Cisco Cisco IPCC Web Option Release Notes
32
Release Notes for Cisco IPCC/ICM Enterprise & Hosted Editions Release 7.0(0) Installer Update C November 24, 2008
New and Changed Information
Windows Firewall and Cisco Security Agent (CSA) Compatibility
Standalone Cisco Security Agent (CSA) version 4.5.1.616 policy 2.0.0 for Cisco ICM/IPCC Enterprise
and Hosted Editions 7.0(0), when run concurrently with the default Windows Firewall, will disable the
Windows Firewall. Since CSA utilizes firewall-like components, it will disable the currently running
Windows firewall. This occurs each time the system is rebooted, even if the Windows Firewall has been
enabled since the last system startup on Windows Server 2003 SP1 using the Cisco ICM Firewall
Configuration Utility (CiscoICMfwConfig).
and Hosted Editions 7.0(0), when run concurrently with the default Windows Firewall, will disable the
Windows Firewall. Since CSA utilizes firewall-like components, it will disable the currently running
Windows firewall. This occurs each time the system is rebooted, even if the Windows Firewall has been
enabled since the last system startup on Windows Server 2003 SP1 using the Cisco ICM Firewall
Configuration Utility (CiscoICMfwConfig).
CSA provides host based protection for various resources on the system, such as files, registry, and
network stack. CSA can also be tuned to control network access and act like a firewall. However, the
standalone CSA 4.5.1.616 policy 2.0.0 for Cisco ICM/IPCC Enterprise and Hosted Editions 7.0(0) does
not exploit this feature. Instead, Cisco ICM software supports the configuration of the Windows Firewall
on Windows Server 2003 SP1 using a Windows Firewall Configuration Utility called
CiscoICMfwConfig. Microsoft has recommended (as noted in the help guide for the Windows Firewall)
that two firewalls should not be running at the same time due to potential configuration compatibility
issues. However, since standalone CSA for Cisco ICM/IPCC Enterprise and Hosted Editions 7.0(0)
software does not implement the firewall functionality of CSA, the Agent can coexist with the Windows
Firewall in Windows Server 2003 SP1. An enhancement request (CSCsb48526) has been created against
the Cisco Security Agent to not disable the Windows Firewall when CSA’s firewall feature is not
employed. In the interim, a workaround is provided. This workaround can be found in Field Notice:
Cisco ICM Enterprise & Hosted Contact Center Products Notice for Cisco Security Agent
4.1.5.616 policy 2.0.0 (
network stack. CSA can also be tuned to control network access and act like a firewall. However, the
standalone CSA 4.5.1.616 policy 2.0.0 for Cisco ICM/IPCC Enterprise and Hosted Editions 7.0(0) does
not exploit this feature. Instead, Cisco ICM software supports the configuration of the Windows Firewall
on Windows Server 2003 SP1 using a Windows Firewall Configuration Utility called
CiscoICMfwConfig. Microsoft has recommended (as noted in the help guide for the Windows Firewall)
that two firewalls should not be running at the same time due to potential configuration compatibility
issues. However, since standalone CSA for Cisco ICM/IPCC Enterprise and Hosted Editions 7.0(0)
software does not implement the firewall functionality of CSA, the Agent can coexist with the Windows
Firewall in Windows Server 2003 SP1. An enhancement request (CSCsb48526) has been created against
the Cisco Security Agent to not disable the Windows Firewall when CSA’s firewall feature is not
employed. In the interim, a workaround is provided. This workaround can be found in Field Notice:
Cisco ICM Enterprise & Hosted Contact Center Products Notice for Cisco Security Agent
4.1.5.616 policy 2.0.0 (
Note
Both CSA and Windows Firewall protection for Cisco ICM software is recommended, but
not required, by Cisco. If you do not use either CSA or Windows Firewall, or use only one
of these, the issue discussed above does not arise.
not required, by Cisco. If you do not use either CSA or Windows Firewall, or use only one
of these, the issue discussed above does not arise.
Security Hardening Automation and Best Practices
In a Windows Server 2003 environment, ICM Setup and System IPCC Setup prompt the user to apply
Windows Server hardening by default. Applying hardening ensures that the operating system is secure
and protected against a number of vulnerabilities. The hardening provided is specifically customized to
be compatible with the applications that may be installed on the server. The list of applications supported
to run co-resident with a hardened ICM/IPCC system are: CTI OS, CAD, CSA, Support Tools, Media
Blender, and of course all ICM and System IPCC Enterprise deployment software components. Refer to
the Security Best Practices Guide for Cisco ICM/IPCC Enterprise & Hosted Editions for more
information.
Windows Server hardening by default. Applying hardening ensures that the operating system is secure
and protected against a number of vulnerabilities. The hardening provided is specifically customized to
be compatible with the applications that may be installed on the server. The list of applications supported
to run co-resident with a hardened ICM/IPCC system are: CTI OS, CAD, CSA, Support Tools, Media
Blender, and of course all ICM and System IPCC Enterprise deployment software components. Refer to
the Security Best Practices Guide for Cisco ICM/IPCC Enterprise & Hosted Editions for more
information.
A Prompt for Security Hardening checkbox is provided as part of ICM Setup. If the box is checked—and
if security hardening has not been applied, or if an updated template is available—each time that Setup
is run, you are prompted to apply security hardening.
if security hardening has not been applied, or if an updated template is available—each time that Setup
is run, you are prompted to apply security hardening.
Both of the just-mentioned features are available only on Windows Server 2003 systems.
The Security Best Practices for Cisco Intelligent Contact Management Software Release 6.0(0) & 5.0
manuals remain relevant for the Windows 2000 common ground upgrade customer.
manuals remain relevant for the Windows 2000 common ground upgrade customer.