Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
1
Replies

Securing Unity Connection 7.X

ntherond
Level 1
Level 1

‎06-28-2010 04:48 AM - edited ‎03-15-2019 11:26 PM

Hi All!

One of our financial customers is asking us to provide him with information regarding the security and encryption level of the messages stored on the Unity Connection 8.x.

He wants to know if the messages (VM) stored on the server are or could be encrypted. He also wants to know the level of the encryption if available.

He is a bit scared about the possibility for unauthorized persons to steal or play a message remotely and the risk of gaining unauthorized access to the message store that could give the ability to steal critical information.

Would you be so kind to share with me the following information about the Unity Connection 7.x platform:

• Type of file storing the messages (wav,….)

• Type of encryption that could be deployed on the message store

Ways of hardening the access to the message store and enforce the security of the platform (please share your best practices)

Regards

Nicolas

Labels:
0 Helpful
1 Reply 1

David Hailey
VIP Alumni
VIP Alumni

‎07-01-2010 02:54 PM

For message security options, a good reference starter is here: http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/administration/guide/7xcucsag210.html

As for accessing CUC, a few things:

1) For the Platform Administrator ID (used to login via console/SSH to CLI), ensure that you use a strong password.

2) Use separate accounts for administrative access to the web administration vs. user access to user web applications (PCA, etc).  Additionally, CUC has "roles" that can be assigned to administrative or end user accounts to limit what a user can or cannot access.

3) Use the credential policies to set up a policy for administrative accounts and end user accounts.  Make sure web password enforcement is strong (min 8 characters, no trivial passwords) and the same for end user voicemail passwords (e.g., min of 6 digits, no trivial passwords).  You can also age out passwords so that administrators and/or users have to change their voice mail password (for phone) and web application password at a specific interval (e.g., 30/60/90 day), etc.

4) The other things to look for are that you do not run the DB Proxy service unless you need to (allows access to DB remotely via a user with a Remote Administrator role assigned).  This is used for COBRAS migrations and etc...not typically needed day-to-day.

5) You can also lock down SMTP access to CUC using access lists (within CUC).  Alternatively, you can allow untrusted SMTP connections but require authentication using TLS.

That should get you started.

Hailey

Please rate helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents