Cisco Unified CallManager Security Guide, Release 5.0(4) - Index [Cisco Unified Communications Manager (CallManager)]

Table Of Contents

A - B - C - D - E - F - H - I - J - L - M - P - S - T - V -

Index

A

authentication

See also device authentication

See also digest authentication

interactions 1-5, 1-6

overview 1-14

restrictions 1-5

with CTI/JTAPI/TAPI applications 11-2

authentication string 6-2, 11-4

entering on phone 6-9

finding phones using 6-8

authorization 1-14

configuration settings (table)

for SIP trunk 14-3

configuring for SIP trunk 14-2

interactions 1-6

overview 1-14

B

barge

encryption restrictions with 1-11

C

Certificate Authority Proxy Function (CAPF)

activating service 6-5, 11-8

authentication string 6-2

entering on phone 6-9

CAPF service 3-4

configuration checklist (table) 6-4

configuration settings (table)

for CTI/JTAPI/TAPI applications 11-12

for phones 6-7

configuring an application user or end user CAPF profile 11-10

configuring in Cisco Unified CallManager Serviceability 6-4

deleting an application user or end user CAPF profile 11-13

finding an application user or end user CAPF profile 11-10

finding phones using LSC or authentication string 6-8

generating CAPF report 6-8

installing 1-11

interactions and requirements 6-3

with CTI/JTAPI/TAPI applications 11-5

interaction with Cisco Unified IP Phone 6-2

overview 6-2

for CTI/JTAPI/TAPI applications 11-4

updating service parameters 6-6

for CTI/JTAPI/TAPI 11-9

using for phone certificate operations 6-6

viewing certificate operation status for application user or end user 11-15

certificates

Internet Explorer certificate 2-2

Netscape certificate 2-5

types 1-12

Cisco Unified IP Phone

See also encrypted configuration file

authentication string

entering on phone 6-9

configuration checklist (table) for security 4-2

configuration settings (table)

for CAPF 6-7

configuration tips for phone security profiles 5-1

deleting CTL file 3-14

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

interaction with CAPF 6-2

security icons 1-5

restrictions 1-9

understanding security 4-1

viewing security settings 4-2

computer telephony integration (CTI)

configuration checklist (table) for securing 11-5

secure user groups

adding application users and end users 11-7

configuration file encryption

See encrypted configuration file

CTL client

CAPF service 3-4

clusterwide security mode

updating 3-11

configuration checklist (table) 3-3

configuration settings (table) 3-11

configuration tips 3-2

configuring 3-7

TLS ports 3-4

CTL Provider service 3-3

deleting CTL file on phone 3-14

installing 1-11, 3-6

migrating 3-7

overview 3-2

security mode

verifying 3-13

security token password

changing 3-14

setting the Smart Card service 3-13

uninstalling 3-16

upgrading 3-7

verifying 3-16

version

determining 3-15

CTL file

deleting entry 3-11

deleting on phone 3-14

updating 3-9

CTL Provider

activating service 3-3

D

device authentication 1-14

configuration settings (table)

for SCCP phone 5-4

for SIP phones 5-6

for SIP trunk 14-3

configuring for phones 5-3

configuring for SIP trunk 14-2

digest authentication 1-14

associating digest user with a phone 8-4

cluster ID 15-2

configuration checklist (table)

for phones 8-1

for SIP trunk 15-1

configuration settings (table)

for application user digest credentials 15-3

for end user 8-3

for SIP phones 5-6

for SIP realm 15-5

for SIP trunk 14-3

configuring a SIP realm 15-4

configuring digest credentials

for application user 15-2

for end user 8-3

configuring for phones 5-3

configuring for SIP trunk 14-2

configuring service parameters 8-2

deleting a SIP realm 15-5

finding a SIP realm 15-3

document

audience xii

conventions xiv

organization xii

purpose xii

related documentation xiv

E

encrypted configuration file

configuration checklist (table) 7-5

configuration settings (table)

for manual key 7-7

configuration tips 7-4

configuring manual key distribution 7-6

disabling 7-9

enabling 7-6

entering symmetric key 7-8

manual key configuration checklist (table) 7-7

manual key distribution 7-2

phone support 7-4

symmetric key encryption with public key 7-3

understanding

using symmetric key encryption w/public key 7-8

verifying 7-8

encryption

configuration checklist (table) for gateways and trunks 13-4

configuration settings (table)

for SCCP phone 5-4

for SIP phone security profiles 5-6

for SIP trunk 14-3

configuring for phones 5-3

configuring SRTP allowed check box 13-6

configuring with barge 1-11

installing 1-11

interactions 1-5, 1-6

overview 1-18

overview for H.323/H.225/H.245 trunk 13-2

overview for H.323 gateway 13-2

overview for MGCP gateway 13-1

overview for SIP trunk 13-3

restrictions 1-5, 1-6

with authentication 1-7

with barge 1-7

with media resources 1-8

with packet capturing 1-9

with phone and trunk devices 1-8

with security icons 1-9

signaling

configuring for phones 5-3

configuring for SIP trunk 14-2

with CTI/JTAPI/TAPI applications 11-3

etoken

changing password 3-14

F

file authentication 1-14

configuring for phones 5-3

H

HTTPS

overview 2-1

virtual directories (table) 2-1

with Internet Explorer 2-2

with Netscape 2-5

I

image authentication 1-14

integrity

overview 1-14

IP Phone

see Cisco Unified IP Phone

IPSec 1-12

configuration checklist (table) for IPSec 13-4

configuring 13-5

gateway or trunk considerations 13-5

infrastructure considerations 13-5

recommendations 13-5

J

JTAPI

configuration checklist (table) for securing 11-5

configuring security service parameters 11-14

L

locally significant certificate (LSC)

finding phones using 6-8

with CTI/JTAPI/TAPI applications 11-4

M

media encryption (see also encryption)

overview 1-18

MGCP gateway

configuration checklist (table) for security 13-4

configuring 13-5

mode

mixed 1-9

nonsecure 1-9

P

phone hardening

configuring 9-3

disabling the GARP setting 9-1

disabling the PC Port setting 9-2

disabling the PC Voice VLAN Access setting 9-2

disabling the Setting Access setting 9-2

disabling the Web Access setting 9-1

port

CTL Provider 3-4

Ethernet phone 3-4

SIP secure 3-4

S

secure sockets layer (SSL)

installing 1-11

with HTTPS 2-1

security

authentication overview 1-14

authorization overview 1-14

best practices 1-10

certificate types 1-12

configuration checklist for authentication and encryption (table) 1-20

CTL client overview 3-2

encryption overview

features list 1-4

features list (table) 1-5

HTTPS 2-1

installing 1-11

interactions 1-5, 1-6

rebooting the cluster 1-10

rebooting the server 1-10

resetting devices 1-10

restarting Cisco Unified CallManager service 1-10

restrictions 1-5, 1-6

system requirements 1-4

terminology (table) 1-2

tokens 3-2, 3-6, 3-7, 3-9, 3-14

using barge with encryption 1-11

where to find more information 1-24

security mode

clusterwide

configuring 3-11

verifying 3-13

restrictions

cluster and device modes 1-9

security profile

applying for SIP trunk 14-7

applying to phones 5-9

configuration settings (table)

for SCCP phone 5-4

for SIP phones 5-6

for SIP trunk 14-3

configuration tips for phones 5-1

configuring for phones 5-3

configuring for SIP trunk 14-2

deleting for phones 5-10

deleting for SIP trunk 14-8

finding for phones 5-2

finding for SIP trunk 14-2

finding phones that use 5-11

overview for phones 5-1

overview for SIP trunk 14-1

signaling authentication

overview 1-14

signaling encryption

overview 1-18

Site Administrator Security Token (SAST) 3-2

SRST

configuration checklist (table) for securing 12-3

configuration tips for securing 12-2

overview for securing 12-1

troubleshooting

certificate deleted on gateway 12-5

SRST reference

configuration settings (table) for security 12-5

configuring 12-3

troubleshooting

deleting secured reference 12-5

T

TAPI

configuration checklist (table) for securing 11-5

configuring security service parameters 11-14

TFTP services 3-2

transport layer security (TLS) 1-12

port 3-4

transport security

and real-time protocol (RTP) 1-12

and secure real-time protocol (SRTP) 1-12

configuration settings (table)

for SCCP phone 5-4

for SIP phone 5-6

for SIP trunk 14-3

configuring for SIP phones 5-3

configuring for SIP trunk 14-2

IPSec 1-12

TLS 1-12

troubleshooting

deleting CTL file on phone 3-14

SRST certificate deleted on gateway 12-5

V

voice messaging

configuration checklist (table) for security 10-2

security overview 10-1

security requirements 10-1

voice messaging port

applying a security profile 10-3

applying a security profile using the Wizard 10-4

configuration checklist (table) for security 10-2

security overview 10-1

	Cisco Unified CallManager Security Guide, Release 5.0(4)
	Index
Cisco Unified CallManager Security Guide, Release 5.0(4) Index Preface Security Overview (Revised 10/2/2006) Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) Configuring the Cisco CTL Client Phone Security Overview (Revised 10/2/2006) Configuring a Phone Security Profile Using the Certificate Authority Proxy Function (Revised 10/2/2006) Configuring Encrypted Phone Configuration Files (Revised 10/2/2006) Configuring Digest Authentication for the SIP Phone Phone Hardening Configuring Voice Messaging Ports for Security Configuring Authentication and Encryption for CTI, JTAPI, and TAPI (Revised 9/26/2006) Configuring a Secure Survivable Remote Site Telephony (SRST) Reference Configuring Encryption for Gateways and Trunks Configuring a SIP Trunk Security Profile Configuring Digest Authentication for the SIP Trunk	Download this chapter Index Download the complete book PDF of Entire Book (PDF - 2 MB) Feedback Table Of Contents A - B - C - D - E - F - H - I - J - L - M - P - S - T - V - Index A authentication See also device authentication See also digest authentication interactions 1-5, 1-6 overview 1-14 restrictions 1-5 with CTI/JTAPI/TAPI applications 11-2 authentication string 6-2, 11-4 entering on phone 6-9 finding phones using 6-8 authorization 1-14 configuration settings (table) for SIP trunk 14-3 configuring for SIP trunk 14-2 interactions 1-6 overview 1-14 B barge encryption restrictions with 1-11 C Certificate Authority Proxy Function (CAPF) activating service 6-5, 11-8 authentication string 6-2 entering on phone 6-9 CAPF service 3-4 configuration checklist (table) 6-4 configuration settings (table) for CTI/JTAPI/TAPI applications 11-12 for phones 6-7 configuring an application user or end user CAPF profile 11-10 configuring in Cisco Unified CallManager Serviceability 6-4 deleting an application user or end user CAPF profile 11-13 finding an application user or end user CAPF profile 11-10 finding phones using LSC or authentication string 6-8 generating CAPF report 6-8 installing 1-11 interactions and requirements 6-3 with CTI/JTAPI/TAPI applications 11-5 interaction with Cisco Unified IP Phone 6-2 overview 6-2 for CTI/JTAPI/TAPI applications 11-4 updating service parameters 6-6 for CTI/JTAPI/TAPI 11-9 using for phone certificate operations 6-6 viewing certificate operation status for application user or end user 11-15 certificates Internet Explorer certificate 2-2 Netscape certificate 2-5 types 1-12 Cisco Unified IP Phone See also encrypted configuration file authentication string entering on phone 6-9 configuration checklist (table) for security 4-2 configuration settings (table) for CAPF 6-7 configuration tips for phone security profiles 5-1 deleting CTL file 3-14 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 interaction with CAPF 6-2 security icons 1-5 restrictions 1-9 understanding security 4-1 viewing security settings 4-2 computer telephony integration (CTI) configuration checklist (table) for securing 11-5 secure user groups adding application users and end users 11-7 configuration file encryption See encrypted configuration file CTL client CAPF service 3-4 clusterwide security mode updating 3-11 configuration checklist (table) 3-3 configuration settings (table) 3-11 configuration tips 3-2 configuring 3-7 TLS ports 3-4 CTL Provider service 3-3 deleting CTL file on phone 3-14 installing 1-11, 3-6 migrating 3-7 overview 3-2 security mode verifying 3-13 security token password changing 3-14 setting the Smart Card service 3-13 uninstalling 3-16 upgrading 3-7 verifying 3-16 version determining 3-15 CTL file deleting entry 3-11 deleting on phone 3-14 updating 3-9 CTL Provider activating service 3-3 D device authentication 1-14 configuration settings (table) for SCCP phone 5-4 for SIP phones 5-6 for SIP trunk 14-3 configuring for phones 5-3 configuring for SIP trunk 14-2 digest authentication 1-14 associating digest user with a phone 8-4 cluster ID 15-2 configuration checklist (table) for phones 8-1 for SIP trunk 15-1 configuration settings (table) for application user digest credentials 15-3 for end user 8-3 for SIP phones 5-6 for SIP realm 15-5 for SIP trunk 14-3 configuring a SIP realm 15-4 configuring digest credentials for application user 15-2 for end user 8-3 configuring for phones 5-3 configuring for SIP trunk 14-2 configuring service parameters 8-2 deleting a SIP realm 15-5 finding a SIP realm 15-3 document audience xii conventions xiv organization xii purpose xii related documentation xiv E encrypted configuration file configuration checklist (table) 7-5 configuration settings (table) for manual key 7-7 configuration tips 7-4 configuring manual key distribution 7-6 disabling 7-9 enabling 7-6 entering symmetric key 7-8 manual key configuration checklist (table) 7-7 manual key distribution 7-2 phone support 7-4 symmetric key encryption with public key 7-3 understanding using symmetric key encryption w/public key 7-8 verifying 7-8 encryption configuration checklist (table) for gateways and trunks 13-4 configuration settings (table) for SCCP phone 5-4 for SIP phone security profiles 5-6 for SIP trunk 14-3 configuring for phones 5-3 configuring SRTP allowed check box 13-6 configuring with barge 1-11 installing 1-11 interactions 1-5, 1-6 overview 1-18 overview for H.323/H.225/H.245 trunk 13-2 overview for H.323 gateway 13-2 overview for MGCP gateway 13-1 overview for SIP trunk 13-3 restrictions 1-5, 1-6 with authentication 1-7 with barge 1-7 with media resources 1-8 with packet capturing 1-9 with phone and trunk devices 1-8 with security icons 1-9 signaling configuring for phones 5-3 configuring for SIP trunk 14-2 with CTI/JTAPI/TAPI applications 11-3 etoken changing password 3-14 F file authentication 1-14 configuring for phones 5-3 H HTTPS overview 2-1 virtual directories (table) 2-1 with Internet Explorer 2-2 with Netscape 2-5 I image authentication 1-14 integrity overview 1-14 IP Phone see Cisco Unified IP Phone IPSec 1-12 configuration checklist (table) for IPSec 13-4 configuring 13-5 gateway or trunk considerations 13-5 infrastructure considerations 13-5 recommendations 13-5 J JTAPI configuration checklist (table) for securing 11-5 configuring security service parameters 11-14 L locally significant certificate (LSC) finding phones using 6-8 with CTI/JTAPI/TAPI applications 11-4 M media encryption (see also encryption) overview 1-18 MGCP gateway configuration checklist (table) for security 13-4 configuring 13-5 mode mixed 1-9 nonsecure 1-9 P phone hardening configuring 9-3 disabling the GARP setting 9-1 disabling the PC Port setting 9-2 disabling the PC Voice VLAN Access setting 9-2 disabling the Setting Access setting 9-2 disabling the Web Access setting 9-1 port CTL Provider 3-4 Ethernet phone 3-4 SIP secure 3-4 S secure sockets layer (SSL) installing 1-11 with HTTPS 2-1 security authentication overview 1-14 authorization overview 1-14 best practices 1-10 certificate types 1-12 configuration checklist for authentication and encryption (table) 1-20 CTL client overview 3-2 encryption overview features list 1-4 features list (table) 1-5 HTTPS 2-1 installing 1-11 interactions 1-5, 1-6 rebooting the cluster 1-10 rebooting the server 1-10 resetting devices 1-10 restarting Cisco Unified CallManager service 1-10 restrictions 1-5, 1-6 system requirements 1-4 terminology (table) 1-2 tokens 3-2, 3-6, 3-7, 3-9, 3-14 using barge with encryption 1-11 where to find more information 1-24 security mode clusterwide configuring 3-11 verifying 3-13 restrictions cluster and device modes 1-9 security profile applying for SIP trunk 14-7 applying to phones 5-9 configuration settings (table) for SCCP phone 5-4 for SIP phones 5-6 for SIP trunk 14-3 configuration tips for phones 5-1 configuring for phones 5-3 configuring for SIP trunk 14-2 deleting for phones 5-10 deleting for SIP trunk 14-8 finding for phones 5-2 finding for SIP trunk 14-2 finding phones that use 5-11 overview for phones 5-1 overview for SIP trunk 14-1 signaling authentication overview 1-14 signaling encryption overview 1-18 Site Administrator Security Token (SAST) 3-2 SRST configuration checklist (table) for securing 12-3 configuration tips for securing 12-2 overview for securing 12-1 troubleshooting certificate deleted on gateway 12-5 SRST reference configuration settings (table) for security 12-5 configuring 12-3 troubleshooting deleting secured reference 12-5 T TAPI configuration checklist (table) for securing 11-5 configuring security service parameters 11-14 TFTP services 3-2 transport layer security (TLS) 1-12 port 3-4 transport security and real-time protocol (RTP) 1-12 and secure real-time protocol (SRTP) 1-12 configuration settings (table) for SCCP phone 5-4 for SIP phone 5-6 for SIP trunk 14-3 configuring for SIP phones 5-3 configuring for SIP trunk 14-2 IPSec 1-12 TLS 1-12 troubleshooting deleting CTL file on phone 3-14 SRST certificate deleted on gateway 12-5 V voice messaging configuration checklist (table) for security 10-2 security overview 10-1 security requirements 10-1 voice messaging port applying a security profile 10-3 applying a security profile using the Wizard 10-4 configuration checklist (table) for security 10-2 security overview 10-1
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks