Cisco Cisco Unified Contact Center Enterprise 9.0(1) Folheto
8-16
Cisco Unified Contact Center Enterprise 7.5 SRND
Chapter 8 Securing Unified CCE
Intrusion Prevention
•
Due to the higher scanning overhead of heuristics scanning over traditional antivirus scanning, use
this advanced scanning option only at key points of data entry from untrusted networks (such as
email and Internet gateways).
this advanced scanning option only at key points of data entry from untrusted networks (such as
email and Internet gateways).
•
Real-time or on-access scanning can be enabled, but only on incoming files (when writing to disk).
This is the default setting for most antivirus applications. Implementing on-access scanning on file
reads will yield a higher impact on system resources than necessary in a high-performance
application environment.
This is the default setting for most antivirus applications. Implementing on-access scanning on file
reads will yield a higher impact on system resources than necessary in a high-performance
application environment.
•
While on-demand and real-time scanning of all files gives optimum protection, this configuration
does have the overhead of scanning those files that cannot support malicious code (for example,
ASCII text files). Cisco recommends excluding files or directories of files, in all scanning modes,
that are known to present no risk to the system. Also, follow the recommendations for which specific
Unified ICM files to exclude in a Unified ICM or Unified CCE implementation, as provided in the
Security Best Practices for Cisco Intelligent Contact Management Software, available at
does have the overhead of scanning those files that cannot support malicious code (for example,
ASCII text files). Cisco recommends excluding files or directories of files, in all scanning modes,
that are known to present no risk to the system. Also, follow the recommendations for which specific
Unified ICM files to exclude in a Unified ICM or Unified CCE implementation, as provided in the
Security Best Practices for Cisco Intelligent Contact Management Software, available at
•
Schedule regular disk scans only during low usage times and at times when application activity is
lowest. To determine when application purge activity is scheduled, refer to the Security Best
Practices guide listed in the previous item.
lowest. To determine when application purge activity is scheduled, refer to the Security Best
Practices guide listed in the previous item.
Guidelines for configuring antivirus applications for Unified CM are available at the following
locations:
locations:
Intrusion Prevention
Cisco Security Agent
Cisco Security Agent provides threat protection for servers, also known as endpoints. It identifies and
prevents malicious behavior, thereby eliminating known and unknown (“day zero”) security risks and
helping to reduce operational costs. The Cisco Security Agent aggregates and extends multiple endpoint
security functions by providing host intrusion prevention, distributed firewall capabilities, malicious
mobile code protection, operating system integrity assurance, and audit log consolidation (in managed
mode), all within a single product.
prevents malicious behavior, thereby eliminating known and unknown (“day zero”) security risks and
helping to reduce operational costs. The Cisco Security Agent aggregates and extends multiple endpoint
security functions by providing host intrusion prevention, distributed firewall capabilities, malicious
mobile code protection, operating system integrity assurance, and audit log consolidation (in managed
mode), all within a single product.
Unlike antivirus applications, Cisco Security Agent analyzes behavior rather than relying on signature
matching, but both remain critical components to a multi-layered approach to host security. Cisco
Security Agent should not be considered a substitute for antivirus applications.
matching, but both remain critical components to a multi-layered approach to host security. Cisco
Security Agent should not be considered a substitute for antivirus applications.
Deploying Cisco Security Agent on Unified CCE components involves obtaining a number of
application-compatible agents and implementing them according to the desired mode.
application-compatible agents and implementing them according to the desired mode.
Note
The Cisco Security Agent Policy provided for Unified CCE is limited to servers and may not be deployed
on Agent Desktops. Customers may choose to deploy the CSA product in their enterprise and modify
the default desktop security policies in the Management Center to allow legitimate application activity
on their desktop endpoints, including that of the Agent Desktop software deployed.
on Agent Desktops. Customers may choose to deploy the CSA product in their enterprise and modify
the default desktop security policies in the Management Center to allow legitimate application activity
on their desktop endpoints, including that of the Agent Desktop software deployed.