Ka Hoʻokō ʻo FIPS ma Cisco Unity Connection
Ka Hoʻokō ʻo FIPS ma Cisco Unity Connection
Hoʻolauna
ʻO FIPS, a i ʻole Federal Information Processing Standard, he palapala hōʻoia aupuni US a me Kanada e wehewehe ana i nā koi e pono e hahai nā modula cryptographic.
E akahele
Kākoʻo ʻia ke ʻano FIPS ma nā hoʻokuʻu ʻana ma o ka hoʻokō ʻana i ka FIPS. E ao ʻia e hoʻopau ʻia ke ʻano FIPS ma mua o kou hoʻonui ʻana i kahi mana hoʻokō ʻole FIPS o Cisco Unity Connection.
No ka 'ike e pili ana i ka ho'oku'u 'ana i ko FIPS a me ka view i kā lākou palapala hōʻoia, e ʻike i ka palapala FIPS 140 ma ka loulou: https://www.cisco.com/c/en/us/solutions/industries/government/global-government-certifications/fips-140.html
ʻO kekahi mau mana o Unity Connection he FIPS 140-2 e like me ka US National Institute of Standards (NIST). Hiki iā lākou ke hana ma ke ʻano FIPS, ka hoʻokō pae 1.
Ke hoʻohana nei ke ʻano FIPS 140-2 pae 1 i nā modula cryptographic i hōʻoia ʻia:
- CiscoSSL 1.1.1n.7.2.390 me FIPS Module CiscoSSL FOM 7.2a
- CiscoSSH -1.9.29
- RSA CryptoJ 6_2_3
- BC FIPS -1.0.2.3.jar
- BCTLS FIPS - 1.0.12.3.jar
- BCPKIX FIPS -1.0.5.jar
- Libreswan -3.25-9
- NSS -3.67
Nānā
No ka ʻike hou aku e pili ana i nā hoʻonui Unity Connection, e ʻike Nā ʻano hoʻonui ʻāpana o ka "Upgrading Cisco Unity Connection" mokuna o ka Install, Upgrade and Maintenance Guide no Cisco Unity Connection Release 14 i loaʻa ma https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/14/install_upgrade/guide/b_14cuciumg.html.
Ke holo nei i nā kauoha CLI no FIPS
No ka hoʻohana ʻana i ka hiʻohiʻona FIPS ma Cisco Unity Connection, hoʻohana ʻoe i nā utils fips hiki i ke kauoha CLI. Ma waho aʻe o kēia, loaʻa nā kauoha CLI e pili ana:
- utils fips disable- E hoʻohana e hoʻopau i ka hiʻohiʻona FIPS.
- hoʻohana i ke kūlana fips- E hoʻohana e nānā i ke kūlana o ka hoʻokō FIPS.
No ka 'ike hou aku e pili ana i ka utils fips Nā kauoha CLI, e ʻike i ka Interface Line Line pili
Ke alakaʻi kuhikuhi no Cisco Unified Communications Solutions ma http://www.cisco.com/c/en/us/support/unified-communications/unity-connection/products-maintenance-guides-list.html.
E akahele
Ma hope o ka ʻae ʻana a i ʻole ka hoʻopau ʻana i ke ʻano FIPS, hoʻomaka hou ke kikowaena Cisco Unity Connection.
E akahele
Inā aia ka Cisco Unity Connection server i loko o kahi pūpū, mai hoʻololi i nā hoʻonohonoho FIPS ma kekahi node ʻē aʻe a hiki i ka pau ʻana o ka hana FIPS ma ka node o kēia manawa a hoʻi hou ka ʻōnaehana.
Nānā
Ma mua o ka hoʻohana ʻana i ke ʻano FIPS ma ke kikowaena Unity Connection, e hōʻoia i ka lōʻihi o ka ʻōlelo huna he 14 ka liʻiliʻi. I ka hoʻomaikaʻi ʻana i ka Unity Connection, pono e hoʻonui ʻia ka ʻōlelo huna inā ua hoʻohana ʻia ka mana mua.
Hoʻopaʻa inoa ʻia nā palapala hōʻoia hou me ka SHA-256 hashing algorithm ma ke ʻano FIPS. Ke hoʻopuka ʻoe i kahi palapala hōʻailona ponoʻī a i ʻole Palapala Hoʻopaʻa Palapala Noi, hiki iā ʻoe ke koho wale iā SHA-256 ma ke ʻano hashing algorithm.
Nā Palapala Hoʻohou no FIPS
Hoʻoulu hou i nā palapala aʻa
Pono nā kikowaena Cisco Unity Connection me nā hoʻohui kelepona i loaʻa mua i ka palapala kumu i hana hou ʻia me ka lima ma hope o ka hiki ʻana a i ʻole ka hoʻopau ʻana i ke ʻano FIPS. Inā hoʻohana ka hoʻohui kelepona i kahi mode Authenticated or Encrypted Security, pono e hoʻouka hou ʻia ka palapala kumu i hoʻoponopono hou ʻia i nā kikowaena Cisco Unified Communications Manager e pili ana. No ka hoʻokomo hou ʻana, hiki ke ʻalo ʻia ka hana hou ʻana i ka palapala kumu ma ka hoʻā ʻana i ke ʻano FIPS ma mua o ka hoʻohui ʻana i ka hoʻohui kelepona.
Nānā
Inā loaʻa nā pūʻulu, e hana i kēia mau ʻanuʻu ma nā node a pau.
- E komo i loko o Cisco Unity Connection Administration.
- E koho i nā Telephony Integrations> Security> Root Certificate.
- Ma ka View ʻO ka ʻaoʻao Root Certificate, kaomi i ka Generate New.
- Inā hoʻohana ka hoʻohui kelepona i ke ʻano Hoʻopaʻa ʻia a i hoʻopaʻa ʻia paha, e hoʻomau me nā ʻanuʻu 5-10, a i ʻole e lele i ka ʻanuʻu 12.
- Ma ka View ʻO ka ʻaoʻao palapala palapala kumu, kaomi ʻākau i ka kaomi ʻākau e mālama i ka palapala palapala kumu ma ke ʻano he File loulou.
- E koho i Save As e nānā i kahi e mālama ai i ka palapala kumu kumu Cisco Unity Connection ma ke ʻano he a.pem file.
Nānā
Pono e mālama ʻia ka palapala hōʻoia ma ke ʻano he a file me ka extension.pem ma mua o.htm, inā ʻaʻole ʻike ʻo Cisco Unified CM i ka palapala hōʻoia. - E kope i ka palapala aʻa Cisco Unity Connection i nā kikowaena Cisco Unified CM āpau ma ka hana ʻana i kēia mau substeps:
a. Ma ka Cisco Unified CM server, e kau inoa iā Cisco Unified Operating System Administration.
b. E koho i ka palapala Manaʻo koho mai ka papa kuhikuhi Security.
c. E koho i ka Upload Certificate/Certificate Chain ma ka palapala Palapala Palapala.
d. Ma ka ʻaoʻao Upload Certificate/Certificate Chain, koho i ke koho CallManager-trust mai ka inoa palapala hāʻule iho.
e. E hoʻokomo i ka Cisco Unity Connection Root Certificate ma ke kahua palapala Root.
f. Kaomi i ka Nānā ma ka Upload File kahua e ʻimi a koho i ka palapala aʻa Cisco Unity Connection i mālama ʻia ma ka ʻanuʻu 5.
g. Kaomi iā Upload File.
h. Kaomi iā Close. - Ma ka Cisco Unified CM server, e kau inoa iā Cisco Unified Serviceability.
- E koho i ka Mana lawelawe mai ka papa kuhikuhi Mea Hana.
- Ma ka Center Control - Feature Services page, e hoʻomaka hou i ka lawelawe Cisco CallManager.
- E hana hou i nā ʻanuʻu 5-10 ma nā kikowaena Cisco Unified CM i koe ma ka hui Cisco Unified CM.
- E hoʻomaka hou i ka Unity Connection Conversation Manager Service ma ka hahai ʻana i kēia mau ʻanuʻu:
a.E komo i ka Cisco Unity Connection Serviceability.
b. E koho i ka Mana lawelawe mai ka papa kuhikuhi Mea Hana.
c. E koho i Stop no ka lawelawe Unity Connection Conversation Manager ma ka mahele Critical Services.
d. Ke hōʻike ʻia kahi ʻāpana Kūlana i kahi memo ua hoʻopau ʻia ka lawelawe Unity Connection Conversation Manager, koho E hoʻomaka no ka lawelawe. - Ua hoʻopaʻa inoa ʻia nā awa hoʻohui kelepona hou a i mua me Cisco Unified CM.
Kākoʻo ʻia ʻo FIPS no ka hoʻohui ʻana o SCCP a me SIP ma waena o Cisco Unified Communications Manager a me Cisco Unity Connection.
No ka ʻike hou aku e pili ana i ka mālama ʻana i nā palapala hōʻoia, e ʻike i ka "Hoʻoponopono i nā palapala hōʻoia a me nā papa inoa hilinaʻi palapala” ʻāpana ma ka mokuna "Security" o ka Cisco Unified Communications Operating System Administration Guide no Cisco Unity Connection i loaʻa ma https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/14/os_administration/guide/b_14cucosagx.html
Hoʻoulu hou i nā palapala Tomcat
Kākoʻo ʻo Unity Connection i nā palapala hōʻoia Tomcat kī RSA no ka hoʻonohonoho ʻana i nā kelepona paʻa me ka hoʻohana ʻana i ka SIP Integration. ʻAe kēia i ka hoʻohana ʻana iā ia iho a me ka palapala hoʻopaʻa inoa CA ʻaoʻao ʻekolu no ke kelepona palekana SIP.
Pono nā kikowaena Cisco Unity Connection me nā hoʻohui kelepona i loaʻa mua i ka palapala Tomcat i hana hou ʻia ma hope o ka hiki ʻana a i ʻole ka hoʻopau ʻana i ke ʻano FIPS. Inā hoʻohana ka hoʻohui kelepona i kahi mode Authenticated a Encrypted Security, pono e hoʻouka hou ʻia ka palapala hōʻoia tomcat i nā kikowaena Cisco Unified Communications Manager e pili ana. No ka hoʻokomo hou ʻana, hiki ke ʻalo ʻia ka hōʻano hou ʻana i ka palapala tomcat ma ke ʻae ʻana i ke ʻano FIPS ma mua o ka hoʻohui ʻana i ka hoʻohui kelepona. No ke aʻo ʻana pehea e hana hou ai i nā palapala hōʻoia, e ʻike i ka ʻāpana Nā hoʻonohonoho no nā palapala hōʻoia RSA Key Based o ka mokuna "Hoʻonohonoho i kahi Cisco Unified Communications Manager SIP Trunk Integration" ma Cisco Unified Communications Manager SIP Integration Guide no Cisco Unity Connection Release 14 i loaʻa ma https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/14/integration/cucm_sip/b_14cucintcucmsip.html.
Nānā
E hōʻoia i ka waiwai i hoʻokomo ʻia ma ka X.509 Subject Name field ma SIP Trunk Security Profile ʻO ka ʻaoʻao hoʻonohonoho o Cisco Unified Communication Manager ka FQDN o ke kikowaena Unity Connection.
Ka hoʻonohonoho ʻana i nā ʻōkuhi hou ke hoʻohana nei i ke ʻano FIPS
I mea e mālama ai i ka hoʻokō ʻana i ka FIPS, pono nā hoʻonohonoho hou aʻe no nā hiʻohiʻona aʻe:
- Pūnaewele: Intrasite, Intersite, VPIM
- Unified Messaging: Unified Messaging Services.
E hoʻonohonoho i ka pūnaewele ke hoʻohana nei i ke ʻano FIPS
Pono e hoʻopaʻa ʻia ka pūnaewele mai Cisco Unity Connection i kahi kikowaena ʻē aʻe e kahi kulekele IPsec. Loaʻa kēia i nā loulou intersite, nā loulou intrasite, a me nā wahi VPIM. ʻO ke kikowaena mamao ke kuleana no ka hōʻoiaʻiʻo ʻana i ka hoʻokō ʻana iā FIPS.
Nānā
ʻAʻole hoʻouna ʻia nā memo palekana ma kahi ʻano hoʻokō ʻia inā ʻaʻole i hoʻonohonoho ʻia kahi kulekele IPsec.
E hoʻonohonoho i ka leka hoʻohui i ka wā e hoʻohana ai i ke ʻano FIPS
Pono ka Unified Messaging Services i kēia hoʻonohonoho:
- E hoʻonohonoho i ke kulekele IPsec ma waena o Cisco Unity Connection a me Microsoft Exchange.
- Hoʻonoho i ka Web-Ke hoʻonohonoho ʻana i ke ʻano hōʻoia i ka Basic ma ka ʻaoʻao Edit Unified Messaging Service ma Unity Connection Administration. NTLM web ʻAʻole kākoʻo ʻia ke ʻano hōʻoia i ke ʻano FIPS.
E akahele
Pono ke kulekele IPsec ma waena o nā kikowaena e pale i ke ʻano kikokikona o Basic web hōʻoia.
E hoʻonohonoho i nā kulekele IPsec me ka hoʻohana ʻana i ke ʻano FIPS
No ka ʻike e pili ana i ka hoʻonohonoho ʻana i nā kulekele IPsec, e ʻike i ka ʻāpana "IPSec Management" ma ka mokuna "Security" o ka Cisco Unified Communications Operating System Administration Guide for Cisco Unity Connection ma https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/14/os_administration/guide/b_14cucosagx.html.
No ka ʻike e pili ana i ka hopena o nā kulekele IPsec me Unity Connection, e ʻike i ka "Upgrading Cisco Unity Connection" mokuna o Install, Upgrade, and Maintenance Guide no Cisco Unity Connection Release 14 i loaʻa ma
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/14/install_upgrade/guide/b_14cuciumg.html.
Nā mea i kākoʻo ʻole ʻia ke hoʻohana ʻana i ke ʻano FIPS
ʻAʻole kākoʻo ʻia nā hiʻohiʻona Cisco Unity Connection i ka wā e hoʻohana ʻia ai ke ʻano FIPS:
- ʻŌleloView lawelawe palapala.
- SIP Digest Authentication (hoʻonohonoho ʻia no ka SIP Telephony Integrations).
- SIP NTLM Authentication (hoʻonohonoho ʻia no ka SIP Telephony Integration).
- Meka wikiō.
Ka hoʻonohonoho ʻana i ka PIN Leo Leo no nā mea hoʻohana kamaʻilio Touchtone e kau inoa
ʻO ka ʻae ʻana i ka FIPS ma Cisco Unity Connection e pale aku i kahi mea hoʻohana kamaʻilio touchtone mai ke kau inoa ʻana e pāʻani a hoʻouna i nā memo leo a i ʻole e hoʻololi i nā hoʻonohonoho mea hoʻohana inā he ʻoiaʻiʻo nā koho ʻelua:
- Ua hoʻokumu ʻia ka mea hoʻohana ma Cisco Unity 5.x a i ʻole ma mua, a neʻe i Connection.
- Loaʻa i ka mea hoʻohana Unity Connection kahi PIN leo leo i hāʻawi ʻia ma Cisco Unity 5.x a i ʻole ma mua.
Hoʻokomo ʻia kahi mea hoʻohana kamaʻilio touchtone ma ke komo ʻana i kahi ID (maʻamau ka hoʻonui ʻana o ka mea hoʻohana) a me kahi PIN leka uila.
Hāʻawi ʻia ka ID a me ka PIN i ka wā i hana ʻia ai ka mea hoʻohana. Hiki i ka luna hoʻomalu a i ʻole ka mea hoʻohana ke hoʻololi i ka PIN.
No ka pale ʻana i nā luna hoʻomalu mai ke komo ʻana i nā PIN ma ka Hoʻokele Hoʻohui, ua hashed nā PIN. Ma Cisco Unity 5.x a ma mua, ua hoʻopaʻa ʻo Cisco Unity i ka PIN ma o ka hoʻohana ʻana i kahi algorithm hashing MD5, ʻaʻole i kūpono ʻo FIPS. Ma Cisco Unity 7.x a ma hope aku, a ma Unity Connection, ua hoʻopili ʻia ka PIN ma o ka hoʻohana ʻana i kahi algorithm SHA-1, ʻoi aku ka paʻakikī o ka hoʻokaʻawale ʻana a paʻa i ka FIPS.
Hashing All Voicemail PIN me SHA-1 Algorithm in Unity Connection
Ke hoʻohana ʻia ʻo FIPS, ʻaʻole nānā hou ʻo Cisco Unity Connection i ka ʻikepili no ka hoʻoholo ʻana inā ua hoʻopili ʻia ka PIN leo leo o ka mea hoʻohana me MD5 a i ʻole SHA-1 algorithm. Hoʻopili ʻo Unity Connection i nā PIN leo leo āpau me SHA-1 a hoʻohālikelike iā ia me ka PIN hashed ma ka waihona Unity Connection. ʻAʻole ʻae ʻia ka mea hoʻohana e kau inoa inā ʻaʻole kūlike ka PIN leo leo MD5 i hoʻokomo ʻia e ka mea hoʻohana me ka PIN leo leo hashed SHA-1 i ka waihona.
Kaohi ʻano ʻano FIPS
| Hiʻona | Kaohi ana |
| SNMP v3 | ʻAʻole kākoʻo ke ʻano FIPS SNMP v3 me MD5 a i ʻole DES. Inā loaʻa iā ʻoe ka SNMP v3 i hoʻonohonoho ʻia i ka wā e hiki ai ke ʻano FIPS, pono ʻoe e hoʻonohonoho iā SHA ma ke ʻano he Authentication Protocol a me AES128 ma ke ʻano he Privacy Protocol. |
| SFTP Server | Ma ka Default, ua hoʻohana ka waihona JSCH i ka ssh-rsa no ka pilina SFTP akā ʻaʻole kākoʻo ke ʻano FIPS ssh-rsa. Ma muli o kahi hōʻano hou o CentOS, kākoʻo ka waihona JSCH i ka ssh-rsa (SHA1withRSA) a i ʻole rsa-sha2-256 (SHA256withRSA) ma muli o ka waiwai FIPS ma hope o nā hoʻololi. ʻo ia, Nānā • kākoʻo ke ʻano FIPS rsa-sha2-256. • Kākoʻo ke ʻano non-FIPS i ka ssh-rsa a me rsa-sha2-256. Loaʻa ke kākoʻo rsa-sha2-256 (SHA256WithRSA) mai OpenSSH 6.8 version ma luna. Ma ke ʻano FIPS, ʻo nā kikowaena SFTP wale nō e holo ana me ka mana OpenSSH 6.8 ma luna e kākoʻo i ka rsa-sha2-256 (SHA256WithRSA). |
| SSH Host Key Algorithms | Algorithm hoʻopau ʻia: • ssh-rsa (SHAlwithRSA) Algorithm Kākoʻo Hou ʻia: • rsa-sha2-256 • rsa-sha2-512 Nānā Ma mua o ka hoʻomaikaʻi ʻana, paipai mākou iā ʻoe e kuhikuhi i ka Nā ʻano hoʻonui ʻāpana o ka "Upgrading Cisco Unity Connection" mokuna o ka Install, Upgrade and Maintenance Guide no Cisco Unity Connection Release 14 i loaʻa ma https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/14/install_upgrade/guide/b_14cuciumg.html. |
| Kulekele IPSec | ʻAʻole e hana ʻia ke kulekele IPSec e pili ana i ka palapala i ka wā e neʻe ai Non-FIPS i FIPS a i ʻole. E hana i kēia ke neʻe ʻoe mai ke ʻano Non-FIPS i FIPS a i ole ia. Inā loaʻa iā ʻoe kahi kulekele IPSec e pili ana i ka palapala a ma kona kūlana i hiki ai: 1. Hoʻopau i ke kulekele IPSec ma mua o ka neʻe ʻana i ka FIPS a i ʻole vice ano 2. E hōʻoia hou i ka palapala hōʻoia a hoʻololi i ka palapala hōʻoia hou ma hope o ka neʻe ʻana i ke ʻano FIPS a i ʻole. 3. E ho'ā i ke kulekele IPSec. |
Palapala / Punawai
 |
Hoʻokuʻu ʻia ʻo CISCO 14 Unity Connection [pdf] Ke alakaʻi hoʻohana Hoʻokuʻu 14 Hoʻohui Unity, Hoʻokuʻu 14, Hoʻohui Unity, Hoʻohui |
 |
Hoʻokuʻu ʻia ʻo CISCO 14 Unity Connection [pdf] Ke alakaʻi hoʻohana Hoʻokuʻu 14 Unity Connection, Unity Connection, Connection |
