Cisco Cisco Unified Contact Center Management Portal 8.5 Release Note
Chapter 7 Securing Cisco Unified Contact Center Enterprise
Cisco Unified Contact Center Enterprise 8.x SRND
249
The Unified CCE solution consists of a number of application servers that are managed differently. The
primary servers, those with the most focus in this document, are the Routers, Loggers (also known as
Central Controllers), Peripheral Gateways, Administration & Data Servers, and so forth. These application
servers can be installed only on a standard (default) operating system installation. All installations can be
done on Windows Server 2003 or Windows Server 2008 R2 (for Release 8.5(2) or greater) Standard or
Enterprise Edition. The maintenance of this operating system in terms of device drivers, security updates,
and so forth, is the responsibility of the customer, as is acquiring the necessary software from the
appropriate vendors. This category of application servers is the primary focus of this chapter.
primary servers, those with the most focus in this document, are the Routers, Loggers (also known as
Central Controllers), Peripheral Gateways, Administration & Data Servers, and so forth. These application
servers can be installed only on a standard (default) operating system installation. All installations can be
done on Windows Server 2003 or Windows Server 2008 R2 (for Release 8.5(2) or greater) Standard or
Enterprise Edition. The maintenance of this operating system in terms of device drivers, security updates,
and so forth, is the responsibility of the customer, as is acquiring the necessary software from the
appropriate vendors. This category of application servers is the primary focus of this chapter.
The secondary group of servers, those running applications that are part of the solution but that are
deployed differently, are Cisco Unified Communications Manager (Unified CM), Cisco Unified IP IVR,
and so forth. Customers are required to obtain all relevant patches and updates to this operating system
from Cisco. The security hardening specifications for this operating system can be found in the Cisco
Unified Communications Solution Reference Network Design (SRND) guide and
deployed differently, are Cisco Unified Communications Manager (Unified CM), Cisco Unified IP IVR,
and so forth. Customers are required to obtain all relevant patches and updates to this operating system
from Cisco. The security hardening specifications for this operating system can be found in the Cisco
Unified Communications Solution Reference Network Design (SRND) guide and
The approach to securing the Unified CCE solution as it pertains to the various layers listed above differs
from one group of servers to another. It is useful to keep this in mind as you design, deploy, and maintain
these servers in your environment. Cisco is constantly enhancing its Unified Communications products
with the eventual goal of having them all support the same customized operating system, antivirus
applications, and security path management techniques. Some examples of these enhancements include the
support of Cisco's host-based intrusion prevention software (Cisco Security Agent) and default server
hardening provided by the customized operating system or applications.
from one group of servers to another. It is useful to keep this in mind as you design, deploy, and maintain
these servers in your environment. Cisco is constantly enhancing its Unified Communications products
with the eventual goal of having them all support the same customized operating system, antivirus
applications, and security path management techniques. Some examples of these enhancements include the
support of Cisco's host-based intrusion prevention software (Cisco Security Agent) and default server
hardening provided by the customized operating system or applications.
Security Best Practices
As part of the Unified CCE 8.0 documentation set, Cisco has released a best-practices guide for the primary
group of servers, which covers a number of areas pertaining to the new implementation in the release along
with some general guidance for securing a Unified CCE deployment. The best-practices guide includes the
following topics:
group of servers, which covers a number of areas pertaining to the new implementation in the release along
with some general guidance for securing a Unified CCE deployment. The best-practices guide includes the
following topics:
• Encryption Support
• IPSec and NAT Support
• Windows Firewall Configuration
• Automated Security Hardening
• Updating Microsoft Windows
• SQL Server Hardening
• SSL Encryption
• Intrusion Prevention (CSA)
• Microsoft Baseline Security Analysis
• Auditing
• Anti-Virus Guidelines and Guidelines
• Secure Remote Administration
• Additional Security Best Practices
• IPSec and NAT Support
• Windows Firewall Configuration
• Automated Security Hardening
• Updating Microsoft Windows
• SQL Server Hardening
• SSL Encryption
• Intrusion Prevention (CSA)
• Microsoft Baseline Security Analysis
• Auditing
• Anti-Virus Guidelines and Guidelines
• Secure Remote Administration
• Additional Security Best Practices