Cisco Cisco E-Mail Manager Unity Integration Option Dépliant
8-5
Cisco Unified Contact Center Enterprise 7.5 SRND
Chapter 8 Securing Unified CCE
Security Best Practices
installation. For upgrades, these applications can remain (for a limited migration period) on a Windows
2000 Server or Advanced Server, but all new installations must be done on Windows Server 2003
Standard or Enterprise Edition. The maintenance of this operating system in terms of device drivers,
security updates, and so forth, is the responsibility of the customer, as is acquiring the necessary software
from the appropriate vendors. This category of application servers is the primary focus of this chapter.
2000 Server or Advanced Server, but all new installations must be done on Windows Server 2003
Standard or Enterprise Edition. The maintenance of this operating system in terms of device drivers,
security updates, and so forth, is the responsibility of the customer, as is acquiring the necessary software
from the appropriate vendors. This category of application servers is the primary focus of this chapter.
The secondary group of servers, those running applications that are part of the solution but that are
deployed differently, are Cisco Unified Communications Manager (Unified CM), Cisco Unified IP IVR,
and so forth. These servers require installation on the Cisco Unified Communications Operating System
(CIPT OS). This operating system is configured especially for those applications. It is hardened by
default and is shipped and maintained by Cisco. Customers are required to obtain all relevant patches
and updates to this operating system from Cisco. The security hardening specifications for this operating
system can be found in the Cisco Unified Communications Solution Reference Network Design (SRND)
guide and other Unified CM product documentation, available at
deployed differently, are Cisco Unified Communications Manager (Unified CM), Cisco Unified IP IVR,
and so forth. These servers require installation on the Cisco Unified Communications Operating System
(CIPT OS). This operating system is configured especially for those applications. It is hardened by
default and is shipped and maintained by Cisco. Customers are required to obtain all relevant patches
and updates to this operating system from Cisco. The security hardening specifications for this operating
system can be found in the Cisco Unified Communications Solution Reference Network Design (SRND)
guide and other Unified CM product documentation, available at
The approach to securing the Unified CCE solution as it pertains to the various layers listed above differs
from one group of servers to another. It is useful to keep this in mind as you design, deploy, and maintain
these servers in your environment. Cisco is constantly enhancing its Unified Communications products
with the eventual goal of having them all support the same customized operating system, antivirus
applications, and security path management techniques. Some examples of these enhancements include
the support of Cisco's host-based intrusion prevention software (Cisco Security Agent) and default
server hardening provided by the customized operating system or applications.
from one group of servers to another. It is useful to keep this in mind as you design, deploy, and maintain
these servers in your environment. Cisco is constantly enhancing its Unified Communications products
with the eventual goal of having them all support the same customized operating system, antivirus
applications, and security path management techniques. Some examples of these enhancements include
the support of Cisco's host-based intrusion prevention software (Cisco Security Agent) and default
server hardening provided by the customized operating system or applications.
Security Best Practices
As part of the Unified CCE 7.0 documentation set, Cisco has released a best-practices guide for the
primary group of servers, which covers a number of areas pertaining to the new implementation in the
release along with some general guidance for securing a Unified CCE deployment. The best-practices
guide includes the following topics:
primary group of servers, which covers a number of areas pertaining to the new implementation in the
release along with some general guidance for securing a Unified CCE deployment. The best-practices
guide includes the following topics:
•
Encryption Support
•
IPSec and NAT Support
•
Windows Firewall Configuration
•
Automated Security Hardening
•
Updating Microsoft Windows
•
SQL Server Hardening
•
SSL Encryption
•
Intrusion Prevention (CSA)
•
Microsoft Baseline Security Analysis
•
Auditing
•
Anti-Virus Guidelines and Recommendations
•
Secure Remote Administration
•
Additional Security Best Practices
–
WebView and IIS Hardening (Windows 2000)
–
Sybase EAServer (Jaguar) Hardening