6-14, Description | Cisco Systems OL-14619-01

Chapter 6 Integrating Cisco Unity with the Phone System

Integrating with Cisco Unified Communications Manager (by Using SCCP or SIP)

Table 6-3	Cisco Unified Communications Manager Security Features That Are Used by Cisco Unity (continued)

Security Feature	Description

Signaling	Uses cryptographic methods to protect (through encryption) the confidentiality of all SCCP signaling
encryption	messages that are sent between the Cisco Unity voice messaging ports and Cisco Unified CM.
	Signaling encryption ensures that the information that pertains to the parties, DTMF digits that are
	entered by the parties, call status, media encryption keys, and so on are protected against unintended
	or unauthorized access.
	This feature protects against:

•Man-in-the-middle attacks that observe the information flow between Cisco Unified CM and the Cisco Unity voice messaging ports.

•Network traffic sniffing that observes the signaling information flow between Cisco Unified CM and the Cisco Unity voice messaging ports.

Media encryption	Uses Secure Real Time Protocol (SRTP) as defined in IETF RFC 3711 to ensure that only the intended
	recipient can interpret the media streams between Cisco Unity voice messaging ports and endpoints,
	for example, phones or gateways. Only audio streams are encrypted. Media encryption creates a media
	master key pair for the devices, delivers the keys to Cisco Unity and the endpoint, and secures the
	delivery of the keys while the keys are in transport. Cisco Unity and the endpoint use the keys to
	encrypt and decrypt the media stream.
	This feature protects against:

•Man-in-the-middle attacks that listen to the media stream between Cisco Unified CM and the Cisco Unity voice messaging ports.

•Network traffic sniffing that eavesdrops on phone conversations that flow between Cisco Unified CM, the Cisco Unity voice messaging ports, and IP phones that are managed by Cisco Unified CM.

Authentication and signaling encryption are required for media encryption; that is, if the devices do not support authentication and signaling encryption, media encryption cannot occur.

Note that Cisco Unified CM authentication and encryption protects only calls to Cisco Unity. Messages recorded on the message store are not protected by Cisco Unified CM authentication and encryption but can be protected by the Cisco Unity secure messaging feature.

Note The secure messaging feature is available only when Exchange is the message store.

For more information on secure messaging, see the “Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity Release 5.x (With Microsoft Exchange) at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.

Authentication and encryption between Cisco Unity and Cisco Unified CM require:

•A Cisco Unified CM CTL file that lists all Cisco Unified CM servers that are entered in Cisco Unity Telephony Integration Manager (UTIM) for secure clusters.

•A Cisco Unity server root certificate for each Cisco Unity that uses authentication and/or encryption. A root certificate is valid for 20 years from the time it was created.

•Cisco Unity voice messaging port device certificates that are rooted in the Cisco Unity server root certificate and that the voice messaging ports present when registering with the Cisco Unified CM server.

	Design Guide for Cisco Unity Release 5.x
6-14	OL-14619-01

Cisco Systems OL-14619-01 manual 6-14, Description

Models: OL-14619-01

6-14