Cisco Unified Communications Operating System Administration Guide, Release 9.1(1)
Security
Downloads: This chapterpdf (PDF - 1.16MB) The complete bookPDF (PDF - 3.24MB) | Feedback

Security

Security

Browser security

Verify Internet Explorer security settings

To download certificates from the node, you must ensure that your Internet Explorer security settings are configured correctly.

Procedure
    Step 1   Start Internet Explorer.
    Step 2   Select Tools > Internet Options.
    Step 3   Select the Advanced tab.
    Step 4   Scroll down to the Security section on the Advanced tab.
    Step 5   If necessary, clear Do not save encrypted pages to disk.
    Step 6   Select OK.

    Create login banner

    From Cisco Unified Presence Release 8.6(4), you can create a banner that users acknowledge as part of their login to any IM and Presence interface. You must create a .txt file using any text editor, include important notifications that you want users to be made aware of, and upload it to Cisco Unified IM and Presence Operating System Administration. This banner will then appear on all IM and Presence Service interfaces notifying users of important information before they login, including legal warnings and obligations. The following interfaces will display this banner before and after a user logs in:
    • Cisco Unified Communications Manager IM and Presence Administration
    • Cisco Unified IM and Presence Operating System Administration
    • Cisco Unified IM and Presence Serviceability
    • Cisco Unified IM and Presence Reporting
    • IM and Presence Disaster Recovery System
    • Cisco Unified Communications Manager IM and Presence User Options
    Procedure
      Step 1   Create a .txt file with the contents you want to display in the banner.
      Step 2   Sign in to Cisco Unified IM and Presence Operating System Administration.
      Step 3   Select Software Upgrades > Customized Logon Message.
      Step 4   Select Browse and locate the .txt file.
      Step 5   Select Upload File.
      Step 6   The banner will appear before and after login on most IM and Presence interfaces.

      IPsec policy management


      Note


      IPsec is not automatically established between nodes in a cluster during installation of the IM and Presence Service.


      Create IPsec policy

      You can set up a new IPsec policy. Do not, however, attempt to create IPsec policies during an IM and Presence node upgrade.


      Caution


      IPsec, especially with encryption, will affect the performance of your system.


      Before You Begin

      To access the Security menu items, you must sign in again to Cisco Unified IM and Presence Operating System Administration using your Administrator password.

      Procedure
        Step 1   Sign in to Cisco Unified IM and Presence Operating System Administration.
        Step 2   SelectSecurity > IPSEC Configuration.
        Step 3   Select Add New.
        Step 4   Enter the new values in the appropriate fields.

        Field

        Description

        Policy Group Name

        Specifies the group name to which the IPsec policy belongs.

        Policy Name

        Specifies the name of the IPsec policy.

        Authentication Method

        Specifies the authentication method, for example, Certificate.

        Preshared Key

        Specifies the preshared key if you selected Pre-shared Key in the Authentication Method field.

        Peer Type

        Specifies whether the peer is the same type or different.

        Certificate Name

        Specifies the name of the certificate used for authentication.

        Destination Address

        Specifies the IP address or FQDN of the destination.

        Destination Port

        Specifies the port number at the destination.

        Source Address

        Specifies the IP address or FQDN of the source.

        Source Port

        Specifies the port number at the source.

        Mode

        Specifies Tunnel or Transport mode.

        Remote Port

        Specifies the port number to use at the destination.

        Protocol

        Specifies the specific protocol, or Any:

        • TCP
        • UDP
        • Any

        Encryption Algorithm

        From the list box, select the encryption algorithm. Choices include

        • DES
        • 3DES

        Hash Algorithm

        Specifies the hash algorithm:

        • SHA1—Hash algorithm that is used in phase one IKE negotiation
        • MD5—Hash algorithm that is used in phase one IKE negotiation

        ESP Algorithm

        From the list box, select the ESP algorithm. Choices include

        • NULL_ENC
        • DES
        • 3DES
        • BLOWFISH
        • RIJNDAEL

        Phase One Life Time

        Specifies the lifetime for phase one IKE negotiation, in seconds.

        Phase One DH

        From the list box, select the phase one DH value. Choices include 2, 1, 5, 14, 16, 17, and 18.

        Phase Two Life Time

        Specifies the lifetime for phase two IKE negotiation, in seconds.

        Phase Two DH

        From the list box, select the phase two DH value. Choices include 2, 1, 5, 14, 16, 17, and 18.

        Enable Policy

        Check to enable the IPsec policy.


        What to Do Next

        Enable or Disable existing IPsec policy

        Enable or Disable existing IPsec policy

        You can enable or disable an existing IPsec policy. Do not, however, attempt to create, enable or disable IPsec policies during an IM and Presence node upgrade.


        Caution


        IPsec, especially with encryption, will affect the performance of your system.


        Before You Begin

        Complete the steps to create an IPsec policy.

        Procedure
          Step 1   Sign in to Cisco Unified IM and Presence Operating System Administration.
          Step 2   Perform one of the following actions in the IPSEC Policy Configuration frame:
          1. Check Enable Policy to enable the policy.
          2. Uncheck Enable Policy to disable the policy.

          Related Tasks

          Delete IPsec policy

          You can delete one or more IPsec policies. Do not, however, attempt to delete IPsec policies during an IM and Presence node upgrade.


          Caution


          IPsec, especially with encryption, will affect the performance of your system.


          Before You Begin

          To access the Security menu items, you must sign in again to Cisco Unified IM and Presence Operating System Administration using your Administrator password.

          Procedure
            Step 1   Sign in to Cisco Unified IM and Presence Operating System Administration.
            Step 2   Select Security > IPSEC Configuration.
            Step 3   Select the policy or policies that you want to delete.
            Step 4   Select Delete.