Cisco Systems OL-14619-01 Cisco Unified Communications Manager Security Features, Description

Page 69

Chapter 6 Integrating Cisco Unity with the Phone System

Integrating with Cisco Unified Communications Manager (by Using SCCP or SIP)

Identity theft of the Cisco Unity voice messaging port, in which a non-Cisco Unity device presents itself to Cisco Unified CM as a Cisco Unity voice messaging port.

Identity theft of the Cisco Unified CM server, in which a non-Cisco Unified CM server presents itself to Cisco Unity voice messaging ports as a Cisco Unified CM server.

Note SIP integrations do not support Cisco Unified CM authentication or encryption.

See the following sections for additional details:

Cisco Unified Communications Manager Security Features, page 6-13

When Data Is Encrypted, page 6-15

Cisco Unified Communications Manager Cluster Security Mode Settings in Cisco Unity, page 6-15

Disabling and Re-Enabling Security, page 6-16

Multiple Integrations Can Have Different Security Mode Settings, page 6-16

Settings for Individual Voice Messaging Ports, page 6-16

Cisco Unified Communications Manager Security Features

 

Cisco Unified CM 4.1(3) or later can secure the connection with Cisco Unity against these threats. The

 

Cisco Unified CM security features that Cisco Unity can take advantage of are described in Table 6-3.

Table 6-3

Cisco Unified Communications Manager Security Features That Are Used by Cisco Unity

 

 

Security Feature

Description

 

 

Signaling

Uses the Transport Layer Security (TLS) protocol to validate that no tampering has occurred to

authentication

signaling packets during transmission. Signaling authentication relies on the creation of the Cisco

 

Certificate Trust List (CTL) file.

 

This feature protects against:

Man-in-the-middle attacks that modify the information flow between Cisco Unified CM and the Cisco Unity voice messaging ports.

Modification of the call signaling.

Identity theft of the Cisco Unity voice messaging port.

Identity theft of the Cisco Unified CM server.

Device

Validates the identity of the device. This process occurs between Cisco Unified CM and Cisco Unity

authentication

voice messaging ports when each device accepts the certificate of the other device. When the

 

certificates are accepted, a secure connection between the devices is established. Device authentication

 

relies on the creation of the Cisco Certificate Trust List (CTL) file.

 

This feature protects against:

Man-in-the-middle attacks that modify the information flow between Cisco Unified CM and the Cisco Unity voice messaging ports.

Modification of the media stream.

Identity theft of the Cisco Unity voice messaging port.

Identity theft of the Cisco Unified CM server.

 

 

Design Guide for Cisco Unity Release 5.x

 

 

 

 

 

 

OL-14619-01

 

 

6-13

 

 

 

 

 

