To configure security for Unified CM voice-messaging ports and Cisco Unity devices that are running SCCP or Cisco Unity Connectionĭevices that are running SCCP, a partner can choose a secure device security mode for the port. When the device security mode is non-secure, Cisco UnityĬonnection connects to Unified CM through the SCCP port.
![list of agents in use cisco uccx 11.5 list of agents in use cisco uccx 11.5](https://www.cisco.com/c/dam/en/us/td/i/300001-400000/390001-400000/393001-394000/393363.eps/_jcr_content/renditions/393363.jpg)
Implementing security mechanisms in the Dedicated Instance prevents identity theft of the phones and the Unified CM server, data tampering, and call-signaling / media-stream tampering.Įstablishes and maintains authenticated communication streamsĭigitally signs files before transferring the file to the phoneĮncrypts media streams and call signaling between Cisco Unified IP phonesĬisco Unity Connection connects to Unified CM through the TLS port.
LIST OF AGENTS IN USE CISCO UCCX 11.5 PC
Issue locally significant certificates (LSCs) from the certificate authority proxy function (CAPF) or a public certificateĭisable these settings if they are not used: PC port, PC Voice VLAN Access, Gratuitous ARP, Web Access, Settings button, SSH, In addition, a partner or customer can enable additional security, such as:Įncrypt IP phone services (via HTTPS) for services such as Extension Mobility IP Source Guard against spoofed IP addressesĭynamic ARP Inspection (DAI) examines address resolution protocol (ARP) and gratuitous ARP (GARP) for violations (againstĨ02.1x limits network access to authenticate devices on assigned VLANs (phones do support 802.1x)Ĭonfiguration of quality of service (QoS) for appropriate marking of voice packetsįirewall ports configurations for blocking out any other trafficĬisco endpoints support default security features such as signed firmware, secure boot (selected models), manufacturer installedĬertificate (MIC), and signed configuration files, which provide a certain level of security for endpoints.
LIST OF AGENTS IN USE CISCO UCCX 11.5 MAC
It is partner’s responsibility to ensure security best practices such as:Įnable Port Security which limits the number of MAC addresses allowed per port, against CAM table flooding Partners need to ensure that all the network elements are secured in Dedicated Instance infrastructure (which connects via Equinix). Self-Encrypting drives are used in Dedicated Instance Data Centers that host UC applications.įor more information about general security practices, refer to the documentation at the following location. Physical access also facilitates more sophisticated attacks such as man-in-the-middleĪttacks, which is why the second security layer, the network security, is critical. With physical access, attackers could get access to server devices, reset
![list of agents in use cisco uccx 11.5 list of agents in use cisco uccx 11.5](https://www.cisco.com/c/dam/en/us/td/i/500001-600000/510001-520000/510001-511000/510878.jpg)
Power to a customer’s switches can be initiated. When physical security is compromised, simple attacks such as service disruption by shutting down It is important to provide physical security to Equinix Meet-Me Room locations and Cisco Dedicated Instance Data Center facilities. The following sections describe the layers of security in Dedicated Instance deployments. Dedicated Instance uses a layered approach for security.