Key storage is a major part of key management because an improperly stored key can enable an attacker to compromise parts of the PKI or the whole PKI. The IP phone stores its public and private RSA keys and its certificate in its nonvolatile memory. This information is preserved across phone reboots and resets. The keys cannot be extracted from the IP phone unless the phone is taken apart and the nonvolatile memory is then physically analyzed.
The IP telephony servers (Cisco CallManager, CAPF, and TFTP server) store certificates on the local hard disk, in a special area called the Microsoft certificate store. The private key of the server is stored in the private-key storage. The private-key storage is protected by the periodically changed master key. The master key itself is encrypted with Triple Data Encryption Standard (3DES) using a key derived from the password of the user.
Microsoft Windows XP stores a certificate locally on the computer or device that requested it or, in the case of a user, on the computer or device that the user used to request it. The storage location is called the certificate store.
The Cisco CTL client stores its public and private RSA keys on the security tokens supplied by Cisco. The keys are embedded on the token during production, and the token is designed never to leak these keys from its memory.
Part I: Cisco CallManager Fundamentals
Introduction to Cisco Unified Communications and Cisco Unified CallManager
Cisco Unified CallManager Clustering and Deployment Options
Cisco Unified CallManager Installation and Upgrades
Part II: IPT Devices and Users
Cisco IP Phones and Other User Devices
Configuring Cisco Unified CallManager to Support IP Phones
Cisco IP Telephony Users
Cisco Bulk Administration Tool
Part III: IPT Network Integration and Route Plan
Cisco Catalyst Switches
Configuring Cisco Gateways and Trunks
Cisco Unified CallManager Route Plan Basics
Cisco Unified CallManager Advanced Route Plans
Configuring Hunt Groups and Call Coverage
Implementing Telephony Call Restrictions and Control
Implementing Multiple-Site Deployments
Part IV: VoIP Features
Media Resources
Configuring User Features, Part 1
Configuring User Features, Part 2
Configuring Cisco Unified CallManager Attendant Console
Configuring Cisco IP Manager Assistant
Part V: IPT Security
Securing the Windows Operating System
Securing Cisco Unified CallManager Administration
Preventing Toll Fraud
Hardening the IP Phone
Understanding Cryptographic Fundamentals
Understanding the Public Key Infrastructure
Understanding Cisco IP Telephony Authentication and Encryption Fundamentals
Configuring Cisco IP Telephony Authentication and Encryption
Part VI: IP Video
Introducing IP Video Telephony
Configuring Cisco VT Advantage
Part VII: IPT Management
Introducing Database Tools and Cisco Unified CallManager Serviceability
Monitoring Performance
Configuring Alarms and Traces
Configuring CAR
Using Additional Management and Monitoring Tools
Part VIII: Appendix
Appendix A. Answers to Review Questions
Index