IPT Authentication and Encryption

All IPT devices as Call Manager, IP phones and voice gatewats can be configured to authenticate and encrypt voice signaling and media traffic.

Phones can also be configured to authenticate phone images and configuration files. All these functions rely on a Public Key Infrastructure (PKI) and the obtention of a certificate

MCS OS Hardening

Call Manager 4.X runs on a Windows 2000 platform and this is important to ensure that the MCS OS is properly hardened so that it can’t be attacked and compromised. One of the first things to ensure is that Cisco patches and updates are installed to protect against security threats.

It is also important to ensure that Call Manager servers are not used for any other services other than those provided by Call Manager (so no file and print server, no ftp, no application server and so on).It is also important to have a minimum amount of account configured on the server and the password must be strong.

It you can have an anti-virus solution combined with CSA then it is perfect.

DHCP Snooping

IP Phones as PC can use the DHCP to retrieve an IP configuration(IP Address, netmask, default gateway, DNS, TFTP, …). therefore, if an attacker is able to interfere with DHCP, he might be able to conduct a Denial-of-Service (DoS) attack and prevent IP Phones from operating correclty.

DHCP snooping works to prevent an intruder from interfering with DHCP operations by filtering malicious DHCP messages and by creating a DHCP snooping binding table. The table contains information such as mac-address, IP addresses, DHCP lease time and VLAN port information for clients on untrusted ports.

Voice Extensible Markup Language – VXML

VXML is a W3C standard that allows voice-based interaction between human-users and computers applications. VXML can be used for applications and systems such as Auto-Attendant, voicemail or IVR, with VXML scripts performing functions such as playing prompts, collecting user input (DTMF and speech) and routing calls. VXML scripts can perform IVR functions similar to TCL scripts, the major difference is that whereas TCL scripts are usually device memory resident or downloadable from a TFTP Server. VXML scripts are usually interpreted by a voice browser after they are downloaded from a web server using http request (client/server model)

CRS is supporting VXML 2.0 applications

Voice Profile for Internet Messaging – VPIM

Unity can also integrate with other differents types of voice mail systems and is referred to as Unity networking.There are two overall categories of Unity networking:

  • Networking with other Unity systems : This can be implemented using digital networking, SMTP networking or Voice Profile for Internet Mail (VPIMv2) networking depending on Unity version and specifications.
  • Networking with traditional/Non-Unity Systems : This can be implemented using a bridge networking, an Audio Messaging Interchange Specifications (AMIS) networking or a VPIM networking.

The specific methods of networking Unity can be described as follows:

  • Digital networking : This type of networking can be used to integrate Unity systems that share the same directory.
  • SMTP networking : This can be used to integrate Unity systems that do not share a directory, but that are connected via IP.
  • VPIM networking : This allows integrations of Unity with either other Unity systems or Non-Unity systems over an IP network such as the Internet. In this case of Unity-Unity Systems integration , it is obvious that the whole set can not share the same directory (AD forest).
  • Bridge networking : This can be used to integrate Unity with an Octel voice mail system and requires the use of a Bridge server.
  • AMIS networking : This allows Unity to integrate with Non-Unity systems over analog lines.

Take in mind that VPIM is a standard which is used by messaging systems to communicate messages over the Internet or other IP networks.

VPIM is based on the SMTP and Multipurpose Internet Mail Extension (MIMI) protocols. Because SMTP transport is used with VPIM, it is essential that the Exchange server used by a local Unity server, must be able to exchange email with the email system that the remote voice mail system is using.

When voice messages are sent using VPIM, they are typically converted into G726 (for Non-Unity systems) .For fax messages , they are encoded using a TIFF-F format.

Before messages can be sent between VPIM systems, they must be encoded as MIME messages, and with Unity this task is handled by the component called the Cisco Unity Voice Connector for Exchange (referred as Internet Voice Connector (IVC)). The IVC is also responsible for handling incoming VPIM messages in conjunction with the component called the VPIM Transport Event Sink.

Don’t forget also before to configure VPIM networking on Unity that you must complete several preliminary tasks as:

  • Extending the AD schema
  • Installing the IVC

Extending the AD schema is also a mandatory step to perform for Bridge networking.

Unified Messaging Integration

Unity can be enhanced to provide voice mail, mail, fax , text-to-speech, and so on. So in order for Unity to provide a full UM integration , Unity must be interfaced with several elements including a directory , a mail store, IIS and SQL server.

So with all theses , there are 2 types of possible integrations:

  • If the mail store is provided by Microsoft Exchange, Unity also integrates with Microsoft Active Directory (AD). Then it is required that Unity makes a schema extension to the AD domain, this extension will make grow the AD by up to 10 percent.Here are the Unity extensions:
    • User
    • Group
    • Contact
    • Unity location (this class is created)
  • An alternative to using Microsoft Exchange as the message store, you can use also Lotus Notes. When Lotus Notes is used as message store, it is required also to implement the module called Domino Unified Communication Service (DUCS).
Page 7 of 12« First...3456789101112