Call Forward All (CFA) is a feature in Cisco CallManager that allows an internal number (for example, an employee office number) to be forwarded to an external number (for example, an international number, mobile number, or premium number). For example, an employee can call the office number, which is then forwarded to the number specified in the forwarding field. This number can be an international or premium number. The user can configure the setting using the web interface, so the forwarding configuration can be set up and removed very easily from home or elsewhere. CFA exploits can be avoided by applying a calling search space to the CFA feature. As shown in Figure 22-2, the administrator has applied a calling search space named IntLocCSS (which allows only internal and local PSTN calls) to the CFA field.
Figure 22-2. Restricting Call Forward All
Note
The only call forwarding ability available to the user (from either the CCMUser pages or the IP phone) is Call Forward All. By applying the calling search space to only this field, you have effectively restricted user forwarding.
Voice-mail systems, which can transfer a call to an extension, can be misused in a similar way if they are configured to allow transfer of calls when the called party is not available. If such transfers are not limited, a caller could connect to the voice-mail system by a local call and then transfer to the public telephony network (for example, a long-distance number). Voice-mail forwarding exploits can be avoided by applying a calling search space to the voice-mail port in the Cisco CallManager configuration. As shown in Figure 22-3, the administrator has applied the same IntLocCSS calling search space to the voice-mail port.
Figure 22-3. Restricting Voice-Mail Forwarding
Blocking Commonly Exploited Area Codes |
Part I: Cisco CallManager Fundamentals
Introduction to Cisco Unified Communications and Cisco Unified CallManager
Cisco Unified CallManager Clustering and Deployment Options
Cisco Unified CallManager Installation and Upgrades
Part II: IPT Devices and Users
Cisco IP Phones and Other User Devices
Configuring Cisco Unified CallManager to Support IP Phones
Cisco IP Telephony Users
Cisco Bulk Administration Tool
Part III: IPT Network Integration and Route Plan
Cisco Catalyst Switches
Configuring Cisco Gateways and Trunks
Cisco Unified CallManager Route Plan Basics
Cisco Unified CallManager Advanced Route Plans
Configuring Hunt Groups and Call Coverage
Implementing Telephony Call Restrictions and Control
Implementing Multiple-Site Deployments
Part IV: VoIP Features
Media Resources
Configuring User Features, Part 1
Configuring User Features, Part 2
Configuring Cisco Unified CallManager Attendant Console
Configuring Cisco IP Manager Assistant
Part V: IPT Security
Securing the Windows Operating System
Securing Cisco Unified CallManager Administration
Preventing Toll Fraud
Hardening the IP Phone
Understanding Cryptographic Fundamentals
Understanding the Public Key Infrastructure
Understanding Cisco IP Telephony Authentication and Encryption Fundamentals
Configuring Cisco IP Telephony Authentication and Encryption
Part VI: IP Video
Introducing IP Video Telephony
Configuring Cisco VT Advantage
Part VII: IPT Management
Introducing Database Tools and Cisco Unified CallManager Serviceability
Monitoring Performance
Configuring Alarms and Traces
Configuring CAR
Using Additional Management and Monitoring Tools
Part VIII: Appendix
Appendix A. Answers to Review Questions
Index