Cisco Cisco IP Contact Center Release 4.6.1 Dépliant
8-4
Cisco Unified Contact Center Enterprise 7.5 SRND
Chapter 8 Securing Unified CCE
Platform Differences
•
Intrusion Prevention
As an important defense layer, the Unified CCE Cisco Security Agent policy can be used to provide
“day-zero” threat protection for servers. It helps to reduce operational costs by identifying,
preventing, and eliminating known and unknown security threats.
“day-zero” threat protection for servers. It helps to reduce operational costs by identifying,
preventing, and eliminating known and unknown security threats.
•
Patch Management
A system typically should not be connected to a live network until all security updates have been
applied. It is important for all hosts to be kept up-to-date with Microsoft (Windows, SQL Server,
Internet Explorer, and so forth) and other third-party security patches.
applied. It is important for all hosts to be kept up-to-date with Microsoft (Windows, SQL Server,
Internet Explorer, and so forth) and other third-party security patches.
For most of these security layers, the Unified CCE solution supports a number of capabilities to enforce
the defense-in-depth paradigm illustrated in
the defense-in-depth paradigm illustrated in
. However, what Cisco cannot control or enforce
is your enterprise policies and procedures for deploying and maintaining a secure Unified CCE solution.
Figure 8-1
Defense-In-Depth
Platform Differences
Before discussing how to design the various security layers required for a Unified CCE network, this
section introduces the differences that are inherent in the applications making up the Unified CCE
solution.
section introduces the differences that are inherent in the applications making up the Unified CCE
solution.
The Unified CCE solution consists of a number of application servers that are managed differently. The
primary servers, those with the most focus in this document, are the Routers, Loggers (also known as
Central Controllers), Peripheral Gateways (or Agent/IVR Controllers, as they are called in a Unified
System CCE deployment), Administrative Workstations, Historical Data Servers, WebView Servers,
and so forth. These application servers can be installed only on a standard (default) operating system
primary servers, those with the most focus in this document, are the Routers, Loggers (also known as
Central Controllers), Peripheral Gateways (or Agent/IVR Controllers, as they are called in a Unified
System CCE deployment), Administrative Workstations, Historical Data Servers, WebView Servers,
and so forth. These application servers can be installed only on a standard (default) operating system
143954
Physical security
Host Security
Server Hardening
Internal Network
Intrusion Prevention
Virus Protection
Patch Management
Security update management
Perimeter Security
Data Security
Application & Data
Host-Based Firewall
Policies, procedures, and awareness
Strong passwords, file ACLs
Endpoint security and secure
communication paths (SSL, TLS, IPSec)
communication paths (SSL, TLS, IPSec)
Day-Zero attack protection
Anti-Virus updates
Inbound TCP/IP port control
OS hardening, authentication, auditing
Network segments, Network based IDS
Firewalls, ACL configured routers, VPNs
Guards, locks, access control
Security policies, procedures, education
along with a backup and restore strategy
along with a backup and restore strategy