Cisco Cisco IPCC Web Option Leaflet
8-3
Cisco Unified Contact Center Enterprise 7.5 SRND
Chapter 8 Securing Unified CCE
Security Layers
Note
Microsoft Active Directory (AD) 2008 is supported for ICM 7.5 (existing and new installations).
However, Cisco Unified ICM does not support Read Only Domain Controller (RODC) in its AD
structure. In addition, Cisco Unified ICM, Unified CCE, and Unified Contact Center Hosted
(Unified CCH) components must be installed in a single forest, but the supervisor and users can belong
to different forests.
However, Cisco Unified ICM does not support Read Only Domain Controller (RODC) in its AD
structure. In addition, Cisco Unified ICM, Unified CCE, and Unified Contact Center Hosted
(Unified CCH) components must be installed in a single forest, but the supervisor and users can belong
to different forests.
Security Layers
An adequately secure Unified CCE deployment requires a multi-layered approach to protecting systems
and networks from targeted attacks and the propagation of viruses, among other threats. The goal of this
chapter is to stress the various areas pertinent to securing a Unified CCE deployment, but it does not
delve into the details of each area. Specific details can be found in the relevant product documentation.
and networks from targeted attacks and the propagation of viruses, among other threats. The goal of this
chapter is to stress the various areas pertinent to securing a Unified CCE deployment, but it does not
delve into the details of each area. Specific details can be found in the relevant product documentation.
Cisco strongly recommends that you implement the following security layers and establish policies
around them:
around them:
•
Physical Security
You must ensure that the servers hosting the Cisco contact center applications are physically secure.
They must be located in data centers to which only authorized personnel have access. The cabling
plant, routers, and switches should also have controlled access. Implementing a strong
physical-layer network security plan also includes utilizing such things as port security on data
switches.
They must be located in data centers to which only authorized personnel have access. The cabling
plant, routers, and switches should also have controlled access. Implementing a strong
physical-layer network security plan also includes utilizing such things as port security on data
switches.
•
Perimeter Security
While this document does not delve into the details on how to design and deploy a secure data
network, it does provide references to resources that can aid in establishing an effective secure
environment for your contact center applications.
network, it does provide references to resources that can aid in establishing an effective secure
environment for your contact center applications.
•
Data Security
To ensure an increased level of protection from eavesdropping for customer-sensitive information,
Unified CCE provides support for Transport Layer Security (TLS) on the CTI OS and Cisco Agent
Desktops, and IPSec to secure communication channels between servers.
Unified CCE provides support for Transport Layer Security (TLS) on the CTI OS and Cisco Agent
Desktops, and IPSec to secure communication channels between servers.
•
Server Hardening
On top of support of a more hardened Windows Server 2003, you can configure the server
automatically with security settings specifically designed for the application.
automatically with security settings specifically designed for the application.
•
Host-Based Firewall
Users wishing to take advantage of the Windows Firewall to protect from malicious users and
programs that use unsolicited incoming traffic to attack servers can use the Windows Firewall
Configuration Utility on servers or the Agent Desktop Installers to integrate with the firewall
component of Windows Server 2003 SP1/SP2 and Windows XP SP2, respectively.
programs that use unsolicited incoming traffic to attack servers can use the Windows Firewall
Configuration Utility on servers or the Agent Desktop Installers to integrate with the firewall
component of Windows Server 2003 SP1/SP2 and Windows XP SP2, respectively.
•
Virus Protection
All servers must be running antivirus applications with the latest virus definition files (scheduled
for daily updates). The Hardware and System Software Specification (Bill of Materials) for Cisco
ICM/IPCC Enterprise & Hosted Editions contains a list of all the tested and supported antivirus
applications, and it is available at
for daily updates). The Hardware and System Software Specification (Bill of Materials) for Cisco
ICM/IPCC Enterprise & Hosted Editions contains a list of all the tested and supported antivirus
applications, and it is available at