Malicious Call Identification
Malicious Call Identification (MCID), available starting with Cisco CallManager Release 4.0, is an internetwork service that allows users to initiate a sequence of events when they receive calls with a malicious intent from another network (typically, the PSTN). The user who receives a disturbing call can invoke the MCID feature by using a softkey or feature code while connected to the call. The MCID service immediately flags the call as a malicious call with an alarm notification to the Cisco CallManager administrator. The MCID service flags the CDR with the MCID notice and sends a notification to the off-net PSTN that a malicious call is in progress.
The MCID service is an ISDN PRI service, when using PRI connections to the PSTN. The MCID service includes two components:
- MCID-O An originating component that invokes the feature at the request of the user (victim) and that sends the invocation request to the connected network
- MCID-T A terminating component that receives the invocation request from the connected network and responds with a success or failure message that indicates whether the service can be performed
Typically, each function runs in separate network entities, and the two service components communicate with each other to allow two networks to identify a call as malicious.
Cisco CallManager supports only the originating component at this time.
Tip
MCID is a PRI-based service. If your organization does not use PRI PSTN connections, MCID can still flag calls with malicious intent in the CallManager CDRs.
Configuring MCID
MCID, which is a system feature, comes standard with Cisco CallManager software. MCID does not require special installation or activation.
To configure MCID, follow these general procedures:
|
Step 1. |
Ensure that the CDR flag is set to True.
|
|
Step 2. |
Configure the alarm.
|
|
Step 3. |
Configure a softkey template with the Malicious Call Trace softkey.
|
|
Step 4. |
Assign the MCID softkey template to an IP Phone.
|
|
Step 5. |
Notify users that the MCID feature is available.
|
Configuring CallManager to Support CDRs
To enable Cisco CallManager to flag a CDR with the MCID indicator, you must enable the CDR flag. Use the following procedure in Cisco CallManager Administration to enable the CDR flag:
|
Step 1. |
From the drop-down list, choose Service > Service Parameters.
|
|
Step 2. |
Choose the Cisco CallManager server name.
|
|
Step 3. |
In the Service field, choose Cisco CallManager. The Service Parameters Configuration window appears.
|
|
Step 4. |
In the System area, set the CDR Flag Enabled field to True if it is not already enabled, as shown in Figure 17-18.
Figure 17-18. Configuring CallManager Service Parameters to Support CDRs |
|
Step 5. |
If you have made a change, click Update.
|
Configuring MCID Alarms
To provide for the MCID alarm information to appear in the Event Viewer, you need to enable the alarm event level. Use Cisco CallManager Serviceability and the following procedure to activate alarms for MCID:
|
Step 1. |
Choose Application > Serviceability. The Cisco CallManager Serviceability application opens.
|
|
Step 2. |
Choose Alarm > Configuration. The Alarm Configuration window is displayed.
|
|
Step 3. |
From the list, choose the Cisco CallManager server.
|
|
Step 4. |
In the Configured Services drop-down list, choose Cisco CallManager. The Alarm Configuration window updates with configuration fields.
|
|
Step 5. |
Under Event Viewer, in the Alarm Event Level drop-down list, choose Informational, as shown in Figure 17-19.
Figure 17-19. Configuring MCID Alarms in Windows 2000 Event Viewer |
|
Step 6. |
Under Event Viewer, check the Enable Alarm check box.
|
|
Step 7. |
If you want to enable the alarm for all nodes in the cluster, check the Apply to All Nodes check box.
|
|
Step 8. |
Click Update to turn on the informational alarm.
|
Adding the MCID Softkey
For users to trigger MCID alerts, you must add the appropriate softkey to the softkey template configured for their IP Phones. Use this procedure in Cisco CallManager Administration to add the Malicious Call softkey to a template:
|
Step 1. |
Choose Device > Device Settings > Softkey Template. The Find and List Softkey Templates window appears.
|
|
Step 2. |
Select the Softkey Template assigned to your users. If your users are using one of the built-in softkey templates, you will need to create a new softkey template, as described in Chapter 16, "Configuring User Features, Part 1."
|
|
Step 3. |
In the upper-right corner of the window, click the Configure Softkey Layout link. The Softkey Layout Configuration window appears.
|
|
Step 4. |
In the Call States area on the left, choose Connected. The list in the Unselected Softkeys pane changes to display the available softkeys for this call state.
|
|
Step 5. |
In the Unselected Softkeys pane, choose Toggle Malicious Call Trace, as shown in Figure 17-20.
Figure 17-20. Adding the MCID Softkey |
|
Step 6. |
To move the softkey to the Selected keys pane, click the right arrow.
|
|
Step 7. |
Click Update to ensure that the softkey template is configured.
|