Security Policies for User Passwords and Pin Numbers in Cisco UCM

User-specific security parameters such as PIN number length (for Extension Mobility), password complexity and aging (i.e. for CCM User access) are applied in CUCM on a per-user basis using credential policies. The policies are defined under "User Management" ==> "Credential Policy", and assigned under "User Management" ==> "End Users".

The security parameters and enforcement levels available to the administrator are quite granular: in the example below, the following characteristics are set:

  • minimum PIN length of 5 digits
  • require a complex (i.e. non-trivial) sequence of digits
  • disable EM login after 3 successive failures

This new security policy is applied on a per-credential, per-user basis. The credentials are now assigned under end user configuration. ...

Click here to read the whole article and view images

Cisco Unified Communications Manager System Guide, Release 7.0(1): Credential Policy


Posted on 2009-01-06 22:13:53 by alexccie | listed under Security, User Features

| Comments (455)

Certificate Authority Proxy Function: Using the Manufacturer Installed Certificate

Certificate Authority Proxy Function: Using the Manufacturer Installed Certificate

Note: You must ensure that the Cisco CTL Client is installed before proceeding with CAPF.

Certificate Authority Proxy Function must be enabled on the Publisher (Serviceability).

  1. Activate the CAPF service on the Publisher
  2. Find the phones in Device > Phones that should be enabled to use Authorization
  3. Identify the desired phone
    1. Set Certificate Operation to "Install/Upgrade"
    2. Select a key size (512, 1024 or 2048) - recommend 512 in the lab, to reduce key generation times
  4. Save and Reset

Debugging :: Set log size in Serviceability, Security Services, CAPF; Gather logs in RTMT

Click here to read the whole article

Posted on 2008-12-11 23:00:24 by alexccie | listed under Security

| Comments (462)