One of our financial customers is asking us to provide him with information regarding the security and encryption level of the messages stored on the Unity Connection 8.x.
He wants to know if the messages (VM) stored on the server are or could be encrypted. He also wants to know the level of the encryption if available.
He is a bit scared about the possibility for unauthorized persons to steal or play a message remotely and the risk of gaining unauthorized access to the message store that could give the ability to steal critical information.
Would you be so kind to share with me the following information about the Unity Connection 7.x platform:
• Type of file storing the messages (wav,….)
• Type of encryption that could be deployed on the message store
• Ways of hardening the access to the message store and enforce the security of the platform (please share your best practices)
1) For the Platform Administrator ID (used to login via console/SSH to CLI), ensure that you use a strong password.
2) Use separate accounts for administrative access to the web administration vs. user access to user web applications (PCA, etc). Additionally, CUC has "roles" that can be assigned to administrative or end user accounts to limit what a user can or cannot access.
3) Use the credential policies to set up a policy for administrative accounts and end user accounts. Make sure web password enforcement is strong (min 8 characters, no trivial passwords) and the same for end user voicemail passwords (e.g., min of 6 digits, no trivial passwords). You can also age out passwords so that administrators and/or users have to change their voice mail password (for phone) and web application password at a specific interval (e.g., 30/60/90 day), etc.
4) The other things to look for are that you do not run the DB Proxy service unless you need to (allows access to DB remotely via a user with a Remote Administrator role assigned). This is used for COBRAS migrations and etc...not typically needed day-to-day.
5) You can also lock down SMTP access to CUC using access lists (within CUC). Alternatively, you can allow untrusted SMTP connections but require authentication using TLS.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...