Mark,
that is phone to insfrastructure comm. What about the user to phone
channel ? Do phones support https ? I'm not finding that.
-Carlos
Mark Snow @ 12/04/2012 20:15 -0300 dixit:
> In UCM v8 you know have the ability to direct all phones to use HTTPS for auth
> or even for all services.
> http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_2/secugd/sech
> ttps.html
>
> But yeah, until UCM v8, auth over HTTP was pretty poor and very easy to hack
> into phones and make random ones ring, log out of hunt groups, etc..
>
>
> --
> Mark Snow, CCIE #14073 (Voice/Security)
> msnow_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
>
> On Apr 12, 2012, at 3:51 PM, Carlos G Mendioroz wrote:
>
>> How can I miss that for that long ? :)
>>
>> http://<phone ip>/CGI/Screenshot gives you the actual screenshot of the
>> phone, wow. The proxy authentication is, well, scary if you are security
>> conscious. The phone just asks the CUCM server: hey, this user with this
>> password wants to control me (this mac address). And CUCM answers OK!
>> (AUTHORIZED). All this over http (i.e. no privacy).
>> That, at least, still in CUCM8.
>>
>> -Carlos
>>
>>
>>
>> Carlos G Mendioroz @ 12/04/2012 14:22 -0300 dixit:
>>> Cute :)
>>>
>>>
> http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/all_models/xsi/5_0_2/eng
> lish/programming/guide/ip502ch3.html
>>> seems to have the basic URIs involved in controlling the phone. The http
>>> server proxies
>>> somehow the authentication to CUCM using the (innovative name?)
>>> authentication URL.
>>>
>>> -Carlos
>>>
>>> Mark Snow @ 12/04/2012 14:13 -0300 dixit:
>>>> http://tools.ietf.org/html/rfc2616
>>>>
>>>> ;-)
>>>>
>>>> Anyone is welcome to unicast me for info about the free lab copy.
>>>>
>>>>
>>>> --
>>>> Mark Snow, CCIE #14073 (Voice/Security)
>>>> msnow_at_INE.com<mailto:msnow_at_INE.com>
>>>>
>>>> Internetwork Expert, Inc.
>>>> http://www.INE.com<http://www.INE.com/>
>>>>
>>>>
>>>> On Apr 12, 2012, at 12:27 PM, Carlos G Mendioroz wrote:
>>>>
>>>>> Cool...
>>>>> Do you have any info on the protocol used to control the phone ?
>>>>> How do I get that free copy that I am able to use for lab/demo ?
>>>>>
>>>>> -Carlos
>>>>>
>>>>> Mark Snow @ 12/04/2012 12:51 -0300 dixit:
>>>>>> Yep. Phones can be remotely controlled directly via HTTP as well, but
>>>>>> the remote control software must send and authentication string to
>>>>>> the phone with the control message, and the phone then queries its
>>>>>> Auth URL to see if it's permitted to allow access or not.
>>>>>>
>>>>>> Variphy Insight is one way of remotely controlling phones in this
>>>>>> way, and we have a relationship with them that allows you to get a
>>>>>> free copy of the software for lab/demo purposes.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Kind Regards,
>>>>>>
>>>>>> Mark Snow, CCIE #14073
>>>>>> (Voice, Security)
>>>>>> INE.com<http://INE.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Apr 12, 2012, at 10:32, Carlos G Mendioroz<tron_at_huapi.ba.ar
>>>>>> <mailto:tron_at_huapi.ba.ar>> wrote:
>>>>>>
>>>>>>> I did not know that the web access has provision for device control.
>>>>>>> As I understand, device control in CUCM is through CTI server in CUCM.
>>>>>>> (CTIQBE supporting either TAPI or JTAPI)
>>>>>>>
>>>>>>> -Carlos
>>>>>>>
>>>>>>> Ryan West @ 12/04/2012 10:26 -0300 dixit:
>>>>>>>> Device / Device Template -> Web Access -> enabled.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
>>>>>>>> [mailto:nobody_at_groupstudy.com] On Behalf Of amin
>>>>>>>> Sent: Thursday, April 12, 2012 9:15 AM
>>>>>>>> To: ccielab_at_groupstudy.com<mailto:ccielab_at_groupstudy.com>
>>>>>>>> Subject: remote phone control
>>>>>>>>
>>>>>>>> Hi experts,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> How I can enable http access to my phone so I can let phone control
>>>>>>>> software to manage it? My call processor is CUCM
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Amin
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
> _______________________________________________________________________
>>>>>>>>
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
> _______________________________________________________________________
>>>>>>>>
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Carlos G Mendioroz<tron_at_huapi.ba.ar<mailto:tron_at_huapi.ba.ar>> LW7
>>>>>>> EQI Argentina
>>>>>>>
>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>>
> _______________________________________________________________________
>>>>>>>
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>> --
>>>>> Carlos G Mendioroz<tron_at_huapi.ba.ar<mailto:tron_at_huapi.ba.ar>> LW7
>>>>> EQI Argentina
>>>>
>>>
>>
>> --
>> Carlos G Mendioroz<tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Fri Apr 13 2012 - 07:51:27 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART