Keys and Certificate Storage in Cisco IP Telephony

Key storage is a major part of key management because an improperly stored key can enable an attacker to compromise parts of the PKI or the whole PKI. The IP phone stores its public and private RSA keys and its certificate in its nonvolatile memory. This information is preserved across phone reboots and resets. The keys cannot be extracted from the IP phone unless the phone is taken apart and the nonvolatile memory is then physically analyzed.

The IP telephony servers (Cisco CallManager, CAPF, and TFTP server) store certificates on the local hard disk, in a special area called the Microsoft certificate store. The private key of the server is stored in the private-key storage. The private-key storage is protected by the periodically changed master key. The master key itself is encrypted with Triple Data Encryption Standard (3DES) using a key derived from the password of the user.

Microsoft Windows XP stores a certificate locally on the computer or device that requested it or, in the case of a user, on the computer or device that the user used to request it. The storage location is called the certificate store.

The Cisco CTL client stores its public and private RSA keys on the security tokens supplied by Cisco. The keys are embedded on the token during production, and the token is designed never to leak these keys from its memory.

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions

Index



Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net