logo cisco

Ngamanake Sambungan antarane Cisco Unity
Sambungan, Cisco Unified Communications
Manager, lan IP Phones

CISCO Unity Connection Unified Communications Manager

• Ngamanake Sambungan antarane Cisco Unity Connection, Cisco Unified Communications Manager, lan IP Phones, ing kaca 1
Ngamanake Sambungan antarane Cisco Unity Connection, Cisco Unified Communications Manager, lan IP Phones

Isine ndhelikake
1 Pambuka
2 Drive enkripsi dhewe
3 Dokumen / Sumber Daya
3.1 Referensi

Pambuka

Ing bab iki, sampeyan bakal nemokake gambaran saka masalah keamanan potensial related kanggo sambungan antarane Cisco Unity Connection, Cisco Unified Communications Manager, lan telpon IP; informasi babagan tumindak sing kudu ditindakake; rekomendasi sing mbantu sampeyan nggawe keputusan; diskusi babagan akibat saka keputusan sing sampeyan lakoni; lan praktik paling apik.

Masalah Keamanan kanggo Sambungan antarane Sambungan Unity, Cisco Unified Manajer Komunikasi, lan Telpon IP
Titik potensial kerentanan kanggo sistem Cisco Unity Connection yaiku sambungan antarane port olahpesen swara Unity Connection (kanggo integrasi SCCP) utawa grup port (kanggo integrasi SIP), Cisco Unified Communications Manager, lan telpon IP.

Ancaman sing bisa uga kalebu:

  • Serangan man-in-the-middle (nalika aliran informasi antarane Cisco Unified CM lan Unity Connection diamati lan diowahi)
  • Lalu lintas jaringan sniffing (nalika piranti lunak digunakake kanggo njupuk obrolan telpon lan informasi sinyal sing mili ing antarane Cisco Unified CM, Unity Connection, lan telpon IP sing dikelola dening Cisco Unified CM)
  • Modifikasi sinyal telpon antarane Unity Connection lan Cisco Unified CM
  • Modifikasi aliran media antarane Sambungan Unity lan titik pungkasan (kanggo example, telpon IP utawa gateway)
  • Maling identitas saka Unity Connection (nalika piranti non-Unity Connect nampilake dhewe menyang Cisco Unified CM minangka server Unity Connection)
  • Nyolong identitas server Cisco Unified CM (nalika server CM Unified non-Cisco nampilake dhewe menyang Unity Connection minangka server Cisco Unified CM)

CiscoUnifiedCommunicationsManagerFeaturesSecurity for Unity Connection Voice Messaging Ports
Cisco Unified CM bisa ngamanake sambungan karo Unity Connection marang ancaman sing kadhaptar ing Masalah Keamanan kanggo Sambungan antarane Unity Connection, Cisco Unified Communications Manager, lan IP Phones.
Cisco Unified CM fitur keamanan sing Unity Connection bisa njupuk advantage saka diterangake ing Tabel 1: Cisco Unified CM Fitur Keamanan Digunakake dening Cisco Unity Connection.

Tabel 1: Cisco Unified CM Fitur Keamanan Digunakake dening Cisco Unity Connection

Fitur Keamanan Katrangan
Otentikasi sinyal Proses sing nggunakake protokol Transport Layer Security (TLS) kanggo validasi yen ora tampering wis kedaden kanggo sinyal paket sak transmisi.
Otentikasi sinyal gumantung ing nggawe Cisco Certificate Trust List (CTL) file.
Fitur iki nglindhungi saka:
• serangan Man-in-the-tengah sing ngowahi aliran informasi antarane Cisco Unified CM lan Unity Connection.
• Modifikasi sinyal telpon.
• Nyolong identitas server Unity Connection.
• nyolong Identity saka server Cisco Unified CM.
Otentikasi piranti Proses sing validasi identitas piranti lan mesthekake yen entitas iku apa sing diklaim. Proses iki dumadi antarane Cisco Unified CM lan salah siji bandar olahpesen swara Unity Connect (kanggo integrasi SCCP) utawa grup port Unity Connect (kanggo integrasi SIP) nalika saben piranti nampa certificate saka piranti liyane. Nalika sertifikat ditampa, sambungan aman antarane piranti digawe. Otentikasi piranti gumantung ing nggawe Cisco Certificate Trust List (CTL) file.
Fitur iki nglindhungi saka:
• serangan Man-in-the-tengah sing ngowahi aliran informasi antarane Cisco Unified CM lan Unity Connection.
• Modifikasi stream media.
• Nyolong identitas server Unity Connection.
• nyolong Identity saka server Cisco Unified CM.
Enkripsi sinyal Proses sing nggunakake cara cryptographic kanggo nglindhungi (liwat enkripsi) rahasia kabeh SCCP utawa pesen sinyal SIP sing dikirim antarane Unity Connection lan Cisco Unified CM. Enkripsi sinyal mesthekake yen informasi sing ana hubungane karo pihak, digit DTMF sing dilebokake pihak, status telpon, kunci enkripsi media, lan liya-liyane dilindhungi saka akses sing ora disengaja utawa ora sah.
Fitur iki nglindhungi saka:
• serangan Man-in-the-tengah sing mirsani aliran informasi antarane Cisco Unified CM lan Unity Connection.
• lalu lintas jaringan sniffing sing mirsani aliran informasi signaling antarane Cisco Unified CM lan Unity Connection.
Enkripsi media Proses ing ngendi kerahasiaan media dumadi kanthi nggunakake prosedur kriptografi.
Proses iki nggunakake Secure Real Time Protocol (SRTP) kaya sing ditegesake ing IETF RFC 3711, lan mesthekake yen mung panampa sing dituju bisa napsirake aliran media ing antarane Unity Connection lan titik pungkasan (kanggo ex.ample, telpon utawa gateway). Dhukungan kalebu stream audio mung. Enkripsi media kalebu nggawe pasangan tombol Media Player kanggo piranti kasebut, ngirimake kunci menyang Unity Connection lan titik pungkasan, lan ngamanake pangiriman kunci nalika tombol kasebut ana ing transportasi. Sambungan Unity lan titik pungkasan nggunakake tombol kanggo enkripsi lan dekripsi aliran media.
Fitur iki nglindhungi saka:
• serangan Man-in-the-tengah sing ngrungokake stream media antarane Cisco Unified CM lan Unity Connection.
• lalu lintas jaringan sniffing sing eavesdrops ing obrolan telpon sing mili antarane Cisco Unified CM, Unity Connection, lan telpon IP sing ngatur dening Cisco Unified CM.

Otentikasi lan enkripsi sinyal dadi syarat minimal kanggo enkripsi media; yaiku, yen piranti ora ndhukung enkripsi lan otentikasi sinyal, enkripsi media ora bisa kedadeyan.
Cisco Unified CM keamanan (asli lan enkripsi) mung nglindhungi telpon kanggo Unity Connection. Pesen sing direkam ing toko pesen ora dilindhungi dening otentikasi Cisco Unified CM lan fitur enkripsi nanging bisa dilindhungi dening fitur olahpesen aman pribadi Unity Connection. Kanggo rincian babagan fitur olahpesen aman Sambungan Unity, deleng Nangani Pesen sing Ditandha Pribadi lan Aman.

Drive enkripsi dhewe

Cisco Unity Connection uga ndhukung drive enkripsi (SED). Iki uga disebut Full Disk Encryption (FDE). FDE minangka cara kriptografi sing digunakake kanggo ndhelik kabeh data sing kasedhiya ing hard drive.
Data kasebut kalebu files, sistem operasi lan program lunak. Piranti keras sing kasedhiya ing disk ndhelik kabeh data sing mlebu lan dekripsi kabeh data sing metu. Nalika drive dikunci, kunci enkripsi digawe lan disimpen ing njero. Kabeh data sing disimpen ing drive iki ndhelik nggunakake tombol kasebut lan disimpen ing wangun ndhelik. FDE kalebu ID kunci lan kunci keamanan.
Kanggo informasi luwih lengkap, waca https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/gui/config/guide/2-0/b_Cisco_UCS_C-series_GUI_Configuration_Guide_201/b_Cisco_UCS_C-series_GUI_Configuration_Guide_201_chapter_010011.html#concept_E8C37FA4A71F4C8F8E1B9B94305AD844.

Setelan Mode Keamanan kanggo Cisco Unified Communications Manager lan Unity Sambungan
Cisco Unified Communications Manager lan Cisco Unity Connection duwe opsi mode keamanan sing ditampilake ing Tabel 2: Pilihan Mode Keamanan kanggo port olahpesen swara (kanggo integrasi SCCP) utawa grup port (kanggo integrasi SIP).

Ikon peringatan Ati-ati
Setelan Mode Keamanan Cluster kanggo port olahpesen swara Unity Connection (kanggo integrasi SCCP) utawa grup port (kanggo integrasi SIP) kudu cocog karo setelan mode keamanan kanggo bandar Cisco Unified CM.
Yen ora, otentikasi lan enkripsi Cisco Unified CM gagal.

Tabel 2: Pilihan Mode Keamanan

Setelan Efek
Ora aman Integritas lan privasi pesen telpon-sinyal ora mesthekake amarga pesen telpon-sinyal dikirim minangka cetha (ora enkripsi) teks sing disambungake menyang Cisco Unified CM liwat port non-diaslikake tinimbang port TLS asli. Kajaba iku, stream media ora bisa dienkripsi.
Bener Integritas pesen telpon-sinyal wis mesthekake amarga padha disambungake menyang Cisco Unified CM liwat port TLS otentikasi. Nanging, ing
privasi pesen telpon-signaling ora mesthekake amarga padha dikirim minangka cetha (unencrypted) teks. Kajaba iku, stream media ora dienkripsi.
ndhelik Integritas lan privasi pesen telpon-signaling wis mesthekake amarga padha disambungake menyang Cisco Unified CM liwat port TLS asli, lan pesen telpon-signaling sing ndhelik. Kajaba iku, stream media bisa dienkripsi. Loro titik pungkasan kudu didaftar ing mode ndhelik
kanggo stream media supaya ndhelik. Nanging, nalika siji titik pungkasan disetel kanggo mode non-aman utawa otentikasi lan titik pungkasan liyane disetel kanggo mode ndhelik, stream media ora ndhelik. Uga, yen piranti intervening (kayata transkoder utawa gateway) ora diaktifake kanggo enkripsi, stream media ora dienkripsi.

Praktik Paling Apik kanggo Ngamanake Sambungan antarane Sambungan Unity, Manajer Komunikasi Cisco Unified, lan Telpon IP
Yen sampeyan pengin ngaktifake otentikasi lan enkripsi kanggo port olahpesen swara ing Cisco Unity Connection lan Cisco Unified Communications Manager, ndeleng Cisco Unified Communications Manager SCCP Integration Guide kanggo Unity Connection Release 12.x, kasedhiya ing
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/12x/integration/guide/cucm_sccp/b_12xcucintcucmskinny.html

Ngamanake Sambungan antarane Cisco Unity Connection, Cisco Unified Communications Manager, lan IP Phones

Dokumen / Sumber Daya

CISCO Unity Connection Unified Communications Manager [pdf] Pandhuan pangguna
Unity Connection Unified Communications Manager, Connection Unified Communications Manager, Unified Communications Manager, Communications Manager, Manager

Referensi

Ninggalake komentar

Alamat email sampeyan ora bakal diterbitake. Kolom sing dibutuhake ditandhani *