In UCM v8 you know have the ability to direct all phones to use HTTPS for auth
or even for all services.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_2/secugd/sech
ttps.html
But yeah, until UCM v8, auth over HTTP was pretty poor and very easy to hack
into phones and make random ones ring, log out of hunt groups, etc..
-- Mark Snow, CCIE #14073 (Voice/Security) msnow_at_INE.com Internetwork Expert, Inc. http://www.INE.com On Apr 12, 2012, at 3:51 PM, Carlos G Mendioroz wrote: > How can I miss that for that long ? :) > > http://<phone ip>/CGI/Screenshot gives you the actual screenshot of the > phone, wow. The proxy authentication is, well, scary if you are security > conscious. The phone just asks the CUCM server: hey, this user with this > password wants to control me (this mac address). And CUCM answers OK! > (AUTHORIZED). All this over http (i.e. no privacy). > That, at least, still in CUCM8. > > -Carlos > > > > Carlos G Mendioroz @ 12/04/2012 14:22 -0300 dixit: >> Cute :) >> >> http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/all_models/xsi/5_0_2/eng lish/programming/guide/ip502ch3.html >> seems to have the basic URIs involved in controlling the phone. The http >> server proxies >> somehow the authentication to CUCM using the (innovative name?) >> authentication URL. >> >> -Carlos >> >> Mark Snow @ 12/04/2012 14:13 -0300 dixit: >>> http://tools.ietf.org/html/rfc2616 >>> >>> ;-) >>> >>> Anyone is welcome to unicast me for info about the free lab copy. >>> >>> >>> -- >>> Mark Snow, CCIE #14073 (Voice/Security) >>> msnow_at_INE.com <mailto:msnow_at_INE.com> >>> >>> Internetwork Expert, Inc. >>> http://www.INE.com <http://www.INE.com/> >>> >>> >>> On Apr 12, 2012, at 12:27 PM, Carlos G Mendioroz wrote: >>> >>>> Cool... >>>> Do you have any info on the protocol used to control the phone ? >>>> How do I get that free copy that I am able to use for lab/demo ? >>>> >>>> -Carlos >>>> >>>> Mark Snow @ 12/04/2012 12:51 -0300 dixit: >>>>> Yep. Phones can be remotely controlled directly via HTTP as well, but >>>>> the remote control software must send and authentication string to >>>>> the phone with the control message, and the phone then queries its >>>>> Auth URL to see if it's permitted to allow access or not. >>>>> >>>>> Variphy Insight is one way of remotely controlling phones in this >>>>> way, and we have a relationship with them that allows you to get a >>>>> free copy of the software for lab/demo purposes. >>>>> >>>>> >>>>> >>>>> Kind Regards, >>>>> >>>>> Mark Snow, CCIE #14073 >>>>> (Voice, Security) >>>>> INE.com <http://INE.com> >>>>> >>>>> >>>>> >>>>> >>>>> On Apr 12, 2012, at 10:32, Carlos G Mendioroz<tron_at_huapi.ba.ar >>>>> <mailto:tron_at_huapi.ba.ar>> wrote: >>>>> >>>>>> I did not know that the web access has provision for device control. >>>>>> As I understand, device control in CUCM is through CTI server in CUCM. >>>>>> (CTIQBE supporting either TAPI or JTAPI) >>>>>> >>>>>> -Carlos >>>>>> >>>>>> Ryan West @ 12/04/2012 10:26 -0300 dixit: >>>>>>> Device / Device Template -> Web Access -> enabled. >>>>>>> >>>>>>> >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: nobody_at_groupstudy.com <mailto:nobody_at_groupstudy.com> >>>>>>> [mailto:nobody_at_groupstudy.com] On Behalf Of amin >>>>>>> Sent: Thursday, April 12, 2012 9:15 AM >>>>>>> To: ccielab_at_groupstudy.com <mailto:ccielab_at_groupstudy.com> >>>>>>> Subject: remote phone control >>>>>>> >>>>>>> Hi experts, >>>>>>> >>>>>>> >>>>>>> >>>>>>> How I can enable http access to my phone so I can let phone control >>>>>>> software to manage it? My call processor is CUCM >>>>>>> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Amin >>>>>>> >>>>>>> >>>>>>> Blogs and organic groups at http://www.ccie.net >>>>>>> >>>>>>>Received on Thu Apr 12 2012 - 19:15:37 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART