IPT Authentication and Encryption

All IPT devices as Call Manager, IP phones and voice gatewats can be configured to authenticate and encrypt voice signaling and media traffic.

Phones can also be configured to authenticate phone images and configuration files. All these functions rely on a Public Key Infrastructure (PKI) and the obtention of a certificate

MCS OS Hardening

Call Manager 4.X runs on a Windows 2000 platform and this is important to ensure that the MCS OS is properly hardened so that it can’t be attacked and compromised. One of the first things to ensure is that Cisco patches and updates are installed to protect against security threats.

It is also important to ensure that Call Manager servers are not used for any other services other than those provided by Call Manager (so no file and print server, no ftp, no application server and so on).It is also important to have a minimum amount of account configured on the server and the password must be strong.

It you can have an anti-virus solution combined with CSA then it is perfect.

DHCP Snooping

IP Phones as PC can use the DHCP to retrieve an IP configuration(IP Address, netmask, default gateway, DNS, TFTP, …). therefore, if an attacker is able to interfere with DHCP, he might be able to conduct a Denial-of-Service (DoS) attack and prevent IP Phones from operating correclty.

DHCP snooping works to prevent an intruder from interfering with DHCP operations by filtering malicious DHCP messages and by creating a DHCP snooping binding table. The table contains information such as mac-address, IP addresses, DHCP lease time and VLAN port information for clients on untrusted ports.

Voice Extensible Markup Language – VXML

VXML is a W3C standard that allows voice-based interaction between human-users and computers applications. VXML can be used for applications and systems such as Auto-Attendant, voicemail or IVR, with VXML scripts performing functions such as playing prompts, collecting user input (DTMF and speech) and routing calls. VXML scripts can perform IVR functions similar to TCL scripts, the major difference is that whereas TCL scripts are usually device memory resident or downloadable from a TFTP Server. VXML scripts are usually interpreted by a voice browser after they are downloaded from a web server using http request (client/server model)

CRS is supporting VXML 2.0 applications

IPCC Speech Recognition

To activate the speech recognition on your IPCC server, you must use the following subsystem , a Media Resource Control Protocol (MRCP) Automated Speech Recognition (ASR) ( It is the client component).

If it comes with a separate ASR server like Nuance, you are able to enable speech recognition. So let’s review a little the conversation between the ASR server and IPCC server using MRCP.

MRCP is a mechanism which  allows a client device (IPCC/phones) that requires audio stream processing to control processing resources such as ASR ad TTS servers ( for speech recognition and Text-to-speech conversion). Remind also that if you want to enable also Text-to-speech , you need to have another MRCP dedicated for TTS . So one MRCP ASR and one MRCP TTS.

MRCP relies on the Real Time Streaming protocol (RTSP) or SIP as a control protocol for setting up and controlling sessions. RSTP/SIP is also responsible for setting up media streams between the client and the server by using RTP (it is a kind of H245 negotiations)

IPCC Database Lookups

With the CRS Editor, you can configure your scripts and related applications to interact with the SQL DB. Here are the action that you can use within your script:

  • DB Read : used to select a database and obtain data (using SQL statements)
  • DB Get : used to assign specific variable(s) with the result of the query specify in the DB Read
  • DB Write : used to select a database and update an enterprise database (using SQL statements)
  • DB Release : used to close a SQL query and releases resources after the DB Get or Write step.