Cisco Unified Communications Manager Security Guide, Release 8.0(2) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - N - P - S - T - V -

Index

A

authentication

device 1-17

digest 1-17

interactions 1-7

overview 1-17

restrictions 1-7, 1-8

with CTI/JTAPI/TAPI applications 20-2

authentication string

entering on phone 8-10

finding phones using 8-9

with CAPF 8-1

with CTI/JTAPI/TAPI applications 20-4

authorization

configuration settings (table)

for SIP trunk 23-4

configuring for SIP trunk 23-3

interactions 1-7

overview 1-17

B

barge

encryption restrictions with 1-13

security 12-1

security icons 12-3

C

Certificate Authority Proxy Function (CAPF)

activating service 8-6, 20-8

authentication string

entering on phone 8-10

CAPF service 4-6

configuration checklist (table) 8-5

configuration settings (table)

for CTI/JTAPI/TAPI applications 20-11

for phones 8-8

configuring an application user or end user CAPF profile 20-10

configuring in Cisco Unified Serviceability 8-5

deleting an application user or end user CAPF profile 20-12

finding an application user or end user CAPF profile 20-9

finding phones using LSC or authentication string 8-9

generating CAPF report 8-9

installing 1-14

interactions and requirements 8-4

interaction with Cisco Unified IP Phone 8-2

interaction with IPv6 addressing 8-3

overview 8-1

updating service parameters 8-6

using for phone certificate operations 8-7

viewing certificate operation status for application user or end user 20-14

with CTI/JTAPI/TAPI applications

interactions and requirements 20-5

overview 20-4

updating service parameters 20-8

certificates

external CAs 1-15

Netscape certificate 2-8, 2-10

types 1-15

Certificate Signing Requests (CSRs) 1-15

Cisco Unified IP Phone

authentication string

entering on phone 8-10

configuration checklist (table) for security 5-3

configuration settings (table)

for CAPF 8-8

configuration tips for phone security profiles 6-2

deleting CTL file 4-18

disabling the GARP setting 11-1

disabling the PC Port setting 11-2

disabling the PC Voice VLAN Access setting 11-2

disabling the Setting Access setting 11-2

disabling the Web Access setting 11-1

encrypted configuration file 9-1

interaction with CAPF 8-2

secure conference support 12-5

security icons 1-6

understanding security 5-1

viewing security settings 5-3

computer telephony integration (CTI)

configuration checklist (table) for securing 20-5

secure user groups

adding application users and end users 20-7

conference bridge

conference list 12-3

configuration checklist (table) for security 12-9

configuration tips for security 12-8

configuring minimum Meet-Me security 12-11

configuring packet capture on a secure conference bridge 12-12

configuring security 12-10

minimum Meet-Me security level 12-3

security 12-1

security icons 12-3

security interactions 12-6

security requirements 12-2

security restrictions 12-6

configuration file

encryption 1-22

CTL client

CAPF service 4-6

cluster security mode

updating 4-14

configuration checklist (table) 4-4

configuration settings (table) 4-15

configuration tips 4-3

configuring

CTL client 4-9

TLS port 4-6

CTL Provider service 4-5

deleting CTL file on phone 4-18

installing 1-14, 4-7

migrating 4-9

overview 4-2

security mode

verifying 4-16

security token

changing password 4-18

configuring CTL client 4-9

setting the Smart Card service 4-17

size limit 4-3

uninstalling 4-19

upgrading 4-9

verifying 4-19

version

determining 4-19

CTL file

deleting entry 4-14

deleting on phone 4-18

updating 4-12

CTL Provider

activating service 4-5

D

device authentication

configuration settings (table)

for phone that is running SCCP 6-4

for phone that is running SIP 6-7

for SIP trunk 23-4

configuring for phones 6-3

configuring for SIP trunk 23-3

overview 1-17

digest authentication

associating digest user with a phone 10-4

cluster ID 24-2

configuration checklist (table)

for phones 10-1

for SIP trunk 24-1

configuration settings (table)

for application user digest credentials 24-3

for end user 10-3

for phone that is running SIP 6-7

for SIP realm 24-5

for SIP trunk 23-4

configuring a SIP realm 24-4

configuring digest credentials

for application user 24-2

for end user 10-3

configuring for phones 6-3

configuring for SIP trunk 23-3

configuring service parameters 10-2

deleting a SIP realm 24-5

finding a SIP realm 24-3

overview 1-17

E

encrypted configuration file

configuration checklist (table) 9-5

configuration settings (table)

for manual key 9-7

configuration tips 9-4

configuring manual key distribution 9-6

disabling 9-9

enabling 9-6

entering symmetric key 9-7

manual key configuration checklist (table) 9-7

manual key distribution 9-2

phone support 9-4

symmetric key encryption with public key 9-3

understanding 9-1

using symmetric key encryption w/public key 9-8

verifying 9-9

encryption

configuration checklist (table) for gateways and trunks 22-4

configuration settings (table)

for phone that is running SCCP 6-4

for phone that is running SIP 6-7

for SIP trunk 23-4

configuring for phones 6-3

configuring SRTP allowed check box 22-6

configuring with barge 1-13

for H.323/H.225/H.245 trunk 22-2

for H.323 gateway 22-2

for MGCP gateway 22-1

for SIP trunk 22-3

installing 1-14

interactions 1-7, 12-6

overview 1-22

restrictions 1-7, 1-8, 12-6

signaling

configuring for phones 6-3

configuring for SIP trunk 23-3

with CTI/JTAPI/TAPI applications 20-3

etoken

changing password 4-18

configuring CTL client 4-9

F

file authentication

configuring for phones 6-3

overview 1-17

H

HTTPS

overview 2-1

virtual directories (table) 2-2

with Netscape 2-8, 2-10

I

image authentication

overview 1-17

integrity

overview 1-17

IPSec 1-14

configuration checklist (table) for IPSec 22-4

configuring 22-5

gateway or trunk considerations 22-5

infrastructure considerations 22-5

recommendations 22-5

J

JTAPI

configuration checklist (table) for securing 20-5

configuring security service parameters 20-13

L

locally significant certificate (LSC)

finding phones using 8-9

with CTI/JTAPI/TAPI applications 20-4

M

media encryption (See also encryption)

overview 1-22

MGCP gateway

configuration checklist (table) for security 22-4

configuring 22-5

N

NMAP scans

running 1-24

P

phone hardening

configuring 11-2

disabling the GARP setting 11-1

disabling the PC Port setting 11-2

disabling the PC Voice VLAN Access setting 11-2

disabling the Setting Access setting 11-2

disabling the Web Access setting 11-1

phone security profile

synchronizing configuration to applicable phones 6-11

port

CTL Provider 4-6

Ethernet phone 4-6

SIP secure 4-6

S

secure conference

Cisco Unified IP Phone support 12-5

conference bridge requirements 12-2

conference list 12-3

configuration checklist (table) 12-9

configuration tips 12-8

configuring minimum Meet-Me security 12-11

configuring packet capture 12-12

configuring secure conference bridge 12-10

CTI support 12-6

interactions 12-6

minimum Meet-Me security level 12-3

restrictions 12-6

security icons 12-3

security overview 12-1

trunks and gateways 12-6

secure sockets layer (SSL)

installing 1-14

with HTTPS 2-1

security

authentication overview 1-17

authorization overview 1-17

best practices 1-12

certificate types 1-15

configuration checklist for authentication and encryption (table) 1-25

CTL client overview 4-2

encryption overview 1-22

external CAs 1-15

features list 1-5

HTTPS 2-1

installing 1-14

interactions 1-7, 12-6

rebooting the cluster 1-12

rebooting the server 1-12

resetting devices 1-12

restarting Cisco Unified Communications Manager service 1-12

restrictions 1-7, 1-8, 12-6

SCCP calls (table) 1-5

SIP calls (table) 1-6

system requirements 1-5

terminology (table) 1-2

tokens 4-2, 4-7, 4-9, 4-12, 4-18

using barge with encryption 1-13

where to find more information 1-29

security by default 3-1

security mode

cluster

configuring 4-14

verifying 4-16

security profile

applying for SIP trunk 23-7

applying to Cisco Unified Mobility Advantage Server 25-4

applying to phones 6-10

configuration settings (table)

for phones that is running SIP 6-7

for phone that is running SCCP 6-4

for SIP trunk 23-4

configuration tips for phones 6-2

configuring for phones 6-3

configuring for SIP trunk 23-3

deleting for Cisco Unified Mobility Advantage server 25-5

deleting for phones 6-12

deleting for SIP trunk 23-9

finding for Cisco Unified Mobility Advantage servers 25-2

finding for phones 6-2

finding for SIP trunk 23-2

finding phones that use 6-12

overview for Cisco Unified Mobility Advantage 25-1

overview for phones 6-1

overview for SIP trunk 23-1

security token

configuring CTL client 4-9

signaling authentication

overview 1-17

signaling encryption

overview 1-22

SIP Trunk security profile

synchronizing configuration to applicable SIP trunks 23-8

Site Administrator Security Token (SAST) 4-2

SRST

configuration checklist (table) for securing 21-3

configuration tips for securing 21-2

overview for securing 21-1

troubleshooting

certificate deleted on gateway 21-5

SRST reference

configuration settings (table) for security 21-5

configuring 21-3

troubleshooting

deleting secured reference 21-5

T

TAPI

configuration checklist (table) for securing 20-5

configuring security service parameters 20-13

Tftp service 4-2

TLS Proxy server 4-2

transport layer security (TLS) 1-14

port 4-6

transport security

and real-time protocol (RTP) 1-14

and secure real-time protocol (SRTP) 1-14

configuration settings (table)

for phone that is running SCCP 6-4

for phone that is running SIP 6-7

for SIP trunk 23-4

configuring for phones that are running SIP 6-3

configuring for SIP trunk 23-3

IPSec 1-14

TLS 1-14

troubleshooting

deleting CTL file on phone 4-18

SRST certificate deleted on gateway 21-5

Trust Verification Service (TVS) 3-1

V

virtual private networks 15-1

VPN feature configuration 19-1

VPN gateways 16-1

VPN profiles 18-1

voice messaging

configuration checklist (table) for security 13-3

security overview 13-1

security requirements 13-1

voice messaging port

applying a security profile 13-3

applying a security profile using the Wizard 13-4

configuration checklist (table) for security 13-3

security overview 13-1

VPN feature configuration 19-1

VPN gateways 16-1

VPN profiles 18-1

	Cisco Unified Communications Manager Security Guide, Release 8.0(2)
	Index
Cisco Unified Communications Manager Security Guide, Release 8.0(2) Preface Security Basics Security Overview Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Security by Default Configuring the Cisco CTL Client Certificate Configuration Security for Cisco Unified IP Phones and Cisco Voice-Messaging Ports Phone Security Overview Configuring a Phone Security Profile Configuring Secure Tone on the Phone Using the Certificate Authority Proxy Function Configuring Encrypted Phone Configuration Files Configuring Digest Authentication for the SIP Phone Phone Hardening Configuring Secure Conference Resources Configuring Voice-Messaging Ports for Security Configuring Secure Call Monitoring and Recording Virtual Private Networks for Cisco Unified IP Phones Configuring Virtual Private Networks Configuring a VPN Gateway Configuring a VPN Group Configuring a VPN Profile VPN Feature Configuration Security for Cisco CTI, JTAPI, and TAPI Applications Configuring Authentication and Encryption for CTI, JTAPI, and TAPI Security for SRST References, Trunks, and Gateways Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Configuring Encryption for Gateways and Trunks Configuring a SIP Trunk Security Profile Configuring Digest Authentication for the SIP Trunk Configuring a Cisco Unified Mobility Advantage Server Security Profile Index	Download this chapter Index Download the complete book Cisco Unified Communications Manager Security Guide, Release 8.0(2) (PDF - 5 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - N - P - S - T - V - Index A authentication device 1-17 digest 1-17 interactions 1-7 overview 1-17 restrictions 1-7, 1-8 with CTI/JTAPI/TAPI applications 20-2 authentication string entering on phone 8-10 finding phones using 8-9 with CAPF 8-1 with CTI/JTAPI/TAPI applications 20-4 authorization configuration settings (table) for SIP trunk 23-4 configuring for SIP trunk 23-3 interactions 1-7 overview 1-17 B barge encryption restrictions with 1-13 security 12-1 security icons 12-3 C Certificate Authority Proxy Function (CAPF) activating service 8-6, 20-8 authentication string entering on phone 8-10 CAPF service 4-6 configuration checklist (table) 8-5 configuration settings (table) for CTI/JTAPI/TAPI applications 20-11 for phones 8-8 configuring an application user or end user CAPF profile 20-10 configuring in Cisco Unified Serviceability 8-5 deleting an application user or end user CAPF profile 20-12 finding an application user or end user CAPF profile 20-9 finding phones using LSC or authentication string 8-9 generating CAPF report 8-9 installing 1-14 interactions and requirements 8-4 interaction with Cisco Unified IP Phone 8-2 interaction with IPv6 addressing 8-3 overview 8-1 updating service parameters 8-6 using for phone certificate operations 8-7 viewing certificate operation status for application user or end user 20-14 with CTI/JTAPI/TAPI applications interactions and requirements 20-5 overview 20-4 updating service parameters 20-8 certificates external CAs 1-15 Netscape certificate 2-8, 2-10 types 1-15 Certificate Signing Requests (CSRs) 1-15 Cisco Unified IP Phone authentication string entering on phone 8-10 configuration checklist (table) for security 5-3 configuration settings (table) for CAPF 8-8 configuration tips for phone security profiles 6-2 deleting CTL file 4-18 disabling the GARP setting 11-1 disabling the PC Port setting 11-2 disabling the PC Voice VLAN Access setting 11-2 disabling the Setting Access setting 11-2 disabling the Web Access setting 11-1 encrypted configuration file 9-1 interaction with CAPF 8-2 secure conference support 12-5 security icons 1-6 understanding security 5-1 viewing security settings 5-3 computer telephony integration (CTI) configuration checklist (table) for securing 20-5 secure user groups adding application users and end users 20-7 conference bridge conference list 12-3 configuration checklist (table) for security 12-9 configuration tips for security 12-8 configuring minimum Meet-Me security 12-11 configuring packet capture on a secure conference bridge 12-12 configuring security 12-10 minimum Meet-Me security level 12-3 security 12-1 security icons 12-3 security interactions 12-6 security requirements 12-2 security restrictions 12-6 configuration file encryption 1-22 CTL client CAPF service 4-6 cluster security mode updating 4-14 configuration checklist (table) 4-4 configuration settings (table) 4-15 configuration tips 4-3 configuring CTL client 4-9 TLS port 4-6 CTL Provider service 4-5 deleting CTL file on phone 4-18 installing 1-14, 4-7 migrating 4-9 overview 4-2 security mode verifying 4-16 security token changing password 4-18 configuring CTL client 4-9 setting the Smart Card service 4-17 size limit 4-3 uninstalling 4-19 upgrading 4-9 verifying 4-19 version determining 4-19 CTL file deleting entry 4-14 deleting on phone 4-18 updating 4-12 CTL Provider activating service 4-5 D device authentication configuration settings (table) for phone that is running SCCP 6-4 for phone that is running SIP 6-7 for SIP trunk 23-4 configuring for phones 6-3 configuring for SIP trunk 23-3 overview 1-17 digest authentication associating digest user with a phone 10-4 cluster ID 24-2 configuration checklist (table) for phones 10-1 for SIP trunk 24-1 configuration settings (table) for application user digest credentials 24-3 for end user 10-3 for phone that is running SIP 6-7 for SIP realm 24-5 for SIP trunk 23-4 configuring a SIP realm 24-4 configuring digest credentials for application user 24-2 for end user 10-3 configuring for phones 6-3 configuring for SIP trunk 23-3 configuring service parameters 10-2 deleting a SIP realm 24-5 finding a SIP realm 24-3 overview 1-17 E encrypted configuration file configuration checklist (table) 9-5 configuration settings (table) for manual key 9-7 configuration tips 9-4 configuring manual key distribution 9-6 disabling 9-9 enabling 9-6 entering symmetric key 9-7 manual key configuration checklist (table) 9-7 manual key distribution 9-2 phone support 9-4 symmetric key encryption with public key 9-3 understanding 9-1 using symmetric key encryption w/public key 9-8 verifying 9-9 encryption configuration checklist (table) for gateways and trunks 22-4 configuration settings (table) for phone that is running SCCP 6-4 for phone that is running SIP 6-7 for SIP trunk 23-4 configuring for phones 6-3 configuring SRTP allowed check box 22-6 configuring with barge 1-13 for H.323/H.225/H.245 trunk 22-2 for H.323 gateway 22-2 for MGCP gateway 22-1 for SIP trunk 22-3 installing 1-14 interactions 1-7, 12-6 overview 1-22 restrictions 1-7, 1-8, 12-6 signaling configuring for phones 6-3 configuring for SIP trunk 23-3 with CTI/JTAPI/TAPI applications 20-3 etoken changing password 4-18 configuring CTL client 4-9 F file authentication configuring for phones 6-3 overview 1-17 H HTTPS overview 2-1 virtual directories (table) 2-2 with Netscape 2-8, 2-10 I image authentication overview 1-17 integrity overview 1-17 IPSec 1-14 configuration checklist (table) for IPSec 22-4 configuring 22-5 gateway or trunk considerations 22-5 infrastructure considerations 22-5 recommendations 22-5 J JTAPI configuration checklist (table) for securing 20-5 configuring security service parameters 20-13 L locally significant certificate (LSC) finding phones using 8-9 with CTI/JTAPI/TAPI applications 20-4 M media encryption (See also encryption) overview 1-22 MGCP gateway configuration checklist (table) for security 22-4 configuring 22-5 N NMAP scans running 1-24 P phone hardening configuring 11-2 disabling the GARP setting 11-1 disabling the PC Port setting 11-2 disabling the PC Voice VLAN Access setting 11-2 disabling the Setting Access setting 11-2 disabling the Web Access setting 11-1 phone security profile synchronizing configuration to applicable phones 6-11 port CTL Provider 4-6 Ethernet phone 4-6 SIP secure 4-6 S secure conference Cisco Unified IP Phone support 12-5 conference bridge requirements 12-2 conference list 12-3 configuration checklist (table) 12-9 configuration tips 12-8 configuring minimum Meet-Me security 12-11 configuring packet capture 12-12 configuring secure conference bridge 12-10 CTI support 12-6 interactions 12-6 minimum Meet-Me security level 12-3 restrictions 12-6 security icons 12-3 security overview 12-1 trunks and gateways 12-6 secure sockets layer (SSL) installing 1-14 with HTTPS 2-1 security authentication overview 1-17 authorization overview 1-17 best practices 1-12 certificate types 1-15 configuration checklist for authentication and encryption (table) 1-25 CTL client overview 4-2 encryption overview 1-22 external CAs 1-15 features list 1-5 HTTPS 2-1 installing 1-14 interactions 1-7, 12-6 rebooting the cluster 1-12 rebooting the server 1-12 resetting devices 1-12 restarting Cisco Unified Communications Manager service 1-12 restrictions 1-7, 1-8, 12-6 SCCP calls (table) 1-5 SIP calls (table) 1-6 system requirements 1-5 terminology (table) 1-2 tokens 4-2, 4-7, 4-9, 4-12, 4-18 using barge with encryption 1-13 where to find more information 1-29 security by default 3-1 security mode cluster configuring 4-14 verifying 4-16 security profile applying for SIP trunk 23-7 applying to Cisco Unified Mobility Advantage Server 25-4 applying to phones 6-10 configuration settings (table) for phones that is running SIP 6-7 for phone that is running SCCP 6-4 for SIP trunk 23-4 configuration tips for phones 6-2 configuring for phones 6-3 configuring for SIP trunk 23-3 deleting for Cisco Unified Mobility Advantage server 25-5 deleting for phones 6-12 deleting for SIP trunk 23-9 finding for Cisco Unified Mobility Advantage servers 25-2 finding for phones 6-2 finding for SIP trunk 23-2 finding phones that use 6-12 overview for Cisco Unified Mobility Advantage 25-1 overview for phones 6-1 overview for SIP trunk 23-1 security token configuring CTL client 4-9 signaling authentication overview 1-17 signaling encryption overview 1-22 SIP Trunk security profile synchronizing configuration to applicable SIP trunks 23-8 Site Administrator Security Token (SAST) 4-2 SRST configuration checklist (table) for securing 21-3 configuration tips for securing 21-2 overview for securing 21-1 troubleshooting certificate deleted on gateway 21-5 SRST reference configuration settings (table) for security 21-5 configuring 21-3 troubleshooting deleting secured reference 21-5 T TAPI configuration checklist (table) for securing 20-5 configuring security service parameters 20-13 Tftp service 4-2 TLS Proxy server 4-2 transport layer security (TLS) 1-14 port 4-6 transport security and real-time protocol (RTP) 1-14 and secure real-time protocol (SRTP) 1-14 configuration settings (table) for phone that is running SCCP 6-4 for phone that is running SIP 6-7 for SIP trunk 23-4 configuring for phones that are running SIP 6-3 configuring for SIP trunk 23-3 IPSec 1-14 TLS 1-14 troubleshooting deleting CTL file on phone 4-18 SRST certificate deleted on gateway 21-5 Trust Verification Service (TVS) 3-1 V virtual private networks 15-1 VPN feature configuration 19-1 VPN gateways 16-1 VPN profiles 18-1 voice messaging configuration checklist (table) for security 13-3 security overview 13-1 security requirements 13-1 voice messaging port applying a security profile 13-3 applying a security profile using the Wizard 13-4 configuration checklist (table) for security 13-3 security overview 13-1 VPN feature configuration 19-1 VPN gateways 16-1 VPN profiles 18-1
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks