Cisco Unified CallManager Security Guide, Release 5.1(3) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - P - S - T - V -

Index

A

authentication

See also device authentication

See also digest authentication

interactions 1-5, 1-6

overview 1-16

restrictions 1-5, 1-7

with CTI/JTAPI/TAPI applications 11-2

authentication string 6-2, 11-4

entering on phone 6-9

finding phones using 6-8

authorization 1-16

configuration settings (table)

for SIP trunk 14-3

configuring for SIP trunk 14-2

interactions 1-6

overview 1-16

B

barge

encryption restrictions with 1-12

C

Certificate Authority Proxy Function (CAPF)

activating service 6-5, 11-8

authentication string 6-2

entering on phone 6-9

CAPF service 3-5

configuration checklist (table) 6-4

configuration settings (table)

for CTI/JTAPI/TAPI applications 11-11

for phones 6-7

configuring an application user or end user CAPF profile 11-10

configuring in Cisco Unified CallManager Serviceability 6-4

deleting an application user or end user CAPF profile 11-12

finding an application user or end user CAPF profile 11-9

finding phones using LSC or authentication string 6-8

generating CAPF report 6-8

installing 1-12

interactions and requirements 6-3

with CTI/JTAPI/TAPI applications 11-5

interaction with Cisco Unified IP Phone 6-2

overview 6-2

for CTI/JTAPI/TAPI applications 11-4

updating service parameters 6-6

for CTI/JTAPI/TAPI 11-8

using for phone certificate operations 6-6

viewing certificate operation status for application user or end user 11-13

certificates

external CAs 1-13

Internet Explorer certificate 2-2

Netscape certificate 2-5

types 1-13

Certificate Signing Requests (CSRs) 1-13

Cisco Unified IP Phone

See also encrypted configuration file

authentication string

entering on phone 6-9

configuration checklist (table) for security 4-2

configuration settings (table)

for CAPF 6-7

configuration tips for phone security profiles 5-1

deleting CTL file 3-16

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

interaction with CAPF 6-2

security icons 1-5

understanding security 4-1

viewing security settings 4-2

computer telephony integration (CTI)

configuration checklist (table) for securing 11-5

secure user groups

adding application users and end users 11-7

configuration file encryption

See encrypted configuration file

CTL client

CAPF service 3-5

clusterwide security mode

updating 3-12

configuration checklist (table) 3-3

configuration settings (table) 3-13

configuration tips 3-2

configuring 3-8

TLS ports 3-5

CTL Provider service 3-4

deleting CTL file on phone 3-16

installing 1-12, 3-6

migrating 3-7

overview 3-2

security mode

verifying 3-15

security token password

changing 3-16

setting the Smart Card service 3-15

uninstalling 3-18

upgrading 3-7

verifying 3-18

version

determining 3-17

CTL file

deleting entry 3-12

deleting on phone 3-16

updating 3-10

CTL Provider

activating service 3-4

D

device authentication 1-16

configuration settings (table)

for SCCP phone 5-4

for SIP phones 5-6

for SIP trunk 14-3

configuring for phones 5-3

configuring for SIP trunk 14-2

digest authentication 1-16

associating digest user with a phone 8-4

cluster ID 15-2

configuration checklist (table)

for phones 8-1

for SIP trunk 15-1

configuration settings (table)

for application user digest credentials 15-3

for end user 8-3

for SIP phones 5-6

for SIP realm 15-5

for SIP trunk 14-3

configuring a SIP realm 15-4

configuring digest credentials

for application user 15-2

for end user 8-3

configuring for phones 5-3

configuring for SIP trunk 14-2

configuring service parameters 8-2

deleting a SIP realm 15-5

finding a SIP realm 15-3

document

audience xii

conventions xiv

organization xii

purpose xii

related documentation xiv

E

encrypted configuration file

configuration checklist (table) 7-5

configuration settings (table)

for manual key 7-7

configuration tips 7-4

configuring manual key distribution 7-6

disabling 7-9

enabling 7-6

entering symmetric key 7-7

manual key configuration checklist (table) 7-7

manual key distribution 7-2

phone support 7-4

symmetric key encryption with public key 7-3

understanding

using symmetric key encryption w/public key 7-8

verifying 7-9

encryption

configuration checklist (table) for gateways and trunks 13-4

configuration settings (table)

for SCCP phone 5-4

for SIP phone security profiles 5-6

for SIP trunk 14-3

configuring for phones 5-3

configuring SRTP allowed check box 13-6

configuring with barge 1-12

installing 1-12

interactions 1-5, 1-6

overview 1-20

overview for H.323/H.225/H.245 trunk 13-2

overview for H.323 gateway 13-2

overview for MGCP gateway 13-1

overview for SIP trunk 13-3

restrictions 1-5, 1-7

signaling

configuring for phones 5-3

configuring for SIP trunk 14-2

with CTI/JTAPI/TAPI applications 11-3

etoken

changing password 3-16

F

file authentication 1-16

configuring for phones 5-3

H

HTTPS

overview 2-1

virtual directories (table) 2-1

with Internet Explorer 2-2

with Netscape 2-5

I

image authentication 1-16

integrity

overview 1-16

IP Phone

see Cisco Unified IP Phone

IPSec 1-13

configuration checklist (table) for IPSec 13-4

configuring 13-5

gateway or trunk considerations 13-5

infrastructure considerations 13-5

recommendations 13-5

J

JTAPI

configuration checklist (table) for securing 11-5

configuring security service parameters 11-13

L

locally significant certificate (LSC)

finding phones using 6-8

with CTI/JTAPI/TAPI applications 11-4

M

media encryption (see also encryption)

overview 1-20

MGCP gateway

configuration checklist (table) for security 13-4

configuring 13-5

P

phone hardening

configuring 9-2

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

port

CTL Provider 3-5

Ethernet phone 3-5

SIP secure 3-5

S

secure sockets layer (SSL)

installing 1-12

with HTTPS 2-1

security

adding a subscriber node to a secure cluster 1-26

authentication overview 1-16

authorization overview 1-16

best practices 1-10

certificate types 1-13

configuration checklist for authentication and encryption (table) 1-23

CTL client overview 3-2

encryption overview

external CAs 1-13

features list 1-4

features list (table) 1-5

HTTPS 2-1

installing 1-12

interactions 1-5, 1-6

rebooting the cluster 1-11

rebooting the server 1-11

resetting devices 1-11

restarting Cisco Unified CallManager service 1-11

restrictions 1-5, 1-7

system requirements 1-4

terminology (table) 1-2

tokens 3-2, 3-6, 3-8, 3-10, 3-16

using barge with encryption 1-12

where to find more information 1-26

security mode

clusterwide

configuring 3-12

verifying 3-15

security profile

applying for SIP trunk 14-7

applying to phones 5-9

configuration settings (table)

for SCCP phone 5-4

for SIP phones 5-6

for SIP trunk 14-3

configuration tips for phones 5-1

configuring for phones 5-3

configuring for SIP trunk 14-2

deleting for phones 5-10

deleting for SIP trunk 14-8

finding for phones 5-2

finding for SIP trunk 14-2

finding phones that use 5-11

overview for phones 5-1

overview for SIP trunk 14-1

signaling authentication

overview 1-16

signaling encryption

overview 1-20

Site Administrator Security Token (SAST) 3-2

SRST

configuration checklist (table) for securing 12-3

configuration tips for securing 12-2

overview for securing 12-1

troubleshooting

certificate deleted on gateway 12-5

SRST reference

configuration settings (table) for security 12-5

configuring 12-3

troubleshooting

deleting secured reference 12-5

T

TAPI

configuration checklist (table) for securing 11-5

configuring security service parameters 11-13

Tftp services 3-2

TLS Proxy server 3-2

transport layer security (TLS) 1-13

port 3-5

transport security

and real-time protocol (RTP) 1-13

and secure real-time protocol (SRTP) 1-13

configuration settings (table)

for SCCP phone 5-4

for SIP phone 5-6

for SIP trunk 14-3

configuring for SIP phones 5-3

configuring for SIP trunk 14-2

IPSec 1-13

TLS 1-13

troubleshooting

deleting CTL file on phone 3-16

SRST certificate deleted on gateway 12-5

V

voice messaging

configuration checklist (table) for security 10-2

security overview 10-1

security requirements 10-1

voice messaging port

applying a security profile 10-3

applying a security profile using the Wizard 10-4

configuration checklist (table) for security 10-2

security overview 10-1

	Cisco Unified CallManager Security Guide, Release 5.1(3)
	Index
Cisco Unified CallManager Security Guide, Release 5.1(3) Index Preface Security Overview Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Configuring the Cisco CTL Client Phone Security Overview Configuring a Phone Security Profile Using the Certificate Authority Proxy Function Configuring Encrypted Phone Configuration Files Configuring Digest Authentication for the SIP Phone Phone Hardening Configuring Voice-Messaging Ports for Security Configuring Authentication and Encryption for CTI, JTAPI, and TAPI Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Configuring Encryption for Gateways and Trunks Configuring a SIP Trunk Security Profile Configuring Digest Authentication for the SIP Trunk	Download this chapter Index Download the complete book PDF of Entire Book (PDF - 2 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - P - S - T - V - Index A authentication See also device authentication See also digest authentication interactions 1-5, 1-6 overview 1-16 restrictions 1-5, 1-7 with CTI/JTAPI/TAPI applications 11-2 authentication string 6-2, 11-4 entering on phone 6-9 finding phones using 6-8 authorization 1-16 configuration settings (table) for SIP trunk 14-3 configuring for SIP trunk 14-2 interactions 1-6 overview 1-16 B barge encryption restrictions with 1-12 C Certificate Authority Proxy Function (CAPF) activating service 6-5, 11-8 authentication string 6-2 entering on phone 6-9 CAPF service 3-5 configuration checklist (table) 6-4 configuration settings (table) for CTI/JTAPI/TAPI applications 11-11 for phones 6-7 configuring an application user or end user CAPF profile 11-10 configuring in Cisco Unified CallManager Serviceability 6-4 deleting an application user or end user CAPF profile 11-12 finding an application user or end user CAPF profile 11-9 finding phones using LSC or authentication string 6-8 generating CAPF report 6-8 installing 1-12 interactions and requirements 6-3 with CTI/JTAPI/TAPI applications 11-5 interaction with Cisco Unified IP Phone 6-2 overview 6-2 for CTI/JTAPI/TAPI applications 11-4 updating service parameters 6-6 for CTI/JTAPI/TAPI 11-8 using for phone certificate operations 6-6 viewing certificate operation status for application user or end user 11-13 certificates external CAs 1-13 Internet Explorer certificate 2-2 Netscape certificate 2-5 types 1-13 Certificate Signing Requests (CSRs) 1-13 Cisco Unified IP Phone See also encrypted configuration file authentication string entering on phone 6-9 configuration checklist (table) for security 4-2 configuration settings (table) for CAPF 6-7 configuration tips for phone security profiles 5-1 deleting CTL file 3-16 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 interaction with CAPF 6-2 security icons 1-5 understanding security 4-1 viewing security settings 4-2 computer telephony integration (CTI) configuration checklist (table) for securing 11-5 secure user groups adding application users and end users 11-7 configuration file encryption See encrypted configuration file CTL client CAPF service 3-5 clusterwide security mode updating 3-12 configuration checklist (table) 3-3 configuration settings (table) 3-13 configuration tips 3-2 configuring 3-8 TLS ports 3-5 CTL Provider service 3-4 deleting CTL file on phone 3-16 installing 1-12, 3-6 migrating 3-7 overview 3-2 security mode verifying 3-15 security token password changing 3-16 setting the Smart Card service 3-15 uninstalling 3-18 upgrading 3-7 verifying 3-18 version determining 3-17 CTL file deleting entry 3-12 deleting on phone 3-16 updating 3-10 CTL Provider activating service 3-4 D device authentication 1-16 configuration settings (table) for SCCP phone 5-4 for SIP phones 5-6 for SIP trunk 14-3 configuring for phones 5-3 configuring for SIP trunk 14-2 digest authentication 1-16 associating digest user with a phone 8-4 cluster ID 15-2 configuration checklist (table) for phones 8-1 for SIP trunk 15-1 configuration settings (table) for application user digest credentials 15-3 for end user 8-3 for SIP phones 5-6 for SIP realm 15-5 for SIP trunk 14-3 configuring a SIP realm 15-4 configuring digest credentials for application user 15-2 