Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1903
Views
5
Helpful
7
Replies

CUC Encryption

refram
Level 3
Level 3

‎10-26-2011 12:12 PM - edited ‎03-16-2019 07:43 AM

We are going to implement SRTP everywhere with CUCM, CUC, and the voice gateway.  We are also going to be doing either IMAP or single inbox for voicemail going to Outlook.  We plan to do secure voicemail to Outlook.  What we're wondering is what happens with those secure messages.  We assume that when someone leaves the message, SRTP will encrypt everything.  What happens when the message is actually stored on the CUC box?  Is it encrypted there?  If it isn't encrypted is it reachable?  We are also assuming that when listening to the message using ViewMail, SRTP will encrypt the voice packets.  But are there any unencrypted temp files anywhere that we need to worry about?

Labels:
0 Helpful
7 Replies 7

cjoseph23
Level 1
Level 1

‎10-26-2011 01:09 PM

Here are some links to a Q&A about sRTP on the routers as well as the security guide for Connection.  I will ask around here about some of your questions and post back if I get anymore info.

Media Authentication and Encryption using Secure RTP on Cisco Access Routers.

http://www.cisco.com/en/US/prod/collateral/routers/ps259/prod_qas0900aecd8016c49f_ps5854_Products_Q_and_A_Item.html


Securing the Connection Between Cisco Unity Connection 8.x, Cisco Unified Communications Manager, and IP Phones

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/security/guide/8xcucsec030.html

The entire guide:

Security Guide for Cisco Unity Connection Release 8.x

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/security/guide/8xcucsecx.html

Regards,

cj

0 Helpful

refram
Level 3
Level 3
In response to cjoseph23

‎10-26-2011 03:18 PM

Thanks CJ.  I'll be interested in seeing if you come up with something.

0 Helpful

skilambi
VIP Alumni
VIP Alumni
In response to refram

‎11-03-2011 03:00 PM

Did you find anything on this? I am interested in this too? Is the message encrypted on the Uconn server?

Srini

0 Helpful

cjoseph23
Level 1
Level 1
In response to skilambi

‎11-03-2011 03:11 PM

I asked around and most of the guys here don't believe the message is encrypted on the CUC box but I can't confirm that for sure.  They compared it to sending data accross a VPN tunnel - the data gets encrypted on transmit and then unencrypted on recieve.  Not sure how valid that is or how good of a comparison it is.

You can mark the messages as "secure" to add some security to the message.  See this link

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/security/guide/8xcucsec070.html#wpxref68976

Regards,

cj

skilambi
VIP Alumni
VIP Alumni
In response to cjoseph23

‎11-03-2011 03:17 PM

Yep I have seen that link on securing messages but the customer wants to know from a PCI standpoint if the message on the box is also encrypted because it might have someone’s credit card info and they don’t want that to be tapped into..

Thanks

Srini

0 Helpful

refram
Level 3
Level 3
In response to cjoseph23

‎11-03-2011 03:22 PM

Thanks for making the effort CJ.  I just got official word today from a Cisco guy who looked into it for me too.  To quote him:

The messages are not encrypted at rest on the CUC server.  However, the server is locked down such that no one has root access except Cisco TAC.  Which  makes it extremely difficult if not impossible to gain access to the messages.

There are no temp files because the secure messages are streamed from the server to interface.

As it turns out I have seen a method one can use to get access to root on a CUCM server, but - much like password recovery on a router - if you don't have physical access you can't perform the trick.  I'm also pleased about the temp files not being created. 

0 Helpful

skilambi
VIP Alumni
VIP Alumni
In response to refram

‎11-03-2011 03:25 PM

Perfect thanks for the information

Thanks

Srini

0 Helpful
Customers Also Viewed These Support Documents