Cisco Cisco Unified Contact Center Enterprise 10.5(2) Installation Guide
3
Cisco Security Agent Installation/Deployment Guide for Cisco ICM/IPCC Enterprise & Hosted Editions, Release 7.0(0) July 2005
The policy for the CSA standalone Agent for ICM is created from the default policy modules that are
shipped with Cisco Security Agent 4.5. These default policy modules secure/harden Windows, SQL and
IIS. These default policy modules are altered in two ways for CSA for ICM:
shipped with Cisco Security Agent 4.5. These default policy modules secure/harden Windows, SQL and
IIS. These default policy modules are altered in two ways for CSA for ICM:
•
Some rules, which allow processes (such as FTP, NNTP) that are not required for the ICM product
family, are altered to not allow these processes.
family, are altered to not allow these processes.
•
Policy changes are made in order to allow the ICM product family, including qualified third-party
applications, to run smoothly.
applications, to run smoothly.
Be aware that, in the interests of security, CSA default policy modules may block what you might
consider default Windows activity. These rules have been retained for CSA for ICM when they do not
block ICM activity. As examples (and these are just to be taken as examples):
consider default Windows activity. These rules have been retained for CSA for ICM when they do not
block ICM activity. As examples (and these are just to be taken as examples):
•
Usually, if you search for files using Windows File Search Tool, the Find tool accesses Microsoft
sa.windows.com and sends the search information to the Microsoft server. CSA blocks this
functionality.
sa.windows.com and sends the search information to the Microsoft server. CSA blocks this
functionality.
•
Similarly, you may not be able to access a web proxy server running on port 80 or 443.
Also in the interests of security, remote file access is generally denied. For the three exceptions, see
A further security measure to be noted is that CSA will query you if you try to change the domain
membership of a machine. This is by design: preventing unknown processes from writing to the core
registry hive without user confirmation. The query will look something like this:
The process ‘E:\WINDOWS\system32\lsass.exe’ is attempting to modify user account settings. Do you
wish to allow this?
membership of a machine. This is by design: preventing unknown processes from writing to the core
registry hive without user confirmation. The query will look something like this:
The process ‘E:\WINDOWS\system32\lsass.exe’ is attempting to modify user account settings. Do you
wish to allow this?
The standalone Cisco Security Agent for Cisco ICM uses a static policy that cannot be changed.
However, see the section
However, see the section
additional information.
Follow the installation instructions in this document to install the standalone Cisco Security Agent on
all Cisco ICM software servers, including Cisco ICM Router, Logger, Peripheral Gateway (PG), Admin
Workstation (AW), Historical Data Server (HDS), Standalone Distributed Diagnostic and Services
Network (SDDSN), Outbound Option Dialer, Network Gateway; Cisco E-Mail Manager, Cisco
Collaboration Server, Cisco Dynamic Content Adapter, Cisco Media Blender, Cisco CTI OS, Cisco
Agent Desktop (CAD), Cisco Support Tools, Cisco Remote Monitoring Suite (RMS).
all Cisco ICM software servers, including Cisco ICM Router, Logger, Peripheral Gateway (PG), Admin
Workstation (AW), Historical Data Server (HDS), Standalone Distributed Diagnostic and Services
Network (SDDSN), Outbound Option Dialer, Network Gateway; Cisco E-Mail Manager, Cisco
Collaboration Server, Cisco Dynamic Content Adapter, Cisco Media Blender, Cisco CTI OS, Cisco
Agent Desktop (CAD), Cisco Support Tools, Cisco Remote Monitoring Suite (RMS).
Specifically, Cisco Security Agent for ICM 7.0(0) incorporates the appropriate policies for (see the
Cisco Intelligent Contact Management Software Release 7.0(0) Bill of Materials for supported versions
of third-party software):
Cisco Intelligent Contact Management Software Release 7.0(0) Bill of Materials for supported versions
of third-party software):
•
Cisco ICM Enterprise Edition 7.0(0)
Supported: Router, Logger, PGs, AWs, HDS, CTI Server, Network Gateway, Support Tools server
and agent
Not Supported: CTI Desktop and Client components; Customer Voice Portal (CVP)
and agent
Not Supported: CTI Desktop and Client components; Customer Voice Portal (CVP)
•
Cisco IP Customer Contact (IPCC) Enterprise Edition 7.0(0)
Supported: ICM servers (see ICM Enterprise Edition 7.0(0) list above)
Not Supported: Cisco CallManager; Cisco IP IVR; Cisco Customer Response Solutions (CRS);
Customer Voice Portal (CVP)
Not Supported: Cisco CallManager; Cisco IP IVR; Cisco Customer Response Solutions (CRS);
Customer Voice Portal (CVP)
•
Cisco Outbound Option 7.0(0)
Supported: Dialer
Not Supported: n/a
Not Supported: n/a