Muutke küpsiste eelistusi

Practical Cisco Unified Communications Security [Pehme köide]

,
  • Formaat: Paperback / softback, 528 pages, kõrgus x laius x paksus: 100x100x100 mm, kaal: 880 g
  • Sari: Networking Technology: Security
  • Ilmumisaeg: 19-Jan-2021
  • Kirjastus: Cisco Press
  • ISBN-10: 0136654452
  • ISBN-13: 9780136654452
Teised raamatud teemal:
Practical Cisco Unified Communications SecuritySuurem pilt
  • Formaat: Paperback / softback, 528 pages, kõrgus x laius x paksus: 100x100x100 mm, kaal: 880 g
  • Sari: Networking Technology: Security
  • Ilmumisaeg: 19-Jan-2021
  • Kirjastus: Cisco Press
  • ISBN-10: 0136654452
  • ISBN-13: 9780136654452
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780136654452.html
Märksõnad:
Master the foundations of modern Cisco Unified Communications (UC) system security

This guide helps you build foundational knowledge for securing modern Cisco Unified Communications environments that support voice, video, messaging, and meetings, and support different types of real-time collaboration capabilities based on mobile/remote access and mobile devices based on bring-your-own-device (BYOD) initiatives.

Writing for administrators and managers, two Cisco collaboration experts bring together methods and insights to illuminate both the why and the how of effective collaboration security. Using the proven Explain, Demonstrate, and Verify methodology, they explain each threat, demonstrate remediation, and show how to confirm correct implementation. Youll walk through securing each attack surface in a logical progression, across each Cisco UC application domain.

The authors address key updates to Cisco collaboration architecture, including Expressway, Cisco Meeting Server, encryption enhancements, and advanced business-to-business collaboration. Youll find quick-reference checklists in each chapter, and links to more detail wherever needed.









Begin by protecting your workforce through basic physical security and life/safety techniques Understand how attackers seek to compromise your UC systems network environmentand your best countermeasures Maintain security across all UC deployment types n Protect core UC applications by locking down and hardening the core operating system Use encryption to protect media and signaling, and enforce secure authentication Secure Cisco Unified Communications Manager, Cisco Unity Connection, and Cisco Meeting Server Deploy Session Border Controllers to provide security controls for VoIP and video traffic Provide additional protection at the edge of the network Safeguard cloud-based and hybrid-cloud services Enable organizations to seamlessly and securely connect to cloud UC services Allow remote teleworker users to connect safely to local UC resources
Introduction xix
Chapter 1 The Importance of Practical UC Security
1(14)
Identifying the Threat Landscape
2(2)
The Danger of Shadow IT
4(1)
Balancing Operations and Security
5(2)
Minimizing Complexity
7(3)
Visibility and Management
10(1)
Introduction to ACME: Case Study
11(2)
Summary
13(1)
Additional Resources
14(1)
Chapter 2 Physical Security and Life Safety
15(40)
Introduction to Physical Security and Life Safety
15(13)
A Physical Security Methodology
17(1)
Preparation
17(2)
Prevention
19(1)
Detection
20(1)
Response
21(1)
Practical Physical Security for Your UC Environment
22(1)
Physical Security for the Data Center
22(2)
Power Plant Considerations
24(1)
Electrostatic Discharge
25(1)
Cable Plant Considerations
26(2)
Life and Safety Considerations
28(25)
Introduction to Enhanced 911
28(1)
Terms and Acronyms
29(1)
Regulatory Considerations
30(1)
Native E911 Call Routing with Cisco Unified CM
31(3)
E911 Call Routing with Cisco Emergency Responder
34(1)
E911 Call Flow with Cisco Emergency Responder
35(1)
E911 Design
36(2)
ERL Creation and Network Discovery
38(5)
Call Routing Considerations
43(4)
PSAP Callback
47(2)
Management, Verification, and Compliance
49(2)
Additional Life and Safety Solutions
51(1)
Computer-Aided Dispatch
52(1)
Summary
53(1)
Additional Resources
54(1)
Chapter 3 Security Through Network Fundamentals
55(34)
Introduction to Network Security
57(1)
Segmentation
58(1)
Micro Segmentation
59(5)
Secure Network Access
64(11)
Port Security
65(2)
802.1x Authentication
67(5)
MAC Authentication Bypass (MAB) and Network Access Control (NAC)
72(3)
Security Features
75(11)
VLAN Hopping
77(1)
DHCP Snooping
78(2)
ARP Inspection
80(1)
NTP
80(3)
DNS
83(1)
Firewalls and Access Controls
84(2)
Continuous Monitoring
86(1)
Summary
86(1)
Additional Resources
87(2)
Chapter 4 Maintaining Security Across UC Deployment Types
89(36)
Common Enterprise Collaboration Deployment Models and Security Considerations
90(6)
An Overview of How to Secure Cluster Communications
96(4)
NTP Authentication Enablement and Verification
100(3)
Securing Intra-Cluster Signaling and Traffic
103(7)
Securing the Signaling Traffic to IOS Voice and Analog Gateways
110(8)
Securing the Integration with Cisco Emergency Responder
118(5)
Enable Cisco Emergency Responder to Use Secure JTAPI
119(4)
Summary
123(1)
Additional Resources
124(1)
Chapter 5 Hardening the Core Cisco UC Appliance Operating Systems
125(36)
Defining the Core UC Applications
126(12)
The UC Appliance Is Not a Standard Linux Server
127(7)
Restricted and Unrestricted Versions of UC Software
134(2)
Standard Practices for Patch/Version Management
136(1)
How Root Access Is Granted
137(1)
Hardening the Voice Operating System
138(9)
Enabling Federal Information Processing Standard (FIPS) 140-2
139(4)
Enabling Enhanced Security Mode
143(1)
Enabling Common Criteria ISO/IEC 15408 Compliance
144(3)
Summarizing FIPS 140-2 / Enhanced Security Mode / Common Criteria
147(1)
Performing OS Lockdown via CLI
147(12)
Process to Change Passwords for OS/GUI/Database
148(3)
Configuring Password Aging
151(1)
Enabling Password Complexity
152(3)
Activating Account Locking and Inactive Account Disablement
155(2)
Account Recovery Procedures
157(2)
Summary
159(1)
Additional Resources
159(2)
Chapter 6 Core Cisco UC Application Lockdown
161(56)
Types of Users in Cisco Unified Communications Manager and Cisco Unity Connection
162(1)
Strengthening Local User Account Controls
163(12)
Creating User Account Control Policies on Unified CM and Unity Connection
164(6)
Using and Working with Cisco Unified CM Access Control Groups
170(5)
Assigning User Roles and Credential Policies to Users
175(1)
Importing End Users from a LDAP Directory
175(11)
Enabling the Required Services for Importing End Users Using LDAP
176(1)
LDAP Directory Configuration and Overview
177(7)
Configuring LDAP Authentication for Imported End Users
184(2)
Using Single Sign-On to Simplify the Login Experience
186(11)
Intro to Security Assertion Markup Language (SAML)
186(5)
Configuring Cisco Unified CM for SAML SSO
191(6)
Synching End Users Between Unity Connection and Unified CM Using Universal PIN
197(4)
Credential Change Service
200(1)
Locking Down the GUI
201(3)
Screen Timeout
201(1)
Login Banner
202(2)
Enabling System Monitoring Using SNMP and Syslog
204(9)
Configurating and Using SNMP for System Monitoring
204(5)
Defining the Alerting Types and Configuring Logging
209(1)
Alarms
209(2)
Audit Logs
211(2)
Disaster Recovery Planning and Best Practices
213(1)
Summary
214(1)
Additional Resources
214(3)
Chapter 7 Encrypting Media and Signaling
217(56)
Licensing (Encryption License) and Allowing Export Restrictions Requirements
218(4)
FIPS Considerations When Enabling Secure Signaling and Media Encryption
222(1)
Public Key Infrastructure Overview
222(15)
Utilizing Public Key Infrastructure with Cisco Unified Communications
229(4)
Next-Generation Encryption Support Using Elliptical Curve Cryptography
233(2)
IP Phone Certificates Types
235(2)
TFTP File Encryption
237(2)
Overview of the Endpoint Registration Process
239(25)
Security by Default
239(6)
What It Means to Place a Unified CM Cluster into Mixed Mode
245(2)
CTL Files
247(3)
Using SIP OAuth to Secure Signaling and Encryption
250(1)
Why Is OAuth Used to Secure Signaling and Media?
251(1)
Using SAML for Authentication with OAuth
252(3)
Utilizing OAuth for Authorization
255(3)
Enabling OAuth on Unified CM and Unity Connection
258(3)
Configuring Secure Phone Profiles to Enable Secure Signaling and Media Encryption
261(3)
Applying the Secure Phone Profiles and LSC to the Phones
264(7)
Summary
271(1)
Additional Resources
271(2)
Chapter 8 Securing Cisco Unified Communications Manager (Cisco)
273(32)
Endpoint Hardening
274(2)
Where to Configure the Settings
274(1)
Features and Services to Consider
275(1)
Secure Conferencing
276(22)
Ad Hoc Conferencing
278(1)
Secure Conferencing Using Hardware-Based DSPs
278(12)
Secure Conferencing Using Cisco Meeting Server
290(7)
Meet-Me Secure Conferencing
297(1)
Conference Now
298(1)
Smart Licensing
298(4)
Summary
302(1)
Additional Resources
303(2)
Chapter 9 Securing Cisco Unity Connection
305(34)
Baseline Security Considerations Overview
306(5)
Securing User Access to the Unity Connection
311(5)
Securely Integrating Unity Connection with Unified CM
316(9)
Integrating with Cisco Unified CM Securely
317(1)
Applying Certificates Against the SIP Trunk Integration
318(5)
Securing Messages
323(2)
Preventing Toll Fraud in Unity Connection
325(11)
Do Not Skip PIN Logins
325(1)
Restriction Tables
325(5)
Hardening Access to the TUI/GUI
330(1)
TUI Voicemail Restricting Alternate Contact Numbers
330(3)
System Transfers from Call Handlers and Nonsystem Numbers
333(3)
Summary
336(1)
Additional Resources
337(2)
Chapter 10 Securing Cisco Meeting Server
339(44)
CMS Overview and Deployment Modes
340(2)
Operating System Hardening
342(5)
Infrastructure Considerations
347(4)
Securing CMS Connections
351(5)
Database Security
354(2)
Certificate Verification
356(4)
Transport Layer Security
359(1)
Certificate Assignment
360(7)
Application Programming Interfaces (APIs)
367(3)
Inbound and Outbound Calling
370(11)
Unified CM Configuration
374(3)
Securing CMS Spaces
377(1)
Management and Visibility
377(4)
Summary
381(1)
Additional Resources
382(1)
Chapter 11 Securing the Edge
383(44)
Business Requirements for the Collaboration Edge
383(1)
Security Considerations
383(1)
Cisco's Collaboration Edge Architecture
384(4)
IP-Based PSTN Access
386(2)
Deploying CUBE
388(15)
Toll Fraud Protection
390(1)
CUBE-Based TDoS Protection
391(1)
Session Control and Protection
392(3)
Enabling CUBE for TLS Connectivity
395(7)
VPN-Based Solutions
402(1)
VPN-less Solutions
402(1)
Business-to-Business Communication
403(1)
Security Features Within Expressway
403(3)
Deploying Mobile and Remote Access
406(14)
DNS
407(3)
Certificate Requirements for Mobile and Remote Access
410(2)
Firewall Traversal
412(1)
Authentication and Authorization for MRA
413(3)
Phone Security Profiles
416(2)
Token Scopes and Revocation
418(1)
MRA Troubleshooting
418(1)
Interactive Connectivity Establishment (ICE)
419(1)
Defending Against Attacks at the Edge
420(2)
B2B Connectivity
422(2)
Monitoring and Compliance
423(1)
Summary
424(1)
Additional Resources
425(2)
Chapter 12 Securing Cloud and Hybrid Cloud Services
427(44)
Business Drivers for Cloud and Hybrid UC Services
428(2)
Coordinating for Governance and Compliance
430(3)
Transport Security and Compliance
432(1)
Considerations for Secure Calling
433(13)
Who's Who and What Privileges?
437(1)
User Onboarding and Role-Based Access
437(1)
Directory Connector
438(2)
SAML 2.0
440(1)
OAuth 2.0
441(2)
SCIM
443(1)
Device Onboarding
443(3)
Securing Messaging Services
446(10)
End-to-End Message Encryption
447(1)
External Communications and Content Management
448(3)
Data Loss Prevention
451(4)
Mobility Management
455(1)
Meeting Management and Security Controls
456(7)
Un-Scheduled and Scheduled Meetings
457(3)
Meeting Authentication
460(1)
End-to-End Encryption for Meetings
461(1)
In Meeting Privacy Controls
462(1)
Protection of Data at Rest
463(1)
Security Across Emerging Features
463(4)
Facial Recognition
464(1)
People Insights
465(1)
Webex Assistant
466(1)
Meeting Transcription
467(1)
IoT Security
467(3)
Summary
470(1)
Additional Resources
470(1)
Afterword 471(4)
Index 475
Brett Hall, CCIE R&S, Collaboration #20774, is a Customer Solutions Architect supporting Ciscos product and service offerings for enterprise customers across the U.S. Army and defense agencies. He has more than 20 years IT experience and has worked with Cisco to support federal government initiatives for more than 13 years. He also works with Cisco business units to define product and service strategies and helps lead a global team of Cisco architects. To support customer requirements, Brett works with presales teams to engineer solutions that lead to customer adoption. Brett also drives solution development to help support future needs of his customers.

Nik Smith, Technical Leader for Collaboration at Cisco, supports Cisco Unified Collaboration (UC) products and service offerings for the public sector, enterprise, and defense agencies. His 24 years of networking experience cover technologies ranging from RF communications and telecommunications to UC. For 14 years, he has supported some of the worlds largest Cisco UC deployments. During this time, he has led several large implementation teams involved in migrating from TDM to VoIP, along with network support and modernization. He now leads a team of UC engineers supporting the public sector, Department of Defense and providing guidance and mentoring to ensure that Cisco delivers best-in-class, highly secure UC capabilities.