Cisco CallManager Security Guide, Release 5.0(1) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - P - S - T - V -

Index

A

authentication

configuring devices for 5-2

configuring for SIP trunk 14-2, 14-3

device security mode configuration settings (table) 5-3, 5-5

interactions 1-5, 1-6

overview 1-13

restrictions 1-5

with CTI/JTAPI/TAPI applications 11-2

authentication string 6-2, 11-4

entering on phone 6-9

finding phones using 6-8

authorization 1-13

configuring for SIP trunk 14-2, 14-3

interactions 1-6

overview 1-13

B

barge

encryption restrictions with 1-11

BAT

configuring with phone packet capturing 16-7

C

Certificate Authority Proxy Function (CAPF)

activating service 6-5, 11-8

authentication string 6-2

entering on phone 6-9

Cisco CallManager Serviceability configuration 6-4

Cisco CAPF service 3-4

configuration checklist (table) 6-4

configuration settings (table)

for CTI/JTAPI/TAPI applications 11-11

configuring an application user or end user CAPF profile 11-10

deleting an application user or end user CAPF profile 11-13

finding an application user or end user CAPF profile 11-9

finding phones using LSC or authentication string 6-8

generating CAPF report 6-8

installation 1-11

interactions and requirements 6-3

with CTI/JTAPI/TAPI applications 11-5

interaction with Cisco IP Phone 6-2

overview 6-2

overview for CTI/JTAPI/TAPI applications 11-4

phone configuration settings (table) 6-7

troubleshooting 16-5

LSC validation fails 16-6

verifying CAPF certificate installation 16-6

verifying MIC exists 16-7

updating service parameters 6-6

for CTI/JTAPI/TAPI 11-9

using for phone certificate operations 6-6

viewing certificate operation status for application user or end user 11-14

certificates

Internet Explorer certificate 2-2

Netscape certificate 2-5

troubleshooting 16-4

types 1-12

Cisco CTL client

Cisco CAPF service 3-4

Cisco CTL Provider service 3-3

clusterwide security mode

updating 3-10

configuration checklist (table) 3-2

configuration settings (table) 3-11

configuring 3-7

configuring TLS ports 3-4

deleting CTL file on phone 3-13

installation 1-11

installing 3-5

migrating 3-6

overview 3-1

security token password

changing 3-13

setting the Smart Card service 3-12

troubleshooting 16-4

uninstalling 3-14

upgrading 3-6

verifying 3-14

verifying security mode 3-12

version

determining 3-14

Cisco IP Phone

CAPF configuration settings (table) 6-7

deleting CTL file 3-13

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

encrypted configuration file 7-1

configuration checklist (table) 7-4

configuring manual key distribution 7-5

disabling 7-7

enabling 7-4

entering symmetric key 7-6

manual key configuration checklist (table) 7-5

manual key distribution 7-2

phone support 7-3

symmetric key encryption with public key 7-3

using symmetric key encryption w/public key 7-6

verifying 7-6

entering authentication string 6-9

interaction with CAPF 6-2

security configuration checklist (table) 4-2

security icon restrictions 1-9

security icons 1-5

troubleshooting

authentication string 16-6

verifying LSC 16-6

understanding security 4-1

viewing security settings 4-2

Cisco TFTP services 3-1

cluster security mode

verifying 3-12

computer telephony integration (CTI)

secure user groups

adding application users and end users 11-7

securing

configuration checklist (table) 11-5

configuration file encryption 1-17

CTL client

Cisco CAPF service 3-4

Cisco CTL Provider service 3-3

clusterwide security mode

updating 3-10

configuration checklist (table) 3-2

configuration settings (table) 3-11

configuring 3-7

configuring TLS ports 3-4

deleting CTL file on phone 3-13

installing 3-5

migrating 3-6

overview 3-1

security token password

changing 3-13

setting the Smart Card service 3-12

troubleshooting 16-4

uninstalling 3-14

upgrading 3-6

verifying 3-14

verifying security mode 3-12

version

determining 3-14

CTL file

deleting entry 3-10

deleting on phone 3-13

updating 3-9

D

device authentication 1-13

configuring devices for 5-2

digest authentication 1-13

application user digest credential settings (table) 15-3

associating digest user with a phone 8-4

cluster ID 15-2

configuration checklist (table) for phones 8-1

configuration settings (table) for end user 8-3

configuring a SIP realm 15-4

configuring digest credentials for application user 15-2

configuring digest credentials for end user 8-3

configuring for SIP trunk 14-2, 14-3

configuring service parameters 8-2

deleting a SIP realm 15-5

finding a SIP realm 15-3

SIP realm configuration settings (table) 15-5

trunk configuration checklist (table) 15-1

document

audience xii

conventions xiv

organization xii

purpose xii

related documentation xiv

E

encryption

configuring devices for 5-2

configuring SRTP allowed check box 13-6

configuring with barge 1-11

device security mode configuration settings (table) 5-3, 5-5

encrypted configuration file 7-1

configuration checklist (table) 7-4

configuring manual key distribution 7-5

disabling 7-7

enabling 7-4

entering symmetric key 7-6

manual key configuration checklist (table) 7-5

manual key distribution 7-2

phone support 7-3

symmetric key encryption with public key 7-3

using symmetric key encryption w/public key 7-6

verifying 7-6

encrypted signaling

configuring for SIP trunk 14-2

gateway and trunk configuration checklist (table) 13-4

installation 1-11

interactions 1-5, 1-6

overview 1-17

overview for H.323/H.225/H.245 trunk 13-2

overview for H.323 gateway 13-2

overview for MGCP gateway 13-1

overview for SIP trunk 13-3

restrictions 1-5, 1-6

with authentication 1-7

with barge 1-7

with media resources 1-8

with packet capturing 1-9

with phone and trunk devices 1-8

with security icons 1-9

signaling

configuring for SIP trunk 14-3

troubleshooting

with packet capturing 16-7

with CTI/JTAPI/TAPI applications 11-3

etoken

changing password 3-13

troubleshooting 16-4

F

file authentication 1-13

configuring devices for 5-2

H

HTTPS

overview 2-1

virtual directories (table) 2-1

with Internet Explorer 2-2

with Netscape 2-5

I

image authentication 1-13

integrity

overview 1-13

IP Phone

CAPF configuration settings (table) 6-7

deleting CTL file 3-13

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

encrypted configuration file 7-1

configuration checklist (table) 7-4

configuring manual key distribution 7-5

disabling 7-7

enabling 7-4

entering symmetric key 7-6

manual key configuration checklist (table) 7-5

manual key distribution 7-2

phone support 7-3

symmetric key encryption with public key 7-3

using symmetric key encryption w/public key 7-6

verifying 7-6

entering authentication string 6-9

interaction with CAPF 6-2

security configuration checklist (table) 4-2

security icon restrictions 1-9

security icons 1-5

troubleshooting

authentication string 16-6

verifying LSC 16-6

understanding security 4-1

viewing security settings 4-2

IPSec 1-12

configuration checklist (table) 13-4

configuring 13-5

gateway or trunk considerations 13-5

infrastructure considerations 13-5

recommendations 13-5

J

JTAPI

configuring security service parameters 11-14

securing

configuration checklist (table) 11-5

L

locally significant certificate (LSC)

finding phones using 6-8

troubleshooting

validation fails 16-6

verifying installation 16-6

with CTI/JTAPI/TAPI applications 11-4

log files

troubleshooting 16-4

M

manufacture-installed certificate (MIC)

verifying 16-7

media encryption

configuring devices for 5-2

overview 1-17

MGCP gateway

configuring 13-5

security configuration checklist (table) 13-4

mode

mixed 1-9

nonsecure 1-9

P

phone

deleting CTL file 3-13

phone hardening

configuring 9-3

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

port

Cisco CTL Provider 3-4

Ethernet phone 3-4

SIP secure 3-4

S

secure sockets layer (SSL)

installation 1-11

with HTTPS 2-1

security

authentication overview 1-13

authorization overview 1-13

best practices 1-9

certificate types 1-12

Cisco CTL client overview 3-1

configuration checklist for authentication and encryption (table) 1-20

encryption overview 1-17

features list 1-4

features list (table) 1-5

files

backup and restore 16-4

HTTPS 2-1

installation 1-11

interactions 1-5, 1-6

rebooting the cluster 1-10

rebooting the server 1-10

resetting devices 1-10

restarting Cisco CallManager service 1-10

restrictions 1-5, 1-6

cluster and device modes 1-9

system requirements 1-4

terminology (table) 1-2

tokens 3-1, 3-5, 3-7, 3-9, 3-13, 16-4

using barge with encryption 1-11

where to find more information 1-23

security mode

clusterwide

configuring 3-10

security profile

configuration settings (table) for SIP trunk 14-3

configuring for SIP trunk 14-2

finding for SIP trunk 14-1

overview for SIP trunk 14-1

signaling authentication 1-13

configuring devices for 5-2

signaling encryption

configuring devices for 5-2

overview 1-17

Site Administrator Security Token (SAST) 3-1

SRST

configuration checklist (table) 12-2

configuring references 12-3

overview 12-1

security settings (table) 12-4

troubleshooting 12-5

certificate deleted on gateway 12-5

deleting secured reference 12-5

security messages 12-5

SRST reference

configuring 12-3

security settings (table) 12-4

troubleshooting

certificate deleted on gateway 12-5

deleting secured reference 12-5

security messages 12-5

T

TAPI

configuring security service parameters 11-14

securing

configuration checklist (table) 11-5

TFTP services 3-1

trace files

troubleshooting 16-4

transport layer security (TLS) 1-12

port 3-4

transport security

and real-time protocol (RTP) 1-12

and secure real-time protocol (SRTP) 1-12

configuring for SIP trunk 14-2, 14-3

IPSec 1-12

TLS 1-12

troubleshooting

alarms 16-2

authentication string entered incorrectly on phone 16-6

CAPF 16-5

certificates 16-4

Cisco CTL client 16-4

configuring BAT with phone packet capturing 16-7

CTL security tokens 16-4

deleting CTL file on phone 3-13

log files 16-4

LSC validation fails 16-6

packet capturing 16-7

packet capturing with encryption 16-7

performance monitor counter descriptions (table) 16-3

performance monitor counters 16-2

SRST certificate deleted on gateway 12-5

SRST messages 12-5

SRST references 12-5

trace files 16-4

using the CLI 16-2

verifying CAPF certificate installation 16-6

verifying LSC installation 16-6

verifying MIC exists 16-7

V

voice messaging

security configuration checklist (table) 10-2

security overview 10-1

security requirements 10-1

voice messaging port

applying a security profile 10-3

applying a security profile using the Wizard 10-3

security configuration checklist (table) 10-2

security overview 10-1

	Cisco CallManager Security Guide, Release 5.0(1)
	Index
Cisco CallManager Security Guide, Release 5.0(1) Index Preface Security Overview Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Configuring the Cisco CTL Client Phone Security Overview Configuring a Phone Security Profile Using the Certificate Authority Proxy Function Configuring Encrypted Phone Configuration Files Configuring Digest Authentication for the SIP Phone Phone Hardening Configuring Voice Messaging Ports for Security Configuring Authentication and Encryption for CTI, JTAPI, and TAPI Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Configuring Encryption for Gateways and Trunks Configuring a SIP Trunk Security Profile Configuring Digest Authentication for the SIP Trunk Troubleshooting	Download this chapter Index Download the complete book PDF of Entire Book (PDF - 2 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - P - S - T - V - Index A authentication configuring devices for 5-2 configuring for SIP trunk 14-2, 14-3 device security mode configuration settings (table) 5-3, 5-5 interactions 1-5, 1-6 overview 1-13 restrictions 1-5 with CTI/JTAPI/TAPI applications 11-2 authentication string 6-2, 11-4 entering on phone 6-9 finding phones using 6-8 authorization 1-13 configuring for SIP trunk 14-2, 14-3 interactions 1-6 overview 1-13 B barge encryption restrictions with 1-11 BAT configuring with phone packet capturing 16-7 C Certificate Authority Proxy Function (CAPF) activating service 6-5, 11-8 authentication string 6-2 entering on phone 6-9 Cisco CallManager Serviceability configuration 6-4 Cisco CAPF service 3-4 configuration checklist (table) 6-4 configuration settings (table) for CTI/JTAPI/TAPI applications 11-11 configuring an application user or end user CAPF profile 11-10 deleting an application user or end user CAPF profile 11-13 finding an application user or end user CAPF profile 11-9 finding phones using LSC or authentication string 6-8 generating CAPF report 6-8 installation 1-11 interactions and requirements 6-3 with CTI/JTAPI/TAPI applications 11-5 interaction with Cisco IP Phone 6-2 overview 6-2 overview for CTI/JTAPI/TAPI applications 11-4 phone configuration settings (table) 6-7 troubleshooting 16-5 LSC validation fails 16-6 verifying CAPF certificate installation 16-6 verifying MIC exists 16-7 updating service parameters 6-6 for CTI/JTAPI/TAPI 11-9 using for phone certificate operations 6-6 viewing certificate operation status for application user or end user 11-14 certificates Internet Explorer certificate 2-2 Netscape certificate 2-5 troubleshooting 16-4 types 1-12 Cisco CTL client Cisco CAPF service 3-4 Cisco CTL Provider service 3-3 clusterwide security mode updating 3-10 configuration checklist (table) 3-2 configuration settings (table) 3-11 configuring 3-7 configuring TLS ports 3-4 deleting CTL file on phone 3-13 installation 1-11 installing 3-5 migrating 3-6 overview 3-1 security token password changing 3-13 setting the Smart Card service 3-12 troubleshooting 16-4 uninstalling 3-14 upgrading 3-6 verifying 3-14 verifying security mode 3-12 version determining 3-14 Cisco IP Phone CAPF configuration settings (table) 6-7 deleting CTL file 3-13 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 encrypted configuration file 7-1 configuration checklist (table) 7-4 configuring manual key distribution 7-5 disabling 7-7 enabling 7-4 entering symmetric key 7-6 manual key configuration checklist (table) 7-5 manual key distribution 7-2 phone support 7-3 symmetric key encryption with public key 7-3 using symmetric key encryption w/public key 7-6 verifying 7-6 entering authentication string 6-9 interaction with CAPF 6-2 security configuration checklist (table) 4-2 security icon restrictions 1-9 security icons 1-5 troubleshooting authentication string 16-6 verifying LSC 16-6 understanding security 4-1 viewing security settings 4-2 Cisco TFTP services 3-1 cluster security mode verifying 3-12 computer telephony integration (CTI) secure user groups adding application users and end users 11-7 securing configuration checklist (table) 11-5 configuration file encryption 1-17 CTL client Cisco CAPF service 3-4 Cisco CTL Provider service 3-3 clusterwide security mode updating 3-10 configuration checklist (table) 3-2 configuration settings (table) 3-11 configuring 3-7 configuring TLS ports 3-4 deleting CTL file on phone 3-13 installing 3-5 migrating 3-6 overview 3-1 security token password changing 3-13 setting the Smart Card service 3-12 troubleshooting 16-4 uninstalling 3-14 upgrading 3-6 verifying 3-14 verifying security mode 3-12 version determining 3-14 CTL file deleting entry 3-10 deleting on phone 3-13 updating 3-9 D device authentication 1-13 configuring devices for 5-2 digest authentication 1-13 application user digest credential settings (table) 15-3 associating digest user with a phone 8-4 cluster ID 15-2 configuration checklist (table) for phones 8-1 configuration settings (table) for end user 8-3 configuring a SIP realm 15-4 configuring digest credentials for application user 15-2 configuring digest credentials for end user 8-3 configuring for SIP trunk 14-2, 14-3 configuring service parameters 8-2 deleting a SIP realm 15-5 finding a SIP realm 15-3 SIP realm configuration settings (table) 15-5 trunk configuration checklist (table) 15-1 document audience xii conventions xiv organization xii purpose xii related documentation xiv E encryption configuring devices for 5-2 configuring SRTP allowed check box 13-6 configuring with barge 1-11 device security mode configuration settings (table) 5-3, 5-5 encrypted configuration file 7-1 configuration checklist (table) 7-4 configuring manual key distribution 7-5 disabling 7-7 enabling 7-4 entering symmetric key 7-6 manual key configuration checklist (table) 7-5 manual key distribution 7-2 phone support 7-3 symmetric key encryption with public key 7-3 using symmetric key encryption w/public key 7-6 verifying 7-6 encrypted signaling configuring for SIP trunk 14-2 gateway and trunk configuration checklist (table) 13-4 installation 1-11 interactions 1-5, 1-6 overview 1-17 overview for H.323/H.225/H.245 trunk 13-2 overview for H.323 gateway 13-2 overview for MGCP gateway 13-1 overview for SIP trunk 13-3 restrictions 1-5, 1-6 with authentication 1-7 with barge 1-7 with media resources 1-8 with packet capturing 1-9 with phone and trunk devices 1-8 with security icons 1-9 signaling configuring for SIP trunk 14-3 troubleshooting with packet capturing 16-7 with CTI/JTAPI/TAPI applications 11-3 etoken changing password 3-13 troubleshooting 16-4 F file authentication 1-13 configuring devices for 5-2 H HTTPS overview 2-1 virtual directories (table) 2-1 with Internet Explorer 2-2 with Netscape 2-5 I image authentication 1-13 integrity overview 1-13 IP Phone CAPF configuration settings (table) 6-7 deleting CTL file 3-13 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 encrypted configuration file 7-1 configuration checklist (table) 7-4 configuring manual key distribution 7-5 disabling 7-7 enabling 7-4 entering symmetric key 7-6 manual key configuration checklist (table) 7-5 manual key distribution 7-2 phone support 7-3 symmetric key encryption with public key 7-3 using symmetric key encryption w/public key 7-6 verifying 7-6 entering authentication string 6-9 interaction with CAPF 6-2 security configuration checklist (table) 4-2 security icon restrictions 1-9 security icons 1-5 troubleshooting authentication string 16-6 verifying LSC 16-6 understanding security 4-1 viewing security settings 4-2 IPSec 1-12 configuration checklist (table) 13-4 configuring 13-5 gateway or trunk considerations 13-5 infrastructure considerations 13-5 recommendations 13-5 J JTAPI configuring security service parameters 11-14 securing configuration checklist (table) 11-5 L locally significant certificate (LSC) finding phones using 6-8 troubleshooting validation fails 16-6 verifying installation 16-6 with CTI/JTAPI/TAPI applications 11-4 log files troubleshooting 16-4 M manufacture-installed certificate (MIC) verifying 16-7 media encryption configuring devices for 5-2 overview 1-17 MGCP gateway configuring 13-5 security configuration checklist (table) 13-4 mode mixed 1-9 nonsecure 1-9 P phone deleting CTL file 3-13 phone hardening configuring 9-3 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 port Cisco CTL Provider 3-4 Ethernet phone 3-4 SIP secure 3-4 S secure sockets layer (SSL) installation 1-11 with HTTPS 2-1 security authentication overview 1-13 authorization overview 1-13 best practices 1-9 certificate types 1-12 Cisco CTL client overview 3-1 configuration checklist for authentication and encryption (table) 1-20 encryption overview 1-17 features list 1-4 features list (table) 1-5 files backup and restore 16-4 HTTPS 2-1 installation 1-11 interactions 1-5, 1-6 rebooting the cluster 1-10 rebooting the server 1-10 resetting devices 1-10 restarting Cisco CallManager service 1-10 restrictions 1-5, 1-6 cluster and device modes 1-9 system requirements 1-4 terminology (table) 1-2 tokens 3-1, 3-5, 3-7, 3-9, 3-13, 16-4 using barge with encryption 1-11 where to find more information 1-23 security mode clusterwide configuring 3-10 security profile configuration settings (table) for SIP trunk 14-3 configuring for SIP trunk 14-2 finding for SIP trunk 14-1 overview for SIP trunk 14-1 signaling authentication 1-13 configuring devices for 5-2 signaling encryption configuring devices for 5-2 overview 1-17 Site Administrator Security Token (SAST) 3-1 SRST configuration checklist (table) 12-2 configuring references 12-3 overview 12-1 security settings (table) 12-4 troubleshooting 12-5 certificate deleted on gateway 12-5 deleting secured reference 12-5 security messages 12-5 SRST reference configuring 12-3 security settings (table) 12-4 troubleshooting certificate deleted on gateway 12-5 deleting secured reference 12-5 security messages 12-5 T TAPI configuring security service parameters 11-14 securing configuration checklist (table) 11-5 TFTP services 3-1 trace files troubleshooting 16-4 transport layer security (TLS) 1-12 port 3-4 transport security and real-time protocol (RTP) 1-12 and secure real-time protocol (SRTP) 1-12 configuring for SIP trunk 14-2, 14-3 IPSec 1-12 TLS 1-12 troubleshooting alarms 16-2 authentication string entered incorrectly on phone 16-6 CAPF 16-5 certificates 16-4 Cisco CTL client 16-4 configuring BAT with phone packet capturing 16-7 CTL security tokens 16-4 deleting CTL file on phone 3-13 log files 16-4 LSC validation fails 16-6 packet capturing 16-7 packet capturing with encryption 16-7 performance monitor counter descriptions (table) 16-3 performance monitor counters 16-2 SRST certificate deleted on gateway 12-5 SRST messages 12-5 SRST references 12-5 trace files 16-4 using the CLI 16-2 verifying CAPF certificate installation 16-6 verifying LSC installation 16-6 verifying MIC exists 16-7 V voice messaging security configuration checklist (table) 10-2 security overview 10-1 security requirements 10-1 voice messaging port applying a security profile 10-3 applying a security profile using the Wizard 10-3 security configuration checklist (table) 10-2 security overview 10-1
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks