Table Of Contents
Cisco Unified Communications Manager Authentication and Encryption of Cisco Unity Connection Voice Messaging Ports
Cisco Unified CM Security Features
Functional Overview
Requirements
Security Mode Settings in Cisco Unity Connection
Cisco Unified Communications Manager Authentication and Encryption of Cisco Unity Connection Voice Messaging Ports
A potential point of vulnerability for a Cisco Unity Connection system is the connection between Cisco Unity Connection and Cisco Unified Communications Manager. Possible threats include:
•
Man-in-the-middle attacks (a process in which an attacker observes and modifies the information flow between Cisco Unified CM and the Cisco Unity Connection voice messaging ports)
•Network traffic sniffing (a process in which an attacker uses software to capture phone conversations and signaling information that flow between Cisco Unified CM, the Cisco Unity Connection voice messaging ports, and IP phones that are managed by Cisco Unified CM)
•Modification of call signaling between the Cisco Unity Connection voice messaging ports and Cisco Unified CM
•Modification of the media stream between the Cisco Unity Connection voice messaging ports and the endpoint (for example, a phone or gateway)
•Identity theft of the Cisco Unity Connection voice messaging port (a process in which a non-Cisco Unity Connection device presents itself to Cisco Unified CM as a Cisco Unity Connection voice messaging port)
•Identity theft of the Cisco Unified CM server (a process in which a non-Cisco Unified CM server presents itself to Cisco Unity Connection voice messaging ports as a Cisco Unified CM server)
Cisco Unified CM Security Features
Cisco Unified CM 4.1(3) or later can secure the connection with Cisco Unity Connection against these threats. The Cisco Unified CM security features that Cisco Unity Connection can take advantage of are described in Table A-1.
Table A-1 Cisco Unified CM Security Features That Are Used by Cisco Unity Connection
Security Feature
|
Description
|
Signaling authentication
|
The process that uses the Transport Layer Security (TLS) protocol to validate that no tampering has occurred to signaling packets during transmission. Signaling authentication relies on the creation of the Cisco Certificate Trust List (CTL) file.
Impact on Threats: This feature protects against:
•Man-in-the-middle attacks that modify the information flow between Cisco Unified CM and the Cisco Unity Connection voice messaging ports.
•Modification of the call signalling.
•Identity theft of the Cisco Unity Connection voice messaging port.
•Identity theft of the Cisco Unified CM server.
|
Device authentication
|
The process that validates the identity of the device and ensures that the entity is what it claims to be. This process occurs between Cisco Unified CM and Cisco Unity Connection voice messaging ports when each device accepts the certificate of the other device. When the certificates are accepted, a secure connection between the devices is established. Device authentication relies on the creation of the Cisco Certificate Trust List (CTL) file.
Impact on Threats: This feature protects against:
•Man-in-the-middle attacks that modify the information flow between Cisco Unified CM and the Cisco Unity Connection voice messaging ports.
•Modification of the media stream.
•Identity theft of the Cisco Unity Connection voice messaging port.
•Identity theft of the Cisco Unified CM server.
|
Signaling encryption
|
The process that uses cryptographic methods to protect (through encryption) the confidentiality of all SCCP signaling messages that are sent between the Cisco Unity Connection voice messaging ports and Cisco Unified CM. Signaling encryption ensures that the information that pertains to the parties, DTMF digits that are entered by the parties, call status, media encryption keys, and so on are protected against unintended or unauthorized access.
Impact on Threats: This feature protects against:
•Man-in-the-middle attacks that observe the information flow between Cisco Unified CM and the Cisco Unity Connection voice messaging ports.
•Network traffic sniffing that observes the signaling information flow between Cisco Unified CM and the Cisco Unity Connection voice messaging ports.
|
Media encryption
|
The process whereby the confidentiality of the media occurs through the use of cryptographic procedures. This process uses Secure Real Time Protocol (SRTP) as defined in IETF RFC 3711, and ensures that only the intended recipient can interpret the media streams between Cisco Unity Connection voice messaging ports and the endpoint (for example, a phone or gateway). Support includes audio streams only. Media encryption includes creating a media master key pair for the devices, delivering the keys to Cisco Unity Connection and the endpoint, and securing the delivery of the keys while the keys are in transport. Cisco Unity Connection and the endpoint use the keys to encrypt and decrypt the media stream.
Impact on Threats: This feature protects against:
•Man-in-the-middle attacks that listen to the media stream between Cisco Unified CM and the Cisco Unity Connection voice messaging ports.
•Network traffic sniffing that eavesdrops on phone conversations that flow between Cisco Unified CM, the Cisco Unity Connection voice messaging ports, and IP phones that are managed by Cisco Unified CM.
|
Authentication and signaling encryption serve as the minimum requirements for media encryption; that is, if the devices do not support signaling encryption and authentication, media encryption cannot occur.
Note Cisco Unified CM authentication and encryption protects only calls to v. Messages recorded on the message store are not protected by the Cisco Unified CM authentication and encryption features.
Functional Overview
The security features (authentication and encryption) between Cisco Unity Connection and Cisco Unified CM require the following:
•A Cisco Unified CM CTL file that lists all Cisco Unified CM servers that are entered in Cisco Unity Connection Administration for secure clusters.
•A Cisco Unity Connection server root certificate for each Cisco Unity Connection server that uses authentication and/or encryption. A root certificate is valid for 20 years from the time it was created.
•Cisco Unity Connection voice messaging port device certificates that are rooted in the Cisco Unity Connection server root certificate and that the voice messaging ports present when registering with the Cisco Unified CM server.
The process of authentication and encryption of Cisco Unity Connection voice messaging ports is as follows:
1. Each Cisco Unity Connection voice messaging port connects to the TFTP server, downloads the CTL file, and extracts the certificates for all Cisco Unified CM servers.
2. Each Cisco Unity Connection voice messaging port establishes a network connection to the Cisco Unified CM TLS port. By default, the TLS port is 2443, though the port number is configurable.
3. Each Cisco Unity Connection voice messaging port establishes a TLS connection to the Cisco Unified CM server, at which time the device certificate is verified and the voice messaging port is authenticated.
4. Each Cisco Unity Connection voice messaging port registers with the Cisco Unified CM server, specifying whether the voice messaging port will also use media encryption.
Behavior for Calls
When a call is made between Cisco Unity Connection and Cisco Unified CM, the call-signaling messages and the media stream are handled in the following manner:
•If both end points are set for encrypted mode, the call-signaling messages and the media stream are encrypted.
•If one end point is set for authenticated mode and the other end point is set for encrypted mode, the call-signaling messages are authenticated. But neither the call-signaling messages nor the media stream are encrypted.
•If one end point is set for non-secure mode and the other end point is set for encrypted mode, neither the call-signaling messages nor the media stream are encrypted.
Requirements
Cisco Unified CM security features for voice messaging ports have the following requirements:
Cisco Unified Communications Manager Server
•A license that enables the applicable number of voice messaging ports.
•Two secure tokens, installed.
•In Cisco Unified CM Administration, on the System > Enterprise Parameters Configuration page, under Security Parameters, the Cluster Security Mode parameter set to 1 (enabled).
For instructions, refer to the "Configuring the Cisco CTL Client" chapter of the Cisco Unified Communications Manager Security Guide at http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_maintenance_guides_list.html.
•In Cisco Unified Serviceability, on the Tools > Control Center - Feature Services page, under CM Services, the Cisco CallManager and Cisco Tftp services restarted.
•A phone security profile with the device security mode set to the same security mode as the Cisco Unified CM ports and the Cisco Unity Connection ports.
•On the Device > Phone > Phone Configuration page for the applicable phones:
–Under Protocol Specific Information, the Device Security Profile field set to the applicable phone security profile.
–Under Certification Authority Proxy Function (CAPF) Information, the Certification Operation field set to Install/Upgrade.
•The Cisco Unified CM ports set to the same security mode as the applicable phones and the Cisco Unity Connection ports.
•The Cisco Unity Connection root certificate uploaded to all Cisco Unified CM servers in all clusters.
Cisco IP Phones
•The individual (physical) phones with the following settings on the Settings > Security Configuration screen:
–Security Mode set to the same security mode as the Cisco Unified CM ports and the Cisco Unity Connection ports.
–MIC set to Installed.
–LCS set to Installed.
Cisco Unity Connection Server
•A license that enables the applicable number of voice messaging ports.
•The Cisco Unity Connection ports set to the same security mode as the Cisco Unified CM ports and the applicable phones.
For instructions, see the applicable chapter in this guide.
Security Mode Settings in Cisco Unity Connection
The Security Mode settings in Cisco Unity Connection Administration determine how the ports handle call-signaling messages and whether encryption of the media stream is possible. Table A-2 describes the effect of the Security Mode settings on the Telephony Integrations > Port > Port Basics page for each port.
Table A-2 Security Mode Settings for Voice Messaging Ports
Setting
|
Effect
|
Non-secure
|
The integrity and privacy of call-signaling messages will not be ensured because call-signaling messages will be sent as clear (unencrypted) text and will be connected to Cisco Unified CM through a non-authenticated port rather than an authenticated TLS port.
In addition, the media stream cannot be encrypted.
|
Authenticated
|
The integrity of call-signaling messages will be ensured because they will be connected to Cisco Unified CM through an authenticated TLS port. However, the privacy of call-signaling messages will not be ensured because they will be sent as clear (unencrypted) text.
In addition, the media stream will not be encrypted.
|
Encrypted
|
The integrity and privacy of call-signaling messages will be ensured because they will be connected to Cisco Unified CM through an authenticated TLS port, and the call-signaling messages will be encrypted.
In addition, the media stream can be encrypted.
Caution Both end points must be registered in encrypted mode for the media stream to be encrypted. However, when one end point is set for non-secure or authenticated mode and the other end point is set for encrypted mode, the media stream will not be encrypted. Also, if an intervening device (such as a transcoder or gateway) is not enabled for encryption, the media stream will not be encrypted.
|
Disabling and Re-Enabling Security
The authentication and encryption features between Cisco Unity Connection and Cisco Unified CM can be enabled and disabled by changing the Security Mode for all Cisco Unified CM clusters to Non-Secure, and by changing the applicable settings in the Cisco Unified CM Administration.
Authentication and encryption can be re-enabled by changing the Security Mode to Authenticated or Encrypted.
Note After disabling or re-enabling authentication and encryption, it is not necessary to export the Cisco Unity Connection server root certificate and copy it to all Cisco Unified CM servers.
Multiple Clusters Can Have Multiple Settings
When Cisco Unity Connection has multiple Cisco Unified CM phone system integrations, each Cisco Unified CM phone system integration can have different Security Mode settings. For example, one Cisco Unified CM phone system integration can be set to Encrypted, and a second Cisco Unified CM phone system integration can be set to Non-Secure.
Settings for Individual Voice Messaging Ports
For troubleshooting purposes, authentication and encryption for Cisco Unity Connection voice messaging ports can be individually enabled and disabled. At all other times, we recommend that the Security Mode setting for all individual voice messaging ports in a Cisco Unified CM port group be the same.
Feedback
