Disallow access to cucm-ip:8443/cucm-uds/users and encrypt jabber xml

Hythim Ali El Hadad · ‎11-22-2018

Hi,

The goal is to increase security for my CUCM environment with the following 2 points

1- I need to disallow any one to be able to access this URL as it provides all user information details as mobile no.

cucm-ip:8443/cucm-uds/users

At the same time, Jabber users should be able to access UDS

2- Encrypt jabber xml configuration file

Is it simply the same way as IP Phones conf files encryption through phone security profile ? or there is another way ?

Thanks

Haitham

dapo100 · ‎11-22-2018

Hi Hythim,

Cisco UDS is a simple repository, I am not aware of a way to allow custom access to certain fields of a given directory ( mobile cell phone number field in the user_id record)

You may point your _cisco-uds SRV to a firewall or load balancer, that can intercept the request and via security profiles or iRules to in order to perform the following:

1 - check if the HTTP_REQUEST comes from a Jabber CLient

2. if true, allow connection to CUCM server/UDS url

3. If false, drop connection

As for the .xml encryption, that will be a global Workstation encryption solution for all the files - I imagine the encryption requirement is there not only for Jabber files, so it should not be something UC specific form the service point of view.