9-37 LSC validation fails 9-38 verifying installation 9-39 M manufacture-installed certificate (MIC) described 1-18 troubleshooting authentication string entered incorrectly on phone 9-37 verifying 9-40 media encryption configuring devices for 5-6 installation 1-11 overview 1-22 MGCP gateway configuring IPSEC 8-4 security configuration checklist (table) 8-3 N Network Address Translation security restrictions 1-5 null string 4-18 P packet capturing analyzing 9-51 configuration checklist (table) 9-43 messages 9-52 overview 9-42 service parameters 9-44 settings 9-49 phone calculating MD5 hash 9-27 certificates described 1-18 deleting CTL file 9-28 device security mode 5-6 hardening configuring 5-14 disabling GARP setting 5-12 disabling PC Port setting 5-14 disabling PC Voice VLAN Access setting 5-13 disabling Setting Access setting 5-13 disabling Web Access setting 5-12 security features (table) 5-3 troubleshooting authentication string entered incorrectly on phone 9-37 troubleshooting CTL errors 9-25 using MD5 application 9-27 verifying LSC installation 9-39 phone hardening configuring 5-14 disabling GARP setting 5-12 disabling PC Port setting 5-14 disabling PC Voice VLAN Access setting 5-13 disabling Setting Access setting 5-13 disabling Web Access setting 5-12 R replacement secure publisher database server 1-14 secure subscriber server 1-16 restoration secure cluster 1-17 secure data 1-13 secure publisher database server 1-14 secure subscriber server 1-16 S security authentication 1-20 configuring IPSec 8-4 CTL client Cisco CTL Provider service 3-5 configuration checklist (table) 3-3 configuring 3-11 CTL file updates 3-16 installing 3-8 settings (table) 3-19 TLS ports 3-6 upgrading 3-10 device security mode overview 5-6 settings (table) 5-10, 6-7 system default 5-7 encryption 1-22 Etoken 3-8 installation 1-11 locally significant certificate (LSC) deleting 4-16, 4-18 finding phones with 4-22 installing/upgrading 4-15 troubleshooting 4-18 overview best practices 1-9 Certificate Authority Proxy Function (CAPF) 4-2 certificates 1-18 Cisco CTL client 3-2 configuration (table) 1-24 HTTPS 2-11 interactions 1-5 MGCP gateway 8-1 rebooting cluster 1-10 rebooting server 1-10 resetting devices 1-10 restarting Cisco CallManager service 1-10 restrictions 1-5 SRST 7-1 system requirements 1-4 terminology (table) 1-2 voice mail 6-1 where to find more information 1-29 replacement publisher database server 1-14 subscriber server 1-16 restoration data 1-13 replacing cluster 1-17 replacing publisher database server 1-14 replacing subscriber server 1-16 service Cisco CAPF 3-6 Cisco CTL Provider 3-5 TLS ports 3-6 token 3-8 troubleshooting alarms 9-2 log files 9-3 packet capturing 9-42 performance monitor counters 9-3 using barge with encryption 9-52 server replacement secure publisher database 1-14 secure subscriber 1-16 signaling authentication configuring devices for 5-6 installation 1-11 overview 1-20 signaling encryption configuring devices for 5-6 installation 1-11 overview 1-22 signaling integrity overview 1-20 SRST security configuration checklist (table) 7-3 configuring references 7-4 gateway certificate described 1-18 overview 7-1 settings (table) 7-6 troubleshooting 9-53 certificate deleted on gateway 9-54 deleting security for reference 9-53 security messages 9-54 SRST reference security configuring 7-4 settings (table) 7-6 troubleshooting certificate deleted on gateway 9-54 deleting security 9-53 security messages 9-54 T troubleshooting security alarms 9-2 analyzing captured packets 9-51 authentication string entered incorrectly on phone 9-37 CAPF messages 9-36 Cisco CTL client 9-8 Cisco CTL client messages 9-12 deleting CTL file on phone 9-28 deleting CTL file on server 9-29 deleting security for SRST reference 9-53 HTTPS 9-4, 9-6, 9-7, 9-8 HTTPS messages 9-5 locked security token 9-10 log files 9-3 losing all security tokens 9-32 losing one security token 9-31 LSC validation fails 9-38 packet-capturing configuration checklist (table) 9-43 packet-capturing configuration settings 9-49 packet-capturing messages 9-52 packet-capturing service parameters 9-44 performance monitor counters 9-3 phone errors 9-25 SRST certificate deleted on gateway 9-54 SRST messages 9-54 SRST references 9-53 SRTP/SCCP overview 9-42 using MD5 application 9-27 verifying CAPF certificate installation 9-38 verifying LSC installation 9-39 verifying MIC exists 9-40 V voice mail security configuration checklist (table) 6-8 finding port 6-7 overview 6-1 requirements 6-1 settings (table) 6-7 system default 6-3 voice mail port security configuration checklist (table) 6-8 device security mode 6-3 finding 6-7 overview 6-1 requirements 6-1 settings (table) 6-7 system default 6-3
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks