Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1418
Views
0
Helpful
0
Comments

How to enable secure mode or security on Cisco CallManager

TCC_2
Level 10
Level 10

‎06-18-2009 03:54 PM - edited ‎03-12-2019 08:21 AM

Core Issue

Implementing authentication and encryption in the Cisco CallManager system prevents identity theft of the these features:

  • Phone        
  • Cisco CallManager server   
  • Data tampering   
  • Call-signaling/media-stream tampering

To alleviate these threats, the Cisco IP telephony network establishes and maintains authenticated communication streams between the phone and the server. It also digitally signs files before the file is transferred to the phone and encrypts media streams and call signaling between Cisco IP phones.

For more information, refer to Security Overview. The document provides information on these topics:

  • Authentication and encryption terminology      
  • System requirements      
  • Interactions and restrictions      
  • Authentication and encryption installation      
  • Configuration checklist

For additional information, refer to Authentication, Integrity, and Encryption. The document provides information on these topics:


  • TFTP file manipulation (integrity)     
  • Modification of call-processing signaling between the phone and Cisco CallManager (authentication)     
  • Man-in-the-middle attacks (authentication)     
  • Phone and server identity theft (authentication)     
  • Installation, configuration and activation of Certificate Trust List (CTL) file in Cisco CallManager

Resolution

Secure mode is turned ON in Callmanager by using a USB eToken and a new CTL (Certificate Trust List) client utility. The eToken contains a Cisco rooted X.509v3 certificate and is used to generate the CTL file for the phones as well as configuring the security mode of the cluster.

The USB eToken that contains a Cisco rooted X.509v3 certificate can be purchased separately. The part number for the USB eToken is KEY-CCM-ADMIN-K9=.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents