Practical Cisco Unified Communications Security

Book description

Master the foundations of modern Cisco Unified Communications (UC) system security

This guide helps you build foundational knowledge for securing modern Cisco Unified Communications environments that support voice, video, messaging, and meetings, and support different types of real-time collaboration capabilities based on mobile/remote access and mobile devices based on bring-your-own-device (BYOD) initiatives.

Writing for administrators and managers, two Cisco collaboration experts bring together methods and insights to illuminate both the why and the how of effective collaboration security. Using the proven Explain, Demonstrate, and Verify methodology, they explain each threat, demonstrate remediation, and show how to confirm correct implementation. Youll walk through securing each attack surface in a logical progression, across each Cisco UC application domain.

The authors address key updates to Cisco collaboration architecture, including Expressway, Cisco Meeting Server, encryption enhancements, and advanced business-to-business collaboration. Youll find quick-reference checklists in each chapter, and links to more detail wherever needed.

  • Begin by protecting your workforce through basic physical security and life/safety techniques

  • Understand how attackers seek to compromise your UC systems network environmentand your best countermeasures

  • Maintain security across all UC deployment types n Protect core UC applications by locking down and hardening the core operating system

  • Use encryption to protect media and signaling, and enforce secure authentication

  • Secure Cisco Unified Communications Manager, Cisco Unity Connection, and Cisco Meeting Server

  • Deploy Session Border Controllers to provide security controls for VoIP and video traffic

  • Provide additional protection at the edge of the network

  • Safeguard cloud-based and hybrid-cloud services

  • Enable organizations to seamlessly and securely connect to cloud UC services

  • Allow remote teleworker users to connect safely to local UC resources

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Credits
  6. About the Authors
  7. About the Technical Reviewers
  8. Dedications
  9. Acknowledgments
  10. Contents at a Glance
  11. Contents
  12. Icons Used in This Book
    1. Command Syntax Conventions
  13. Introduction
    1. Goals and Methods
    2. Who Should Read This Book?
    3. How This Book Is Organized
  14. Chapter 1 The Importance of Practical UC Security
    1. Identifying the Threat Landscape
    2. The Danger of Shadow IT
    3. Balancing Operations and Security
    4. Minimizing Complexity
    5. Visibility and Management
    6. Introduction to ACME: Case Study
    7. Summary
    8. Additional Resources
  15. Chapter 2 Physical Security and Life Safety
    1. Introduction to Physical Security and Life Safety
    2. Life and Safety Considerations
    3. Summary
    4. Additional Resources
  16. Chapter 3 Security Through Network Fundamentals
    1. Introduction to Network Security
    2. Segmentation
    3. Micro Segmentation
    4. Secure Network Access
    5. Security Features
    6. Continuous Monitoring
    7. Summary
    8. Additional Resources
  17. Chapter 4 Maintaining Security Across UC Deployment Types
    1. Common Enterprise Collaboration Deployment Models and Security Considerations
    2. An Overview of How to Secure Cluster Communications
    3. NTP Authentication Enablement and Verification
    4. Securing Intra-Cluster Signaling and Traffic
    5. Securing the Signaling Traffic to IOS Voice and Analog Gateways
    6. Securing the Integration with Cisco Emergency Responder
    7. Summary
    8. Additional Resources
  18. Chapter 5 Hardening the Core Cisco UC Appliance Operating Systems
    1. Defining the Core UC Applications
    2. Hardening the Voice Operating System
    3. Performing OS Lockdown via CLI
    4. Summary
    5. Additional Resources
  19. Chapter 6 Core Cisco UC Application Lockdown
    1. Types of Users in Cisco Unified Communications Manager and Cisco Unity Connection
    2. Strengthening Local User Account Controls
    3. Importing End Users from a LDAP Directory
    4. Using Single Sign-On to Simplify the Login Experience
    5. Synching End Users Between Unity Connection and Unified CM Using Universal PIN
    6. Locking Down the GUI
    7. Enabling System Monitoring Using SNMP and Syslog
    8. Disaster Recovery Planning and Best Practices
    9. Summary
    10. Additional Resources
  20. Chapter 7 Encrypting Media and Signaling
    1. Licensing (Encryption License) and Allowing Export Restrictions Requirements
    2. FIPS Considerations When Enabling Secure Signaling and Media Encryption
    3. Public Key Infrastructure Overview
    4. TFTP File Encryption
    5. Overview of the Endpoint Registration Process
    6. Applying the Secure Phone Profiles and LSC to the Phones
    7. Summary
    8. Additional Resources
  21. Chapter 8 Securing Cisco Unified Communications Manager (Cisco)
    1. Endpoint Hardening
    2. Secure Conferencing
    3. Conference Now
    4. Smart Licensing
    5. Summary
    6. Additional Resources
  22. Chapter 9 Securing Cisco Unity Connection
    1. Baseline Security Considerations Overview
    2. Securing User Access to the Unity Connection
    3. Securely Integrating Unity Connection with Unified CM
    4. Preventing Toll Fraud in Unity Connection
    5. Summary
    6. Additional Resources
  23. Chapter 10 Securing Cisco Meeting Server
    1. CMS Overview and Deployment Modes
    2. Operating System Hardening
    3. Infrastructure Considerations
    4. Securing CMS Connections
    5. Certificate Verification
    6. Certificate Assignment
    7. Application Programming Interfaces (APIs)
    8. Inbound and Outbound Calling
    9. Summary
    10. Additional Resources
  24. Chapter 11 Securing the Edge
    1. Business Requirements for the Collaboration Edge
    2. Cisco’s Collaboration Edge Architecture
    3. Deploying CUBE
    4. Security Features Within Expressway
    5. Deploying Mobile and Remote Access
    6. Defending Against Attacks at the Edge
    7. B2B Connectivity
    8. Summary
    9. Additional Resources
  25. Chapter 12 Securing Cloud and Hybrid Cloud Services
    1. Business Drivers for Cloud and Hybrid UC Services
    2. Coordinating for Governance and Compliance
    3. Considerations for Secure Calling
    4. Securing Messaging Services
    5. Meeting Management and Security Controls
    6. Security Across Emerging Features
    7. IoT Security
    8. Summary
    9. Additional Resources
  26. Afterword
  27. Index
  28. Code Snippets

Product information

  • Title: Practical Cisco Unified Communications Security
  • Author(s): Brett Hall, Nik Smith
  • Release date: December 2020
  • Publisher(s): Cisco Press
  • ISBN: 9780136654629