- Contents (DO NOT PUBLISH)
- Preface
- IP Communications Required by Cisco Unity Connection 10.x
- Preventing Toll Fraud in Cisco Unity Connection 10.x
- Securing the Connection Between Cisco Unity Connection 10.x, Cisco Unified Communications Manager, and IP Phones
- Securing Administration and Services Accounts in Cisco Unity Connection 10.x
- FIPS Compliance in Cisco Unity Connection 10.x
- Passwords, PINs, and Authentication Rule Management in Cisco Unity Connection 10.x
- Single Sign-on in Cisco Unity Connection
- The Cisco Unity Connection 10.x Security Password
- Using SSL to Secure Client/Server Connections in Cisco Unity Connection 10.x
- Securing User Messages in Cisco Unity Connection 10.x
- Cisco Unity Connection - Restricted and Unrestricted Version (Applicable for 10.5(2) SU6 and later)
- Index
- Security Issues for Connections Between Unity Connection, Cisco Unified Communications Manager, and IP Phones
- Cisco Unified Communications Manager Security Features for Unity Connection Voice Messaging Ports
- Security Mode Settings for Cisco Unified Communications Manager and Unity Connection
- Best Practices for Securing the Connection Between Unity Connection, Cisco Unified Communications Manager, and IP Phones
Securing the Connection Between Cisco Unity Connection, Cisco Unified Communications Manager, and IP Phones
In this chapter, you will find descriptions of potential security issues related to connections between Cisco Unity Connection, Cisco Unified Communications Manager, and IP phones; information on any actions you need to take; recommendations that will help you make decisions; discussion of the ramifications of the decisions you make; and best practices.
- Security Issues for Connections Between Unity Connection, Cisco Unified Communications Manager, and IP Phones
- Cisco Unified Communications Manager Security Features for Unity Connection Voice Messaging Ports
- Security Mode Settings for Cisco Unified Communications Manager and Unity Connection
- Best Practices for Securing the Connection Between Unity Connection, Cisco Unified Communications Manager, and IP Phones
Security Issues for Connections Between Unity Connection, Cisco Unified Communications Manager, and IP Phones
A potential point of vulnerability for a Cisco Unity Connection system is the connection between Unity Connection voice messaging ports (for an SCCP integration) or port groups (for a SIP integration), Cisco Unified Communications Manager, and the IP phones.
- Man-in-the-middle attacks (when the information flow between Cisco Unified CM and Unity Connection is observed and modified)
- Network traffic sniffing (when software is used to capture phone conversations and signaling information that flow between Cisco Unified CM, Unity Connection, and IP phones that are managed by Cisco Unified CM)
- Modification of call signaling between Unity Connection and Cisco Unified CM
- Modification of the media stream between Unity Connection and the endpoint (for example, an IP phone or a gateway)
- Identity theft of Unity Connection (when a non-Unity Connection device presents itself to Cisco Unified CM as a Unity Connection server)
- Identity theft of the Cisco Unified CM server (when a non-Cisco Unified CM server presents itself to Unity Connection as a Cisco Unified CM server)
Cisco Unified Communications Manager Security Features for Unity Connection Voice Messaging Ports
Cisco Unified CM can secure the connection with Unity Connection against the threats listed in the “Security Issues for Connections Between Unity Connection, Cisco Unified Communications Manager, and IP Phones” section. The Cisco Unified CM security features that Unity Connection can take advantage of are described in Table 3-1 .
Authentication and signaling encryption serve as the minimum requirements for media encryption; that is, if the devices do not support signaling encryption and authentication, media encryption cannot occur.
Cisco Unified CM security (authentication and encryption) only protects calls to Unity Connection. Messages recorded on the message store are not protected by the Cisco Unified CM authentication and encryption features but can be protected by the Unity Connection private secure messaging feature. For details on the Unity Connection secure messaging feature, see the “Handling Private or Secure Messages” section.
Security Mode Settings for Cisco Unified Communications Manager and Unity Connection
Cisco Unified Communications Manager and Cisco Unity Connection have the security mode options shown in Table 3-2 for voice messaging ports (for SCCP integrations) or port groups (for SIP integrations).
Best Practices for Securing the Connection Between Unity Connection, Cisco Unified Communications Manager, and IP Phones
If you want to enable authentication and encryption for the voice messaging ports on both Cisco Unity Connection and Cisco Unified Communications Manager, see the Cisco Unified Communications Manager SCCP Integration Guide for Unity Connection Release 10.x, available at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/integration/guide/cucm_sccp/guide/cucintcucmskinny.html.