for end user 8-3 configuring for phones 5-3 configuring for SIP trunk 14-2 configuring service parameters 8-2 deleting a SIP realm 15-5 finding a SIP realm 15-3 document audience xii conventions xiv organization xii purpose xii related documentation xiv E encrypted configuration file configuration checklist (table) 7-5 configuration settings (table) for manual key 7-7 configuration tips 7-4 configuring manual key distribution 7-6 disabling 7-9 enabling 7-6 entering symmetric key 7-7 manual key configuration checklist (table) 7-7 manual key distribution 7-2 phone support 7-4 symmetric key encryption with public key 7-3 understanding using symmetric key encryption w/public key 7-8 verifying 7-9 encryption configuration checklist (table) for gateways and trunks 13-4 configuration settings (table) for SCCP phone 5-4 for SIP phone security profiles 5-6 for SIP trunk 14-3 configuring for phones 5-3 configuring SRTP allowed check box 13-6 configuring with barge 1-12 installing 1-12 interactions 1-5, 1-6 overview 1-20 overview for H.323/H.225/H.245 trunk 13-2 overview for H.323 gateway 13-2 overview for MGCP gateway 13-1 overview for SIP trunk 13-3 restrictions 1-5, 1-7 signaling configuring for phones 5-3 configuring for SIP trunk 14-2 with CTI/JTAPI/TAPI applications 11-3 etoken changing password 3-16 F file authentication 1-16 configuring for phones 5-3 H HTTPS overview 2-1 virtual directories (table) 2-1 with Internet Explorer 2-2 with Netscape 2-5 I image authentication 1-16 integrity overview 1-16 IP Phone see Cisco Unified IP Phone IPSec 1-13 configuration checklist (table) for IPSec 13-4 configuring 13-5 gateway or trunk considerations 13-5 infrastructure considerations 13-5 recommendations 13-5 J JTAPI configuration checklist (table) for securing 11-5 configuring security service parameters 11-13 L locally significant certificate (LSC) finding phones using 6-8 with CTI/JTAPI/TAPI applications 11-4 M media encryption (see also encryption) overview 1-20 MGCP gateway configuration checklist (table) for security 13-4 configuring 13-5 P phone hardening configuring 9-2 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 port CTL Provider 3-5 Ethernet phone 3-5 SIP secure 3-5 S secure sockets layer (SSL) installing 1-12 with HTTPS 2-1 security adding a subscriber node to a secure cluster 1-26 authentication overview 1-16 authorization overview 1-16 best practices 1-10 certificate types 1-13 configuration checklist for authentication and encryption (table) 1-23 CTL client overview 3-2 encryption overview external CAs 1-13 features list 1-4 features list (table) 1-5 HTTPS 2-1 installing 1-12 interactions 1-5, 1-6 rebooting the cluster 1-11 rebooting the server 1-11 resetting devices 1-11 restarting Cisco Unified CallManager service 1-11 restrictions 1-5, 1-7 system requirements 1-4 terminology (table) 1-2 tokens 3-2, 3-6, 3-8, 3-10, 3-16 using barge with encryption 1-12 where to find more information 1-26 security mode clusterwide configuring 3-12 verifying 3-15 security profile applying for SIP trunk 14-7 applying to phones 5-9 configuration settings (table) for SCCP phone 5-4 for SIP phones 5-6 for SIP trunk 14-3 configuration tips for phones 5-1 configuring for phones 5-3 configuring for SIP trunk 14-2 deleting for phones 5-10 deleting for SIP trunk 14-8 finding for phones 5-2 finding for SIP trunk 14-2 finding phones that use 5-11 overview for phones 5-1 overview for SIP trunk 14-1 signaling authentication overview 1-16 signaling encryption overview 1-20 Site Administrator Security Token (SAST) 3-2 SRST configuration checklist (table) for securing 12-3 configuration tips for securing 12-2 overview for securing 12-1 troubleshooting certificate deleted on gateway 12-5 SRST reference configuration settings (table) for security 12-5 configuring 12-3 troubleshooting deleting secured reference 12-5 T TAPI configuration checklist (table) for securing 11-5 configuring security service parameters 11-13 Tftp services 3-2 TLS Proxy server 3-2 transport layer security (TLS) 1-13 port 3-5 transport security and real-time protocol (RTP) 1-13 and secure real-time protocol (SRTP) 1-13 configuration settings (table) for SCCP phone 5-4 for SIP phone 5-6 for SIP trunk 14-3 configuring for SIP phones 5-3 configuring for SIP trunk 14-2 IPSec 1-13 TLS 1-13 troubleshooting deleting CTL file on phone 3-16 SRST certificate deleted on gateway 12-5 V voice messaging configuration checklist (table) for security 10-2 security overview 10-1 security requirements 10-1 voice messaging port applying a security profile 10-3 applying a security profile using the Wizard 10-4 configuration checklist (table) for security 10-2 security overview 10-1
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks