Understanding Cisco Unified Communications Security

Similar documents
Endpoint Security & Health Check Report Background

Default security setup

Security by Default. Overview CHAPTER

Ingate SIParator /Firewall SIP Security for the Enterprise

Unified Communications Networks Security and Platforms

Cisco IP Phone Security

Cisco Unified Communications Manager Security Guide Copyright 2010 Cisco Systems, Inc. All rights reserved.

Security+ SY0-501 Study Guide Table of Contents

Default Security Setup

Deploying B2B URI Dialing with Cisco UC Manager and VCS Expressway Solution

TLS Setup. TLS Overview. TLS Prerequisites

Converged World. Martin Capurro

Securing Unified Communications and Certificate Deep Dive. Ryan Ratliff, Technical Leader - Services

SAML-Based SSO Configuration

Cisco Exam Questions & Answers

Cisco Unified Communications Manager Security Guide, Release 10.0(1)

Unified Communication Cluster Setup with CA Signed Multi Server Subject Alternate Name Configuration Example

Security Assessment Checklist

Voice-Messaging Ports Security Setup

Implementing Cisco Network Security (IINS) 3.0

Cisco CTL Client Setup

Secure Survivable Remote Site Telephony (SRST) Reference

Cisco IP Communicator Deployment Preparation

Security Guide for Cisco Unified Communications Manager, Release 11.5(1)

Install an LSC on a Phone with CUCM Cluster Security Mode set to Non-Secure

Voice-messaging ports security setup

New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall

Unified Communications Security: Design and Best Practices

Chapter 5. Security Components and Considerations.

Cisco Associate-Level Certifications

DoD UC Framework 2013, Section 13 Table of Contents TABLE OF CONTENTS

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Configuring a Secure Survivable Remote Site Telephony (SRST) Reference

Firewalls for Secure Unified Communications

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Phone Security. Phone Security. This chapter provides information about phone security.

Layer 2 authentication on VoIP phones (802.1x)

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Securing Cisco IP Telephony Networks (Networking Technology: IP Communications) By Akhil Behl READ ONLINE

Configure a Site-to-Site Virtual Private Network (VPN) Connection on an RV340 or RV345 Router

Network Security and Cryptography. December Sample Exam Marking Scheme

Cisco Exam Questions & Answers

Cisco Desktop Collaboration Experience DX650 Security Overview

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

CompTIA Network+ Study Guide Table of Contents

Designing Workspace of the Future for the Mobile Worker

Configuring a Secure Survivable Remote Site Telephony (SRST) Reference

Preparing to Deploy Cisco IP Communicator

Real-time Communications Security and SDN

Semester 1. Cisco I. Introduction to Networks JEOPADY. Chapter 11

SAML-Based SSO Configuration

Changing the IP Address and Hostname for Cisco Unified Communications Manager Release 8.6(1)

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Configuring Encryption for Gateways and Trunks

Encryption setup for gateways and trunks

Configure Voice and Video Communication

Post-Change Tasks and Verification

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Delivering Transformative Business Solutions

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Changing the IP Address and Hostname for Cisco Unified Communications Manager Release 8.5(1)

NETWORK THREATS DEMAN

Cisco Unified IP Phone Settings

Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE

Firepower Threat Defense Site-to-site VPNs

VoIP Security and Mitel IP Telephony Solutions. Dan York Chair, Mitel Product Security Team February 2006

Akhil Behl Pre-Sales Solutions Architect, OBS

Cisco Cisco Express Foundation for Account Managers. Download Full Version :

Chapter 11: Networks

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Gigabit SSL VPN Security Router

Designing Windows Server 2008 Network and Applications Infrastructure

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

CTS2134 Introduction to Networking. Module 08: Network Security

Cisco 5921 Embedded Services Router

Understanding Networking Fundamentals

GLOSSARY. Advanced Encryption Standard. Cisco Adaptive Security Appliance. Business-to-business. Binary Floor Control Protocol.

IPv6 A Positive Approach. Perspectives. APNIC New Delhi. .in. Kusumba S

Securing the Converged Enterprise, Part I

Security for the Enterprise Collaboration Preferred Architecture

CHAPTER 8 SECURING INFORMATION SYSTEMS

Cisco Self Defending Network

High Level View of Certificates and Authorities in CUCM

Manage Certificates. Certificates Overview

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Cisco Exam Questions & Answers

Cisco Next Generation Firewall Services

Unified Communications Security: Design and Best Practices

Modern IP Communication bears risks

Encrypted Phone Configuration File Setup

Cisco Webex Cloud Connected Audio

Cisco Unified Communications Manager TCP and UDP Port

Cisco Unified Communications Manager TCP and UDP Port

IxLoad-Attack TM : Network Security Testing

vshield Administration Guide

Chapter 1: Enterprise Campus Architecture. Course v6 Chapter # , Cisco Systems, Inc. All rights reserved. Cisco Public

Software Development & Education Center Security+ Certification

Transcription:

Cisco Support Community Presents Tech-Talk Series Understanding Cisco Unified Communications Security Akhil Behl Solutions Architect, akbehl@cisco.com Author of Securing Cisco IP Telephony Networks 2010 Cisco and/or its affiliates. All rights reserved. 1

Addresses the prominent void where UC and Security realms converge Security primer for new professional and refresher for experienced professionals Covers threats, risk assessment, security strategy development, security framework Covers network infrastructure security, UC application security, UC endpoint security, network management security, advance firewalling and Intrusion Prevention http://www.ciscopress.com/title/9781587142956 http://www.amazon.com/dp/1587142953 2010 Cisco and/or its affiliates. All rights reserved. 2

Unified Communications Security How to secure Cisco UC products, CUCM/ Unity/CUPS & Cisco IP Telephony endpoints against internal & external threats? Types of certificates used for security of a UC endpoint Questions from the Cisco Support Community 2010 Cisco and/or its affiliates. All rights reserved. 3

Data Networks have been under attack since the evolution of Internet. Now with VoIP becoming a part of Data network (utilizing its services) its under attack as well Securing Data Networks is the first and foremost step by any organization however, they completely tend to ignore UC Security aspect because of lack of confidence to secure a relatively new technology, cost and complexity involved, and various other factors UC Security is best defined as Securing what is an asset to an organization's daily life operations 2010 Cisco and/or its affiliates. All rights reserved. 4

Threats Toll fraud Eavesdropping Phishing / Vhishing Packet Injection / Manipulation Identity Theft Denial of Service Hijacking calls Physical Assault 2010 Cisco and/or its affiliates. All rights reserved. 5

Secure Network infrastructure (LAN, WAN, Wireless) Secure Unified Communications Equipment (Physical Security) Unified Communications Application Security (CUCM, CUC, CUPS,) Secure Voice, IM, Video, Conference Calls Remote Worker / Telecommuter Security Endpoint Security, Gateway Security Secure Network Management 2010 Cisco and/or its affiliates. All rights reserved. 6

Spoofing attacks can be prevented by leveraging Layer 2 and Layer 3 security mechanisms DHCP Snooping, Port Security, Dynamic ARP inspection (DAI) and so on help thwart spoofing at Layer 2 Eavesdropping can be restrained by using encryption for media and signaling Spoofing of Cisco IP Communicator, CUPC, and other soft clients can be prevented by via CAPF 2010 Cisco and/or its affiliates. All rights reserved. 7

Security By Default (ITL, TVS) CAPF (Secure Conferencing, Voice Calls) MIC, LSC IPSec Secure LDAP / Secure Web Pages (Tomcat) VPN Phone 2010 Cisco and/or its affiliates. All rights reserved. 8

Automatic phone security features Signing of phone configuration files Phone configuration file encryption HTTPS with Tomcat and other Web services SBD generates Initial Trust List (ITL) automatically without user intervention upon installation of cluster Secure signaling and media still require running the CTL Client and the use of the hardware etokens 2010 Cisco and/or its affiliates. All rights reserved. 9

Public Key Infrastructure (PKI) maps certificates to entities to securely validate and verify their identity Uses a hierarchical model by adding a Common Trust Introducer Trust introducer guarantees authenticity and integrity of public keys of other entities by use of certificates, signed by the introducer 2010 Cisco and/or its affiliates. All rights reserved. 10

Trusted Introducer User A Private Key of Trusted Introducer Public Key of Trusted Introducer User B Public Key of User A Public Key of User B Private Key of User A Public Key of Trusted Introducer Public Key of Trusted Introducer Private Key of User B Every entity, including the trusted introducer, needs to generate its own public & private key pair Each entity obtains the public key of the trust introducer and verifies its authenticity & integrity 2010 Cisco and/or its affiliates. All rights reserved. 11

Q & A 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Security Token USB etokens can be ordered with part number KEY-CCM-ADMIN-K9= or KEYUCM-ADMIN2- K9= Security Token Cisco CTL client is Windows based software client used to create or update the CTL The CTL is signed by Cisco CTL client using the private key from one of the administrator security tokens, which are all signed by the Cisco CA CTL Client 2010 Cisco and/or its affiliates. All rights reserved. 13

All UC applications have certain common ports for communication with other applications, endpoints & soft clients however, each application has a set of its specific ports. For a list of ports as per the version of application in your network, refer to that product s security guide CUCM 9.x Security Guide: http://www.cisco.com/en/us/docs/voice_ip_comm/cucm/security/9_0_1/secugd/cu CM_BK_CCB00C40_00_cucm-security-guide-90.pdf Cisco Unity Connection 9.x Security Guide: http://www.cisco.com/en/us/docs/voice_ip_comm/connection/9x/security/guide/9xc ucsecx.html 2010 Cisco and/or its affiliates. All rights reserved. 14

UC App Security UC Network Security UC Security Policy End-To-End UC Security Approach UC Security Assessment and Planning 2010 Cisco and/or its affiliates. All rights reserved. 15

Physical Security Network Security UC Application Security Building Security Data Center Access Security Wiring Closet Security CCTV Security Access Layer Security Core and Distribution Layer Security Wireless Network Security Remote Site Security Firewalls and Intrusion Prevention UC Platform Security Gateway Security, UC Endpoint Security UC Application Security Ecosystem (3rd Party) Application Security 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Thank you.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback