Cisco Unified Communications Manager Security Guide, Release 6.1(1) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - P - S - T - V -

Index

A

authentication

device 1-17

digest 1-17

interactions 1-6, 1-7

overview 1-17

restrictions 1-6, 1-7

with CTI/JTAPI/TAPI applications 12-2

authentication string

entering on phone 6-9

finding phones using 6-8

with CAPF 6-1

with CTI/JTAPI/TAPI applications 12-4

authorization

configuration settings (table)

for SIP trunk 15-4

configuring for SIP trunk 15-3

interactions 1-7

overview 1-17

B

barge

encryption restrictions with 1-13

security 10-1

security icons 10-3

C

Certificate Authority Proxy Function (CAPF)

activating service 6-5, 12-8

authentication string

entering on phone 6-9

CAPF service 3-5

configuration checklist (table) 6-4

configuration settings (table)

for CTI/JTAPI/TAPI applications 12-11

for phones 6-7

configuring an application user or end user CAPF profile 12-10

configuring in Cisco Unified Serviceability 6-4

deleting an application user or end user CAPF profile 12-12

finding an application user or end user CAPF profile 12-9

finding phones using LSC or authentication string 6-8

generating CAPF report 6-8

installing 1-13

interactions and requirements 6-3

interaction with Cisco Unified IP Phone 6-2

overview 6-1

updating service parameters 6-5

using for phone certificate operations 6-6

viewing certificate operation status for application user or end user 12-14

with CTI/JTAPI/TAPI applications

interactions and requirements 12-5

overview 12-4

updating service parameters 12-8

certificates

external CAs 1-14

Internet Explorer certificate 2-2

Netscape certificate 2-6

types 1-14

Certificate Signing Requests (CSRs) 1-14

Cisco Unified IP Phone

authentication string

entering on phone 6-9

configuration checklist (table) for security 4-2

configuration settings (table)

for CAPF 6-7

configuration tips for phone security profiles 5-1

deleting CTL file 3-17

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

encrypted configuration file 7-1

interaction with CAPF 6-2

secure conference support 10-5

security icons 1-6

understanding security 4-1

viewing security settings 4-2

computer telephony integration (CTI)

configuration checklist (table) for securing 12-5

secure user groups

adding application users and end users 12-7

conference bridge

conference list 10-3

configuration checklist (table) for security 10-9

configuration tips for security 10-8

configuring minimum Meet-Me security 10-11

configuring packet capture on a secure conference bridge 10-12

configuring security 10-10

minimum Meet-Me security level 10-3

security 10-1

security icons 10-3

security interactions 10-7

security requirements 10-2

security restrictions 10-7

configuration file

encryption 1-21

CTL client

CAPF service 3-5

cluster security mode

updating 3-13

configuration checklist (table) 3-3

configuration settings (table) 3-13

configuration tips 3-2

configuring

CTL client 3-8

TLS port 3-5

CTL Provider service 3-4

deleting CTL file on phone 3-17

installing 1-13, 3-6

migrating 3-7

overview 3-1

security mode

verifying 3-15

security token

changing password 3-17

configuring CTL client 3-8

setting the Smart Card service 3-16

uninstalling 3-18

upgrading 3-7

verifying 3-18

version

determining 3-18

CTL file

deleting entry 3-12

deleting on phone 3-17

updating 3-11

CTL Provider

activating service 3-4

D

device authentication

configuration settings (table)

for SCCP phone 5-4

for SIP phones 5-6

for SIP trunk 15-4

configuring for phones 5-3

configuring for SIP trunk 15-3

overview 1-17

digest authentication

associating digest user with a phone 8-4

cluster ID 16-2

configuration checklist (table)

for phones 8-1

for SIP trunk 16-1

configuration settings (table)

for application user digest credentials 16-3

for end user 8-3

for SIP phones 5-6

for SIP realm 16-5

for SIP trunk 15-4

configuring a SIP realm 16-4

configuring digest credentials

for application user 16-2

for end user 8-3

configuring for phones 5-3

configuring for SIP trunk 15-3

configuring service parameters 8-2

deleting a SIP realm 16-5

finding a SIP realm 16-3

overview 1-17

E

encrypted configuration file

configuration checklist (table) 7-5

configuration settings (table)

for manual key 7-7

configuration tips 7-4

configuring manual key distribution 7-6

disabling 7-9

enabling 7-6

entering symmetric key 7-7

manual key configuration checklist (table) 7-7

manual key distribution 7-2

phone support 7-4

symmetric key encryption with public key 7-3

understanding 7-1

using symmetric key encryption w/public key 7-8

verifying 7-9

encryption

configuration checklist (table) for gateways and trunks 14-3

configuration settings (table)

for SCCP phone 5-4

for SIP phone 5-6

for SIP trunk 15-4

configuring for phones 5-3

configuring SRTP allowed check box 14-5

configuring with barge 1-13

for H.323/H.225/H.245 trunk 14-2

for H.323 gateway 14-2

for MGCP gateway 14-1

for SIP trunk 14-3

installing 1-13

interactions 1-6, 1-7, 10-7

overview 1-21

restrictions 1-6, 1-7, 10-7

signaling

configuring for phones 5-3

configuring for SIP trunk 15-3

with CTI/JTAPI/TAPI applications 12-3

etoken

changing password 3-17

configuring CTL client 3-8

F

file authentication

configuring for phones 5-3

overview 1-17

H

HTTPS

overview 2-1

virtual directories (table) 2-2

with Internet Explorer 2-2

with Netscape 2-6

I

image authentication

overview 1-17

integrity

overview 1-17

IPSec 1-13

configuration checklist (table) for IPSec 14-3

configuring 14-4

gateway or trunk considerations 14-5

infrastructure considerations 14-4

recommendations 14-4, 14-5

J

JTAPI

configuration checklist (table) for securing 12-5

configuring security service parameters 12-13

L

locally significant certificate (LSC)

finding phones using 6-8

with CTI/JTAPI/TAPI applications 12-4

M

media encryption (See also encryption)

overview 1-21

MGCP gateway

configuration checklist (table) for security 14-3

configuring 14-4, 14-5

P

phone hardening

configuring 9-2

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

port

CTL Provider 3-5

Ethernet phone 3-5

SIP secure 3-5

S

secure conference

Cisco Unified IP Phone support 10-5

conference bridge requirements 10-2

conference list 10-3

configuration checklist (table) 10-9

configuration tips 10-8

configuring minimum Meet-Me security 10-11

configuring packet capture 10-12

configuring secure conference bridge 10-10

CTI support 10-6

interactions 10-7

minimum Meet-Me security level 10-3

restrictions 10-7

security icons 10-3

security overview 10-1

trunks and gateways 10-6

secure sockets layer (SSL)

installing 1-13

with HTTPS 2-1

security

authentication overview 1-17

authorization overview 1-17

best practices 1-11

certificate types 1-14

configuration checklist for authentication and encryption (table) 1-24

CTL client overview 3-1

encryption overview 1-21

external CAs 1-14

features list 1-5

HTTPS 2-1

installing 1-13

interactions 1-6, 1-7, 10-7

rebooting the cluster 1-12

rebooting the server 1-12

resetting devices 1-12

restarting Cisco Unified Communications Manager service 1-12

restrictions 1-6, 1-7, 10-7

SCCP calls (table) 1-5

SIP calls (table) 1-6

system requirements 1-5

terminology (table) 1-2

tokens 3-1, 3-6, 3-8, 3-11, 3-17

using barge with encryption 1-13

where to find more information 1-28

security mode

cluster

configuring 3-13

verifying 3-15

security profile

applying for SIP trunk 15-7

applying to phones 5-9

configuration settings (table)

for SCCP phone 5-4

for SIP phones 5-6

for SIP trunk 15-4

configuration tips for phones 5-1

configuring for phones 5-3

configuring for SIP trunk 15-3

deleting for phones 5-10

deleting for SIP trunk 15-8

finding for phones 5-2

finding for SIP trunk 15-2

finding phones that use 5-11

overview for phones 5-1

overview for SIP trunk 15-1

security token

configuring CTL client 3-8

signaling authentication

overview 1-17

signaling encryption

overview 1-21

Site Administrator Security Token (SAST) 3-1

SRST

configuration checklist (table) for securing 13-3

configuration tips for securing 13-2

overview for securing 13-1

troubleshooting

certificate deleted on gateway 13-5

SRST reference

configuration settings (table) for security 13-5

configuring 13-3

troubleshooting

deleting secured reference 13-5

T

TAPI

configuration checklist (table) for securing 12-5

configuring security service parameters 12-13

Tftp service 3-1

TLS Proxy server 3-1

transport layer security (TLS) 1-13

port 3-5

transport security

and real-time protocol (RTP) 1-13

and secure real-time protocol (SRTP) 1-13

configuration settings (table)

for SCCP phone 5-4

for SIP phone 5-6

for SIP trunk 15-4

configuring for SIP phones 5-3

configuring for SIP trunk 15-3

IPSec 1-13

TLS 1-13

troubleshooting

deleting CTL file on phone 3-17

SRST certificate deleted on gateway 13-5

V

voice messaging

configuration checklist (table) for security 11-3

security overview 11-1

security requirements 11-1

voice messaging port

applying a security profile 11-3

applying a security profile using the Wizard 11-4

configuration checklist (table) for security 11-3

security overview 11-1

	Cisco Unified Communications Manager Security Guide, Release 6.1(1)
	Index
Cisco Unified Communications Manager Security Guide, Release 6.1(1) Index Preface Security Basics Security Overview Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Configuring the Cisco CTL Client Security for Cisco Unified IP Phones and Cisco Unity Voice-Messaging Ports Phone Security Overview Configuring a Phone Security Profile Using the Certificate Authority Proxy Function Configuring Encrypted Phone Configuration Files Configuring Digest Authentication for the SIP Phone Phone Hardening Configuring Secure Conference Resources Configuring Voice-Messaging Ports for Security Security for Cisco CTI, JTAPI, and TAPI Applications Configuring Authentication and Encryption for CTI, JTAPI, and TAPI Security for SRST References, Trunks, and Gateways Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Configuring Encryption for Gateways and Trunks Configuring a SIP Trunk Security Profile Configuring Digest Authentication for the SIP Trunk	Download this chapter Index Download the complete book Cisco Unified Communications Manager Security Guide, Release 6.1(1) (PDF - 3 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - P - S - T - V - Index A authentication device 1-17 digest 1-17 interactions 1-6, 1-7 overview 1-17 restrictions 1-6, 1-7 with CTI/JTAPI/TAPI applications 12-2 authentication string entering on phone 6-9 finding phones using 6-8 with CAPF 6-1 with CTI/JTAPI/TAPI applications 12-4 authorization configuration settings (table) for SIP trunk 15-4 configuring for SIP trunk 15-3 interactions 1-7 overview 1-17 B barge encryption restrictions with 1-13 security 10-1 security icons 10-3 C Certificate Authority Proxy Function (CAPF) activating service 6-5, 12-8 authentication string entering on phone 6-9 CAPF service 3-5 configuration checklist (table) 6-4 configuration settings (table) for CTI/JTAPI/TAPI applications 12-11 for phones 6-7 configuring an application user or end user CAPF profile 12-10 configuring in Cisco Unified Serviceability 6-4 deleting an application user or end user CAPF profile 12-12 finding an application user or end user CAPF profile 12-9 finding phones using LSC or authentication string 6-8 generating CAPF report 6-8 installing 1-13 interactions and requirements 6-3 interaction with Cisco Unified IP Phone 6-2 overview 6-1 updating service parameters 6-5 using for phone certificate operations 6-6 viewing certificate operation status for application user or end user 12-14 with CTI/JTAPI/TAPI applications interactions and requirements 12-5 overview 12-4 updating service parameters 12-8 certificates external CAs 1-14 Internet Explorer certificate 2-2 Netscape certificate 2-6 types 1-14 Certificate Signing Requests (CSRs) 1-14 Cisco Unified IP Phone authentication string entering on phone 6-9 configuration checklist (table) for security 4-2 configuration settings (table) for CAPF 6-7 configuration tips for phone security profiles 5-1 deleting CTL file 3-17 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 encrypted configuration file 7-1 interaction with CAPF 6-2 secure conference support 10-5 security icons 1-6 understanding security 4-1 viewing security settings 4-2 computer telephony integration (CTI) configuration checklist (table) for securing 12-5 secure user groups adding application users and end users 12-7 conference bridge conference list 10-3 configuration checklist (table) for security 10-9 configuration tips for security 10-8 configuring minimum Meet-Me security 10-11 configuring packet capture on a secure conference bridge 10-12 configuring security 10-10 minimum Meet-Me security level 10-3 security 10-1 security icons 10-3 security interactions 10-7 security requirements 10-2 security restrictions 10-7 configuration file encryption 1-21 CTL client CAPF service 3-5 cluster security mode updating 3-13 configuration checklist (table) 3-3 configuration settings (table) 3-13 configuration tips 3-2 configuring CTL client 3-8 TLS port 3-5 CTL Provider service 3-4 deleting CTL file on phone 3-17 installing 1-13, 3-6 migrating 3-7 overview 3-1 security mode verifying 3-15 security token changing password 3-17 configuring CTL client 3-8 setting the Smart Card service 3-16 uninstalling 3-18 upgrading 3-7 verifying 3-18 version determining 3-18 CTL file deleting entry 3-12 deleting on phone 3-17 updating 3-11 CTL Provider activating service 3-4 D device authentication configuration settings (table) for SCCP phone 5-4 for SIP phones 5-6 for SIP trunk 15-4 configuring for phones 5-3 configuring for SIP trunk 15-3 overview 1-17 digest authentication associating digest user with a phone 8-4 cluster ID 16-2 configuration checklist (table) for phones 8-1 for SIP trunk 16-1 configuration settings (table) for application user digest credentials 16-3 for end user 8-3 for SIP phones 5-6 for SIP realm 16-5 for SIP trunk 15-4 configuring a SIP realm 16-4 configuring digest credentials for application user 16-2 for end user 8-3 configuring for phones 5-3 configuring for SIP trunk 15-3 configuring service parameters 8-2 deleting a SIP realm 16-5 finding a SIP realm 16-3 overview 1-17 E encrypted configuration file configuration checklist (table) 7-5 configuration settings (table) for manual key 7-7 configuration tips 7-4 configuring manual key distribution 7-6 disabling 7-9 enabling 7-6 entering symmetric key 7-7 manual key configuration checklist (table) 7-7 manual key distribution 7-2 phone support 7-4 symmetric key encryption with public key 7-3 understanding 7-1 using symmetric key encryption w/public key 7-8 verifying 7-9 encryption configuration checklist (table) for gateways and trunks 14-3 configuration settings (table) for SCCP phone 5-4 for SIP phone 5-6 for SIP trunk 15-4 configuring for phones 5-3 configuring SRTP allowed check box 14-5 configuring with barge 1-13 for H.323/H.225/H.245 trunk 14-2 for H.323 gateway 14-2 for MGCP gateway 14-1 for SIP trunk 14-3 installing 1-13 interactions 1-6, 1-7, 10-7 overview 1-21 restrictions 1-6, 1-7, 10-7 signaling configuring for phones 5-3 configuring for SIP trunk 15-3 with CTI/JTAPI/TAPI applications 12-3 etoken changing password 3-17 configuring CTL client 3-8 F file authentication configuring for phones 5-3 overview 1-17 H HTTPS overview 2-1 virtual directories (table) 2-2 with Internet Explorer 2-2 with Netscape 2-6 I image authentication overview 1-17 integrity overview 1-17 IPSec 1-13 configuration checklist (table) for IPSec 14-3 configuring 14-4 gateway or trunk considerations 14-5 infrastructure considerations 14-4 recommendations 14-4, 14-5 J JTAPI configuration checklist (table) for securing 12-5 configuring security service parameters 12-13 L locally significant certificate (LSC) finding phones using 6-8 with CTI/JTAPI/TAPI applications 12-4 M media encryption (See also encryption) overview 1-21 MGCP gateway configuration checklist (table) for security 14-3 configuring 14-4, 14-5 P phone hardening configuring 9-2 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 port CTL Provider 3-5 Ethernet phone 3-5 SIP secure 3-5 S secure conference Cisco Unified IP Phone support 10-5 conference bridge requirements 10-2 conference list 10-3 configuration checklist (table) 10-9 configuration tips 10-8 configuring minimum Meet-Me security 10-11 configuring packet capture 10-12 configuring secure conference bridge 10-10 CTI support 10-6 interactions 10-7 minimum Meet-Me security level 10-3 restrictions 10-7 security icons 10-3 security overview 10-1 trunks and gateways 10-6 secure sockets layer (SSL) installing 1-13 with HTTPS 2-1 security authentication overview 1-17 authorization overview 1-17 best practices 1-11 certificate types 1-14 configuration checklist for authentication and encryption (table) 1-24 CTL client overview 3-1 encryption overview 1-21 external CAs 1-14 features list 1-5 HTTPS 2-1 installing 1-13 interactions 1-6, 1-7, 10-7 rebooting the cluster 1-12 rebooting the server 1-12 resetting devices 1-12 restarting Cisco Unified Communications Manager service 1-12 restrictions 1-6, 1-7, 10-7 SCCP calls (table) 1-5 SIP calls (table) 1-6 system requirements 1-5 terminology (table) 1-2 tokens 3-1, 3-6, 3-8, 3-11, 3-17 using barge with encryption 1-13 where to find more information 1-28 security mode cluster configuring 3-13 verifying 3-15 security profile applying for SIP trunk 15-7 applying to phones 5-9 configuration settings (table) for SCCP phone 5-4 for SIP phones 5-6 for SIP trunk 15-4 configuration tips for phones 5-1 configuring for phones 5-3 configuring for SIP trunk 15-3 deleting for phones 5-10 deleting for SIP trunk 15-8 finding for phones 5-2 finding for SIP trunk 15-2 finding phones that use 5-11 overview for phones 5-1 overview for SIP trunk 15-1 security token configuring CTL client 3-8 signaling authentication overview 1-17 signaling encryption overview 1-21 Site Administrator Security Token (SAST) 3-1 SRST configuration checklist (table) for securing 13-3 configuration tips for securing 13-2 overview for securing 13-1 troubleshooting certificate deleted on gateway 13-5 SRST reference configuration settings (table) for security 13-5 configuring 13-3 troubleshooting deleting secured reference 13-5 T TAPI configuration checklist (table) for securing 12-5 configuring security service parameters 12-13 Tftp service 3-1 TLS Proxy server 3-1 transport layer security (TLS) 1-13 port 3-5 transport security and real-time protocol (RTP) 1-13 and secure real-time protocol (SRTP) 1-13 configuration settings (table) for SCCP phone 5-4 for SIP phone 5-6 for SIP trunk 15-4 configuring for SIP phones 5-3 configuring for SIP trunk 15-3 IPSec 1-13 TLS 1-13 troubleshooting deleting CTL file on phone 3-17 SRST certificate deleted on gateway 13-5 V voice messaging configuration checklist (table) for security 11-3 security overview 11-1 security requirements 11-1 voice messaging port applying a security profile 11-3 applying a security profile using the Wizard 11-4 configuration checklist (table) for security 11-3 security overview 11-1
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks