Cisco Cisco E-Mail Manager Unity Integration Option Design Guide
8-3
Cisco Unified Contact Center Enterprise 7.0, 7.1, and 7.2 SRND
OL-8669-16
Chapter 8 Securing Unified CCE
Security Layers
•
Data Security
To ensure an increased level of protection from eavesdropping for customer-sensitive information,
Unified CCE provides support for Transport Layer Security (TLS) on the CTI OS and Cisco Agent
Desktops, and IPSec to secure communication channels between servers.
Unified CCE provides support for Transport Layer Security (TLS) on the CTI OS and Cisco Agent
Desktops, and IPSec to secure communication channels between servers.
•
Server Hardening
On top of support of a more hardened Windows Server 2003, you can configure the server
automatically with security settings specifically designed for the application.
automatically with security settings specifically designed for the application.
•
Host-Based Firewall
Users wishing to take advantage of the Windows Firewall to protect from malicious users and
programs that use unsolicited incoming traffic to attack servers can use the Windows Firewall
Configuration Utility on servers or the Agent Desktop Installers to integrate with the firewall
component of Windows Server 2003 SP1 and Windows XP SP2, respectively.
programs that use unsolicited incoming traffic to attack servers can use the Windows Firewall
Configuration Utility on servers or the Agent Desktop Installers to integrate with the firewall
component of Windows Server 2003 SP1 and Windows XP SP2, respectively.
•
Virus Protection
All servers must be running antivirus applications with the latest virus definition files (scheduled for
daily updates). The Hardware and System Software Specification (Bill of Materials) for Cisco
ICM/IPCC Enterprise & Hosted Editions contains a list of all the tested and supported antivirus
applications, and it is available at
daily updates). The Hardware and System Software Specification (Bill of Materials) for Cisco
ICM/IPCC Enterprise & Hosted Editions contains a list of all the tested and supported antivirus
applications, and it is available at
•
Intrusion Prevention
As an important defense layer, the Unified CCE Cisco Security Agent policy can be used to provide
“day-zero” threat protection for servers. It helps to reduce operational costs by identifying,
preventing, and eliminating known and unknown security threats.
“day-zero” threat protection for servers. It helps to reduce operational costs by identifying,
preventing, and eliminating known and unknown security threats.
•
Patch Management
A system typically should not be connected to a live network until all security updates have been
applied. It is important for all hosts to be kept up-to-date with Microsoft (Windows, SQL Server,
Internet Explorer, and so forth) and other third-party security patches.
applied. It is important for all hosts to be kept up-to-date with Microsoft (Windows, SQL Server,
Internet Explorer, and so forth) and other third-party security patches.
For most of these security layers, the Unified CCE solution supports a number of capabilities to enforce
the defense-in-depth paradigm illustrated in
the defense-in-depth paradigm illustrated in
. However, what Cisco cannot control or enforce
is your enterprise policies and procedures for deploying and maintaining a secure Unified CCE solution.