Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unity 4.0(5) Audit items

We have a customer that has been audited and the following items were found on the Unity Server:

Affected Hosts:
Unity Server IP
Explanation: These hosts are running a MSSQL database server which is accessible from the network.
Depending on the sensitivity of data in the database, it is generally best practice to block traffic to database ports that does not come from required hosts.
Risk Consequence: Not Best Practice
Recommendation: If possible, only allow required hosts to connect to sensitive databases. This includes not allowing machines to connect from the network at all if the database is only used locally.


Vulnerability: LDAP NULL BASE/NULL BIND
Affected Hosts:
Unity Server IP
Explanation: These hosts are running an LDAP server which allows queries with the BASE directory set to NULL. Additionally, anonymous queries are allowed using a NULL BIND. These settings could allow anyone to connect to the LDAP server and easily extract diretory information without any prior knowledge.
Risk Consequence: Information Leakage
Recommendation: Unless they are required, NULL BASE queries and NULL BIND should be disabled on these servers.

The Unity Server is the Domain Controller and it is the only server in the domain.  Is it possible from the server to correct these findings?

Thanks,

Joe

1 REPLY

Re: Unity 4.0(5) Audit items

Hi -

Here is a link to the Unity security guide for your review - http://www.cisco.com/en/US/docs/voice_ip_comm/unity/42/security/guide/ex/usgex4x.pdf

Also, this specific link refers to the TCP/UDP ports required by Unity to function - http://www.cisco.com/en/US/docs/voice_ip_comm/unity/42/security/guide/ex/usg001.html#wp1080978

As you are running a voicemail only configuration, you may not have much user access to the server except for administration, unless you have the Unity Inbox enabled for your users to check voice messages from the web in addition to their phones.  As the guide mentions, if you are running antivirus software and a compatible version of the headless intrusion detection client CSA, you should be OK.  Please review any caveat mentioned in the guide, as blocking ports or altering access to Unity can affect your voicemail operation.

Regards, Ginger

162
Views
0
Helpful
1
Replies
CreatePlease login to create content