https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420916#M31101 <HTML><HEAD></HEAD><BODY><P>DDoS is really a concern. If someone intentionally wants to do a DDoS it can.</P><P>The VCS has the Loop Detection mechanism, but if the DDoS change source and destination at each attempt and send for example 100 attempts concurrently, this will cause a DDoS and up to now i couldn´t found a way to deny this directly on VCS config. Note that a license is granted after a search rule matches, so, for the most part of attempts, you can block it using CPLs.</P><P>The DDoS problem happen if a destination matches a valid destination range and so, the license will be in use during call processing (most part is very quickly but in some enviroments not).</P><P></P><P>I was thinking to send a feature request to Cisco developers. If someone knows how to send this to developers or product manager to cover this issue and speed up the sporcess would be great.</P><P></P><P>Regards</P></BODY></HTML> Mon, 17 Sep 2012 18:06:59 GMT admin11111 2012-09-17T18:06:59Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420910#M31095 <HTML><HEAD></HEAD><BODY><P>Hi All, </P><P></P><P>Our customers are reporting more and more hack attempts on their VCS expressways, untill now unsuccessfull. But to be on the extra safe side i would like to check every installation if its still secure.</P><P></P><P>To check this i have a few questions:</P><P></P><P>1.&nbsp;&nbsp;&nbsp;&nbsp; Is there a way that the VCS expressway can hide its identity in the SIP messages? If i do a Trace on the packetflow i see in clear text, "VCS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; expressway version X7.1" . Can we hide this announcement? </P><P></P><P>2.&nbsp;&nbsp;&nbsp;&nbsp; Is there a way to set the TLS/HTTPS cipher to high instead of medium? Or can we use TLS version 1.2? (Patch for BEAST attack)</P><P></P><P>4.&nbsp;&nbsp;&nbsp;&nbsp; Does the advanced account security license solve DDOS attacks or brute force attacks? </P><P></P><P>5.&nbsp;&nbsp;&nbsp;&nbsp; Can i lower the connection established timer of the VCS expressway? e.g: If i build a session and then force to break the connection without a proper&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BYE message, its possible to fillup all the call licenses because the established connections don't timeout very fast. </P><P></P><P>6.&nbsp;&nbsp;&nbsp;&nbsp; Is there documentation about a high security installations and considerations? the VCS deployment guides don't show very high security designs. </P><P></P><P>Thank you for your time and answers! </P></BODY></HTML> Mon, 17 Sep 2012 12:10:33 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420910#M31095 pbzijerveld 2012-09-17T12:10:33Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420911#M31096 <HTML><HEAD></HEAD><BODY><P>Have you looked at the X.7.2 guide for VCS? A lot of security measures are outlined there.</P><P></P><P>http://tools.cisco.com/search/JSP/search-results.get?strQueryText=x7.2&amp;Search<EM>All</EM>cisco.com=cisco.com&amp;language=en&amp;country=US&amp;thissection=f&amp;accessLevel=Guest</P><P></P><P></P><P></P><P>Thank you,</P><P></P><P></P><P>--</P><P></P><P>Rick Dahl</P><P>Cisco - CSE - Business Video</P><P>video or email: rdahl@cisco.com</P><P>Phone: 408.894.5112</P><P></P><P>Partner Communities is a great resource for reference, if you don't find, please ask!</P><P>https://communities.cisco.com/community/partner/collaboration/bizvideo</P><P></P><P>Call me on video – download Jabber for free https://www.ciscojabbervideo.com/rdahl@cisco.com</P></BODY></HTML> Mon, 17 Sep 2012 14:01:40 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420911#M31096 rdahl 2012-09-17T14:01:40Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420912#M31097 <HTML><HEAD></HEAD><BODY><P>When customers have asked questions at Cisco Live! about concens like this, the short answer is introduce an IPS into the ASA/FW solution that protects the outside interface of the VCS-E.</P></BODY></HTML> Mon, 17 Sep 2012 14:08:08 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420912#M31097 Michael Boscia 2012-09-17T14:08:08Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420913#M31098 <HTML><HEAD></HEAD><BODY><P>Hi Richard, </P><P></P><P>Thank you for your answer. I have read the admin guide and have read about the general concepts of security and dual network interface but the real threads like DDOS are not discussed. It would like to know how Cisco sees the best and secure possible setup. Maybe with searchrules and transforms. </P></BODY></HTML> Mon, 17 Sep 2012 14:32:26 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420913#M31098 pbzijerveld 2012-09-17T14:32:26Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420914#M31099 <HTML><HEAD></HEAD><BODY><P>Hi Michel, </P><P></P><P>That is an answer, but does it solve the weakness in TLS 1.0 and 1.1 for example? </P></BODY></HTML> Mon, 17 Sep 2012 14:33:40 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420914#M31099 pbzijerveld 2012-09-17T14:33:40Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420915#M31100 <HTML><HEAD></HEAD><BODY><P>Does this help?</P><P><A class="loading active_link" href="http://blogs.cisco.com/security/beat-the-beast-with-tls/" title="http://blogs.cisco.com/security/beat-the-beast-with-tls/">http://blogs.cisco.com/security/beat-the-beast-with-tls/</A></P></BODY></HTML> Mon, 17 Sep 2012 16:12:13 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420915#M31100 rdahl 2012-09-17T16:12:13Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420916#M31101 <HTML><HEAD></HEAD><BODY><P>DDoS is really a concern. If someone intentionally wants to do a DDoS it can.</P><P>The VCS has the Loop Detection mechanism, but if the DDoS change source and destination at each attempt and send for example 100 attempts concurrently, this will cause a DDoS and up to now i couldn´t found a way to deny this directly on VCS config. Note that a license is granted after a search rule matches, so, for the most part of attempts, you can block it using CPLs.</P><P>The DDoS problem happen if a destination matches a valid destination range and so, the license will be in use during call processing (most part is very quickly but in some enviroments not).</P><P></P><P>I was thinking to send a feature request to Cisco developers. If someone knows how to send this to developers or product manager to cover this issue and speed up the sporcess would be great.</P><P></P><P>Regards</P></BODY></HTML> Mon, 17 Sep 2012 18:06:59 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420916#M31101 admin11111 2012-09-17T18:06:59Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420917#M31102 <HTML><HEAD></HEAD><BODY><P>Best thing is to open TAC support&nbsp; case&nbsp;&nbsp; and have them enter this in as a feature request.</P></BODY></HTML> Mon, 17 Sep 2012 18:10:00 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420917#M31102 rdahl 2012-09-17T18:10:00Z https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420918#M31103 <HTML><HEAD></HEAD><BODY><P>I will open a TAC case then, and share the results. </P><P></P><P>@rdal, the artical is solving the problem "ish" but its up to TAC to implement it in the VCS. I cannot compile their code..i wish! </P></BODY></HTML> Mon, 17 Sep 2012 21:04:39 GMT https://community.cisco.com/t5/collaboration-applications/securing-vcs-expressway/m-p/3420918#M31103 admin11111 2012-09-17T21:04:39Z