Cisco Unified Operating System Maintenance Guide for Cisco Unified Presence Release 8.0, 8.5, and 8.6
Securing the Cisco Unified Operating System
Downloads: This chapterpdf (PDF - 196.0KB) The complete bookPDF (PDF - 1.17MB) | Feedback

Securing the Cisco Unified Operating System

Table Of Contents

Securing the Cisco Unified Operating System

Preparing Your Browser to Optimize Security

Verifying Internet Explorer Security Settings

Creating a Login Banner

How to Manage IPSEC Policies

Creating an IPSec Policy

Enabling or Disabling an Existing IPSec Policy

Deleting an IPSec Policy


Securing the Cisco Unified Operating System


Preparing Your Browser to Optimize Security

How to Manage IPSEC Policies

Preparing Your Browser to Optimize Security

Verifying Internet Explorer Security Settings

Creating a Login Banner

Verifying Internet Explorer Security Settings

To download certificates from the server, you must ensure that your Internet Explorer security settings are configured correctly.

Procedure


Step 1 Start Internet Explorer.

Step 2 Select Tools > Internet Options.

Step 3 Select the Advanced tab.

Step 4 Scroll down to the Security section on the Advanced tab.

Step 5 If necessary, clear Do not save encrypted pages to disk.

Step 6 Select OK.


Creating a Login Banner

In Cisco Unified Presence Release 8.6(4), administrators can create a banner that users acknowledge as part of their login to any Cisco Unified Presence interfaces. The administrator creates a .txt file using any text editor, includes important notifications they want users to be made aware of, and uploads it to the Cisco Unified Presence OS Administration page. This banner will then appear on all Cisco Unified Presence interfaces notifying users of important information before they login, including legal warnings and obligations. The following interfaces will display this banner before and after a user logs in: Cisco Unified Presence Administration, Cisco Unified OS Administration, Serviceability, Reporting, Disaster Recovery System, and User Options.

Procedure


Step 1 Create a .txt file with the contents you want to display in the banner.

Step 2 Sign in to Cisco Unified Operating System Administration.

Step 3 Select Software Upgrades > Customized Logon Message.

Step 4 Select Browse and locate the .txt file.

Step 5 Select Upload File.
The banner will appear before and after login on most Cisco Unified Presence interfaces.


How to Manage IPSEC Policies

Creating an IPSec Policy

Enabling or Disabling an Existing IPSec Policy

Deleting an IPSec Policy


Note IPSec is not automatically established between nodes in a cluster during a Cisco Unified Presence installation.


Creating an IPSec Policy

You can set up a new IPSec policy. Do not, however, attempt to create IPSec policies during a Cisco Unified Presence server upgrade.


Caution IPSec, especially with encryption, will affect the performance of your system.

Before You Begin

To access the Security menu items, you must sign in again to Cisco Unified Communications Operating System Administration using your Administrator password.

Procedure


Step 1 Sign in to Cisco Unified Communications Operating System Administration.

Step 2 Select Security > IPSEC Configuration.

Step 3 Select Add New.

Step 4 Enter the new values in the appropriate fields.

Field
Description

Policy Group Name

Specifies the group name to which the IPSec policy belongs.

Policy Name

Specifies the name of the IPSec policy.

Authentication Method

Specifies the authentication method, for example, Certificate.

Preshared Key

Specifies the preshared key if you selected Pre-shared Key in the Authentication Method field.

Peer Type

Specifies whether the peer is the same type or different.

Certificate Name

Specifies the name of the certificate used for authentication.

Destination Address

Specifies the IP address or FQDN of the destination.

Destination Port

Specifies the port number at the destination.

Source Address

Specifies the IP address or FQDN of the source.

Source Port

Specifies the port number at the source.

Mode

Specifies Tunnel or Transport mode.

Remote Port

Specifies the port number to use at the destination.

Protocol

Specifies the specific protocol, or Any:

TCP

UDP

Any

Encryption Algorithm

From the list box, select the encryption algorithm. Choices include

DES

3DES

Hash Algorithm

Specifies the hash algorithm:

SHA1—Hash algorithm that is used in phase one IKE negotiation

MD5—Hash algorithm that is used in phase one IKE negotiation

ESP Algorithm

From the list box, select the ESP algorithm. Choices include

NULL_ENC

DES

3DES

BLOWFISH

RIJNDAEL

Phase One Life Time

Specifies the lifetime for phase one IKE negotiation, in seconds.

Phase One DH

From the list box, select the phase one DH value. Choices include 2, 1, 5, 14, 16, 17, and 18.

Phase Two Life Time

Specifies the lifetime for phase two IKE negotiation, in seconds.

Phase Two DH

From the list box, select the phase two DH value. Choices include 2, 1, 5, 14, 16, 17, and 18.

Enable Policy

Check to enable the IPSec policy.



What To Do Next

Enabling or Disabling an Existing IPSec Policy

Enabling or Disabling an Existing IPSec Policy

You can enable or disable an existing IPSec policy. Do not, however, attempt to create, enable or disable IPSec policies during a Cisco Unified Presence server upgrade.


Caution IPSec, especially with encryption, will affect the performance of your system.

Before You Begin

Complete the steps in Creating an IPSec Policy.

Procedure


Step 1 Sign in to Cisco Unified Communications Operating System Administration.

Step 2 Perform one of the following actions in the IPSEC Policy Configuration frame:

a. Check Enable Policy to enable the policy.

b. Uncheck Enable Policy to disable the policy.


Deleting an IPSec Policy

You can delete one or more IPSec policies. Do not, however, attempt to delete IPSec policies during a Cisco Unified Presence server upgrade.


Caution IPSec, especially with encryption, will affect the performance of your system.

Before You Begin

To access the Security menu items, you must sign in again to Cisco Unified Communications Operating System Administration using your Administrator password.

Procedure


Step 1 Sign in to Cisco Unified Communications Operating System Administration.

Step 2 Select Security > IPSEC Configuration.

Step 3 Select the policy or policies that you want to delete.

Step 4 Select Delete.