Cisco Cisco IP Contact Center Release 4.6.1 Leaflet
8-15
Cisco Unified Contact Center Enterprise 7.5 SRND
Chapter 8 Securing Unified CCE
Configuring Server Security
Configuring Server Security
Unified Contact Center Security Wizard
The Unified Contact Center Security Wizard allows easy configuration of the three security features
defined above, namely: Automated Security Hardening, Windows Firewall configuration, and Network
Isolation IPSec policy deployment. The Security Wizard encapsulates the functionality of these three
utilities in an easy to use wizard-like interface that guides the user with the steps involved in configuring
the security feature. This is particularly helpful when deploying the Network Isolation IPSec policy and
is the recommended approach. The Security Wizard is installed by default on all Unified CCE 7.5
servers and is available to download for Unified CCE 7.0, 7.1, and 7.2 releases. The Security Best
Practices Guide contains a chapter explaining the Security Wizard in detail.
defined above, namely: Automated Security Hardening, Windows Firewall configuration, and Network
Isolation IPSec policy deployment. The Security Wizard encapsulates the functionality of these three
utilities in an easy to use wizard-like interface that guides the user with the steps involved in configuring
the security feature. This is particularly helpful when deploying the Network Isolation IPSec policy and
is the recommended approach. The Security Wizard is installed by default on all Unified CCE 7.5
servers and is available to download for Unified CCE 7.0, 7.1, and 7.2 releases. The Security Best
Practices Guide contains a chapter explaining the Security Wizard in detail.
Virus Protection
Antivirus Applications
A number of third-party antivirus applications are supported for the Unified CCE system. For a list of
applications and versions supported on your particular release of the Unified CCE software, refer to the
Hardware and System Software Specifications Guide (formerly, the Bill of Materials) and the Cisco
Voice Portal Bill of Materials as well as the Cisco Unified CCX and Unified CM product documentation
for the applications supported.
applications and versions supported on your particular release of the Unified CCE software, refer to the
Hardware and System Software Specifications Guide (formerly, the Bill of Materials) and the Cisco
Voice Portal Bill of Materials as well as the Cisco Unified CCX and Unified CM product documentation
for the applications supported.
Note
Deploy only the supported applications for your environment, otherwise a software conflict might arise,
especially when an application such as the Cisco Security Agent is installed on the Unified CCE systems.
especially when an application such as the Cisco Security Agent is installed on the Unified CCE systems.
Configuration Guidelines
Antivirus applications have numerous configuration options that allow very granular control of what and
how data should be scanned on a server.
how data should be scanned on a server.
With any antivirus product, configuration is a balance of scanning versus the performance of the server.
The more you choose to scan, the greater the potential performance overhead. The role of the system
administrator is to determine what the optimal configuration requirements will be for installing an
antivirus application within a particular environment. Refer to the Security Best Practices Guide and
your particular antivirus product documentation for more detailed configuration information on a
Unified ICM environment.
The more you choose to scan, the greater the potential performance overhead. The role of the system
administrator is to determine what the optimal configuration requirements will be for installing an
antivirus application within a particular environment. Refer to the Security Best Practices Guide and
your particular antivirus product documentation for more detailed configuration information on a
Unified ICM environment.
The following list highlights some general best practices:
•
Upgrade to the latest supported version of the third-party antivirus application. Newer versions
improve scanning speed over previous versions, resulting in lower overhead on servers.
improve scanning speed over previous versions, resulting in lower overhead on servers.
•
Avoid scanning of any files accessed from remote drives (such as network mappings or UNC
connections). Where possible, each of these remote machines should have its own antivirus software
installed, thus keeping all scanning local. With a multi-tiered antivirus strategy, scanning across the
network and adding to the network load should not be required.
connections). Where possible, each of these remote machines should have its own antivirus software
installed, thus keeping all scanning local. With a multi-tiered antivirus strategy, scanning across the
network and adding to the network load should not be required.