Practical Cisco Unified Communications Security

Master the foundations of modern Cisco Unified Communications (UC) system security This guide helps you build foundational knowledge for securing modern Cisco Unified Communications environments that support voice, video, messaging, and meetings, and support different types of real-time collaboration capabilities based on mobile/remote access and mobile devices based on bring-your-own-device (BYOD) initiatives. Writing for administrators and managers, two Cisco collaboration experts bring together methods and insights to illuminate both the "why" and the "how" of effective collaboration security. Using the proven "Explain, Demonstrate, and Verify" methodology, they explain each threat, demonstrate remediation, and show how to confirm correct implementation. You'll walk through securing each attack surface in a logical progression, across each Cisco UC application domain. The authors address key updates to Cisco collaboration architecture, including Expressway, Cisco Meeting Server, encryption enhancements, and advanced business-to-business collaboration. You'll find quick-reference checklists in each chapter, and links to more detail wherever needed. - Begin by protecting your workforce through basic physical security and life/safety techniques - Understand how attackers seek to compromise your UC system's network environment-and your best countermeasures - Maintain security across all UC deployment types n Protect core UC applications by locking down and hardening the core operating system - Use encryption to protect media and signaling, and enforce secure authentication - Secure Cisco Unified Communications Manager, Cisco Unity Connection, and Cisco Meeting Server - Deploy Session Border Controllers to provide security controls for VoIP and video traffic - Provide additional protection at the edge of the network - Safeguard cloud-based and hybrid-cloud services - Enable organizations to seamlessly and securely connect to cloud UC services - Allow remote teleworker users to connect safely to local UC resources

Brett Hall, CCIE R&S, Collaboration #20774, is a Customer Solutions Architect supporting Cisco's product and service offerings for enterprise customers across the U.S. Army and defense agencies. He has more than 20 years' IT experience and has worked with Cisco to support federal government initiatives for more than 13 years. He also works with Cisco business units to define product and service strategies and helps lead a global team of Cisco architects. To support customer requirements, Brett works with presales teams to engineer solutions that lead to customer adoption. Brett also drives solution development to help support future needs of his customers. Nik Smith, Technical Leader for Collaboration at Cisco, supports Cisco Unified Collaboration (UC) products and service offerings for the public sector, enterprise, and defense agencies. His 24 years of networking experience cover technologies ranging from RF communications and telecommunications to UC. For 14 years, he has supported some of the world's largest Cisco UC deployments. During this time, he has led several large implementation teams involved in migrating from TDM to VoIP, along with network support and modernization. He now leads a team of UC engineers supporting the public sector, Department of Defense and providing guidance and mentoring to ensure that Cisco delivers best-in-class, highly secure UC capabilities.

Introduction xix Chapter 1 The Importance of Practical UC Security 1 Identifying the Threat Landscape 2 The Danger of Shadow IT 4 Balancing Operations and Security 5 Minimizing Complexity 7 Visibility and Management 10 Introduction to ACME: Case Study 11 Summary 13 Additional Resources 14 Chapter 2 Physical Security and Life Safety 15 Introduction to Physical Security and Life Safety 15 Life and Safety Considerations 28 Summary 53 Additional Resources 54 Chapter 3 Security Through Network Fundamentals 55 Introduction to Network Security 57 Segmentation 58 Micro Segmentation 59 Secure Network Access 64 Security Features 75 Firewalls and Access Controls 84 Continuous Monitoring 86 Summary 86 Additional Resources 87 Chapter 4 Maintaining Security Across UC Deployment Types 89 Common Enterprise Collaboration Deployment Models and Security Considerations 90 An Overview of How to Secure Cluster Communications 96 NTP Authentication Enablement and Verification 100 Securing Intra-Cluster Signaling and Traffic 103 Securing the Signaling Traffic to IOS Voice and Analog Gateways 110 Securing the Integration with Cisco Emergency Responder 118 Summary 123 Additional Resources 124 Chapter 5 Hardening the Core Cisco UC Appliance Operating Systems 125 Defining the Core UC Applications 126 Hardening the Voice Operating System 138 Performing OS Lockdown via CLI 147 Summary 159 Additional Resources 159 Chapter 6 Core Cisco UC Application Lockdown 161 Types of Users in Cisco Unified Communications Manager and Cisco Unity Connection 162 Strengthening Local User Account Controls 163 Importing End Users from a LDAP Directory 175 Using Single Sign-On to Simplify the Login Experience 186 Synching End Users Between Unity Connection and Unified CM Using Locking Down the GUI 201 Enabling System Monitoring Using SNMP and Syslog 204 Disaster Recovery Planning and Best Practices 213 Summary 214 Additional Resources 214 Chapter 7 Encrypting Media and Signaling 217 Licensing (Encryption License) and Allowing Export Restrictions Requirements 218 FIPS Considerations When Enabling Secure Signaling and Media Encryption 222 Public Key Infrastructure Overview 222 TFTP File Encryption 237 Overview of the Endpoint Registration Process 239 Applying the Secure Phone Profiles and LSC to the Phones 264 Summary 271 Additional Resources 271 Chapter 8 Securing Cisco Unified Communications Manager (Cisco) 273 Endpoint Hardening 274 Secure Conferencing 276 Conference Now 298 Smart Licensing 298 Summary 302 Additional Resources 303 Chapter 9 Securing Cisco Unity Connection 305 Baseline Security Considerations Overview 306 Securing User Access to the Unity Connection 311 Securely Integrating Unity Connection with Unified CM 316 Preventing Toll Fraud in Unity Connection 325 Summary 336 Additional Resources 337 Chapter 10 Securing Cisco Meeting Server 339 CMS Overview and Deployment Modes 340 Operating System Hardening 342 Infrastructure Considerations 347 Securing CMS Connections 351 Certificate Verification 356 Certificate Assignment 360 Application Programming Interfaces (APIs) 367 Inbound and Outbound Calling 370 Summary 381 Additional Resources 382 Chapter 11 Securing the Edge 383 Business Requirements for the Collaboration Edge 383 Cisco's Collaboration Edge Architecture 384 Deploying CUBE 388 Security Features Within Expressway 403 Deploying Mobile and Remote Access 406 Defending Against Attacks at the Edge 420 B2B Connectivity 422 Summary 424 Additional Resources 425 Chapter 12 Securing Cloud and Hybrid Cloud Services 427 Business Drivers for Cloud and Hybrid UC Services 428 Coordinating for Governance and Compliance 430 Considerations for Secure Calling 433 Securing Messaging Services 446 Meeting Management and Security Controls 456 Security Across Emerging Features 463 IoT Security 467 Summary 470 Additional Resources 470 Afterword 471 TOC, 9780136654452, 11/5/2020