One of our financial customers is asking us to provide him with information regarding the security and encryption level of the messages stored on the Unity Connection 8.x.
He wants to know if the messages (VM) stored on the server are or could be encrypted. He also wants to know the level of the encryption if available.
He is a bit scared about the possibility for unauthorized persons to steal or play a message remotely and the risk of gaining unauthorized access to the message store that could give the ability to steal critical information.
Would you be so kind to share with me the following information about the Unity Connection 7.x platform:
• Type of file storing the messages (wav,….)
• Type of encryption that could be deployed on the message store
• Ways of hardening the access to the message store and enforce the security of the platform (please share your best practices)
1) For the Platform Administrator ID (used to login via console/SSH to CLI), ensure that you use a strong password.
2) Use separate accounts for administrative access to the web administration vs. user access to user web applications (PCA, etc). Additionally, CUC has "roles" that can be assigned to administrative or end user accounts to limit what a user can or cannot access.
3) Use the credential policies to set up a policy for administrative accounts and end user accounts. Make sure web password enforcement is strong (min 8 characters, no trivial passwords) and the same for end user voicemail passwords (e.g., min of 6 digits, no trivial passwords). You can also age out passwords so that administrators and/or users have to change their voice mail password (for phone) and web application password at a specific interval (e.g., 30/60/90 day), etc.
4) The other things to look for are that you do not run the DB Proxy service unless you need to (allows access to DB remotely via a user with a Remote Administrator role assigned). This is used for COBRAS migrations and etc...not typically needed day-to-day.
5) You can also lock down SMTP access to CUC using access lists (within CUC). Alternatively, you can allow untrusted SMTP connections but require authentication using TLS.
Configuring Cloud Connected PSTN (CCP) – Easy as 1-2-3!
STEP 1: PREPARE
Before you can configure your CCP in Control Hub, you must procure PSTN services from an authorized Webex Calling CCP Partn...
To participate in this event, please use the button to ask your questions
This topic is a chance to discuss more about how to read Cisco Unified Communications trace files. In this session, Cisco D...