Cisco Cisco Unified Contact Center Enterprise 9.0(2) Design Guide
8-15
Cisco Unified Contact Center Enterprise 7.0, 7.1, and 7.2 SRND
OL-8669-16
Chapter 8 Securing Unified CCE
Virus Protection
Virus Protection
Antivirus Applications
A number of third-party antivirus applications are supported for the Unified CCE system. For a list of
applications and versions supported on your particular release of the Unified CCE software, refer to the
Hardware and System Software Specifications Guide (formerly, the Bill of Materials) and the Cisco
Voice Portal Bill of Materials as well as the Cisco Unified CCX and Unified CM product documentation
for the applications supported.
applications and versions supported on your particular release of the Unified CCE software, refer to the
Hardware and System Software Specifications Guide (formerly, the Bill of Materials) and the Cisco
Voice Portal Bill of Materials as well as the Cisco Unified CCX and Unified CM product documentation
for the applications supported.
Note
Deploy only the supported applications for your environment, otherwise a software conflict might arise,
especially when an application such as the Cisco Security Agent is installed on the Unified CCE systems.
especially when an application such as the Cisco Security Agent is installed on the Unified CCE systems.
Configuration Guidelines
Antivirus applications have numerous configuration options that allow very granular control of what and
how data should be scanned on a server.
how data should be scanned on a server.
With any antivirus product, configuration is a balance of scanning versus the performance of the server.
The more you choose to scan, the greater the potential performance overhead. The role of the system
administrator is to determine what the optimal configuration requirements will be for installing an
antivirus application within a particular environment. Refer to the Security Best Practices Guide and
your particular antivirus product documentation for more detailed configuration information on a
Unified ICM environment.
The more you choose to scan, the greater the potential performance overhead. The role of the system
administrator is to determine what the optimal configuration requirements will be for installing an
antivirus application within a particular environment. Refer to the Security Best Practices Guide and
your particular antivirus product documentation for more detailed configuration information on a
Unified ICM environment.
The following list highlights some general best practices:
•
Upgrade to the latest supported version of the third-party antivirus application. Newer versions
improve scanning speed over previous versions, resulting in lower overhead on servers.
improve scanning speed over previous versions, resulting in lower overhead on servers.
•
Avoid scanning of any files accessed from remote drives (such as network mappings or UNC
connections). Where possible, each of these remote machines should have its own antivirus software
installed, thus keeping all scanning local. With a multi-tiered antivirus strategy, scanning across the
network and adding to the network load should not be required.
connections). Where possible, each of these remote machines should have its own antivirus software
installed, thus keeping all scanning local. With a multi-tiered antivirus strategy, scanning across the
network and adding to the network load should not be required.
•
Due to the higher scanning overhead of heuristics scanning over traditional antivirus scanning, use
this advanced scanning option only at key points of data entry from untrusted networks (such as
email and Internet gateways).
this advanced scanning option only at key points of data entry from untrusted networks (such as
email and Internet gateways).
•
Real-time or on-access scanning can be enabled, but only on incoming files (when writing to disk).
This is the default setting for most antivirus applications. Implementing on-access scanning on file
reads will yield a higher impact on system resources than necessary in a high-performance
application environment.
This is the default setting for most antivirus applications. Implementing on-access scanning on file
reads will yield a higher impact on system resources than necessary in a high-performance
application environment.
•
While on-demand and real-time scanning of all files gives optimum protection, this configuration
does have the overhead of scanning those files that cannot support malicious code (for example,
ASCII text files). Cisco recommends excluding files or directories of files, in all scanning modes,
that are known to present no risk to the system. Also, follow the recommendations for which specific
Unified ICM files to exclude in a Unified ICM or Unified CCE implementation, as provided in the
Security Best Practices for Cisco Intelligent Contact Management Software, available at
does have the overhead of scanning those files that cannot support malicious code (for example,
ASCII text files). Cisco recommends excluding files or directories of files, in all scanning modes,
that are known to present no risk to the system. Also, follow the recommendations for which specific
Unified ICM files to exclude in a Unified ICM or Unified CCE implementation, as provided in the
Security Best Practices for Cisco Intelligent Contact Management Software, available at