Page 68 Page 70
Image 69
Page 68 Page 70
Contents Americas Headquarters Design Guide for Cisco UnityDesign Guide for Cisco Unity Release N T E N T S Workstations Authentication Centralized Voice Messaging Configuration Viii Document Conventions AudienceSupport Policy for Optional Third-Party Software Cisco Product Security Overview Xii Design Guide Overview Product Area Design or Feature DocumentationDesign Guide for Cisco Unity Bridge at Page Design Guide Overview Design Guide for Cisco Unity Release How Cisco Unity Works Cisco Unity ConceptsVoice Messaging Unified MessagingHardware Components of a Cisco Unity System Cisco Unity Supported Platforms List at One or More Cisco Unity ServersNetwork Connection Optional for Some Configurations Software Components of a Cisco Unity System Where Cisco Unity Stores DataVoice Messages Are Stored in Domino or Exchange DominoExchange Enabling Cisco Unity Servers to Communicate with One Another Networking Guide for Cisco Unity at Some Configuration Settings Are Stored in the Registry Availability of Network Resources Name ResolutionAvailability of Message Store Servers Domain Controller Access and AvailabilitySizing and Scaling Cisco Unity Servers Using Firewalls with Cisco UnityNumber of Voice Ports Storage Capacity for Voice MessagesHow Codecs Affect the File Size of Voice Messages Audio CodecsInteroperability Among Multiple Voice-Messaging Systems TTS, TTY, Pocket PCs, and Hand-Held ComputersAudio Codec Quality RatingDeployment Models Unified Messaging with Customer-Provided Infrastructure Multi-Site WAN with Distributed Messaging Voice Messaging with Customer-Provided InfrastructurePhysical Placement and Network Infrastructure Active Directory Considerations Considerations for Customer-Provided InfrastructureDesign Guide for Cisco Unity Release Exchange Considerations All Versions Exchange Considerations That Apply Only Exchange Considerations for Cisco-Provided, Dedicated Infrastructure OL-14619-01 Overview of Cisco Unity with Domino and Notes Domino Address Book Terminology Maximum Number of Cisco Unity SubscribersElement Name Changes That csAdmin Makes to the Domino Address BookChanges That csClient Makes to the Mail File Windows Domains and Domino Domains Server PlacementActive Directory Accounts and Permissions AuthenticationDomino Permissions Cisco Unity Subscribers and Domino UsersDomino Clusters Cisco Unity and the Domino Address Book Client Access LicensesMessage Routing Backing Up and Restoring DataUnified Messaging Configurations Unified Messaging, No Domino ClusterServers Requirements and Recommendations Voice Messaging Configuration Criteria for a Supported ConfigurationUnified Messaging, Domino Cluster Deploying Cisco Unity for Lotus Domino Network Services Administrative Access and ControlDeployment Tasks for Unified Messaging Configurations Establishing Support PoliciesOperational Tasks Design Guide for Cisco Unity Release Overview Integrating Cisco Unity with the Phone SystemHow an Integration Works Lines and Cables to Make Physical Connections Integration with Cisco Unified Communications ManagerDigital Integration with Digital Pimg Units Dtmf Integration with Analog Pimg Units LAN/WAN Timg IntegrationSerial Integration with Voice Cards Dtmf Integration with Voice CardsConnections for a Serial Integration by Using Voice Cards Settings in the Phone System and in Cisco UnityCall Control General Integration Issues Sccp SIP FeatureIntegrating Cisco Unity with the Phone System Option Considerations Description Cisco Unified Communications Manager Security FeaturesDescription Setting Effect When Data Is EncryptedDisabling and Re-Enabling Security Settings for Individual Voice Messaging PortsPacketization Sccp Integrations Only Sccp SIP Cisco 11 Cisco Unified Communications Manager Fallback with Pstn Cisco Unity to a branch office will fail Integrating by Using SIP Supported SIP Integrations Cisco Unity Failover with SIP TrunksSIP Compliance Description of Pimg Integrations Dtmf Integration with Analog Pimg Units Description of Timg Integrations Firmware Updates Serial Integrations Setup and ConfigurationCisco Unity Failover Increasing Port CapacityMultiple Integration Support/Branch Office Consolidation Cisco Unity FailbackIntegrating with Multiple Phone Systems Requirements for Integrations with Multiple Phone Systems Using Sccp Phone Systems with Other IntegrationsAlternate Extensions Optional Integration FeaturesReasons to Use Alternate Extensions How Alternate Extensions WorkMWIs for Extensions on a Non-Integrated Phone System Alternate MWIsCentralized Voice Messaging OL-14619-01 OL-14619-01 Failover Cisco Unity Failover and Standby RedundancyStandby Redundancy Cisco Unity Failover and Standby Redundancy Cisco Unity Failover and Standby Redundancy Pstn WAN Diagram of a Standby Redundancy ConfigurationOL-14619-01 Voice-Recognition Access to Cisco Unity OL-14619-01 Migrating to Cisco Unity from Another Voice-Messaging System Migrating to Cisco Unity from Another Voice-Messaging System D E IN-2 IN-3 IN-4
Top Page Image Contents