Disallow access to cucm-ip:8443/cucm-uds/users and encrypt jabber xml
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2018 11:08 AM - edited 03-17-2019 01:45 PM
Hi,
The goal is to increase security for my CUCM environment with the following 2 points
1- I need to disallow any one to be able to access this URL as it provides all user information details as mobile no.
cucm-ip:8443/cucm-uds/users
At the same time, Jabber users should be able to access UDS
2- Encrypt jabber xml configuration file
Is it simply the same way as IP Phones conf files encryption through phone security profile ? or there is another way ?
Thanks
Haitham
- Labels:
-
CUCM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2018 12:09 PM
Hi Hythim,
Cisco UDS is a simple repository, I am not aware of a way to allow custom access to certain fields of a given directory ( mobile cell phone number field in the user_id record)
You may point your _cisco-uds SRV to a firewall or load balancer, that can intercept the request and via security profiles or iRules to in order to perform the following:
1 - check if the HTTP_REQUEST comes from a Jabber CLient
2. if true, allow connection to CUCM server/UDS url
3. If false, drop connection
As for the .xml encryption, that will be a global Workstation encryption solution for all the files - I imagine the encryption requirement is there not only for Jabber files, so it should not be something UC specific form the service point of view.
