Security Best Practices Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0
Downloads: This chapterpdf (PDF - 454.0 KB) The complete bookPDF (PDF - 3.48 MB) | Feedback




This document describes security hardening configuration guidelines for Cisco Unified Intelligent Contact Management ( Unified ICM) Release 9.0(1) on Windows Server 2008 R2 and Windows Server 2008 R2. The term " Unified ICM" includes: Unified Contact Center Enterprise/Hosted ( Unified CCE/CCH), and Cisco Unified Intelligent Contact Management Enterprise/Hosted. Optional Unified ICM applications that apply to these server configurations are also addressed here, with the exception of the following: Cisco Unified Web Interaction Manager ( Unified WIM), Media Blender (when not co-resident with a Peripheral Gateway [PG]; if co-resident with a PG then these best practices are applicable), Dynamic Content Adapter and Cisco Unified E-Mail Interaction Manager ( Unified EIM). References throughout this document to " Unified ICM/ Cisco Unified Contact Center Enterprise ( Unified CCE)" will assume the aforementioned configurations. Any accompanying applications that make up the customer's particular solution, whether Cisco provided—such as PSO applications—or provided by a Cisco partner, have not been approved for use with these security hardening recommendations. Special testing and qualification must be considered to ensure that recommended security configurations do not hinder the operation of those applications.

The configurations presented in this document represent parameters used internally within Cisco to develop and test the applications. Other than the base Operating System and application installations, any deviation from this set cannot be guaranteed to provide a compatible operating environment. It is important to note recommendations contained in this document will not always be uniformly implemented; some implementations—as based on corporate policy, specific IT utilities (for example, backup accounts) or other external guidelines—may modify or limit the application of these guidelines.


Operating System Security Hardening is not supported for Release 9.0(1).


This document is primarily intended for server administrators and OS and application installers.

It is assumed that the target reader of this document is an experienced administrator familiar with Windows Server 2008 R2 and Windows Server 2008 R2 installations. It is further assumed that the reader is fully familiar with the applications that make up the Unified ICM/Unified CCE solution, as well as with the installation and administration of these systems. It is the intent of these best practices to additionally provide a consolidated view of securing the various third-party applications on which the Cisco contact center applications depend. If vendor recommendations differ from these guidelines, following such recommendations may result in systems that are not protected from malicious attacks.


This document is organized into the following chapters:



Encryption support

A brief overview of the encryption methods used in Unified ICM/ Unified CCE.

IPsec and NAT support

Security best practices for deploying IPsec and Network Address Translation (NAT) in an Unified ICM/ Unified CCE environment.

IPsec with Network Isolation Utility

Details on how to deploy a preconfigured IPsec policy for Unified ICM/CCE environment.

Windows Server 2008 R2 firewall configuration

The use of Windows Firewall and details about the Cisco Windows Firewall configuration script.

Cisco Unified Contact Center Security Wizard

Details on how to use the Security Wizard to configure various security features.

Microsoft Windows

Security Best Practices to use when updating Windows Server 2008 R2.

SQL Server Hardening

Security Best Practices for SQL Server.

Cisco SSL Encryption utility

Details on using the SSL Encryption Utility.

Microsoft Baseline Security Analyzer

Example of what to expect when running MBSA on a typical Unified ICM Server.


Security Best Practices for setting Auditing Policies on Unified ICM/CCE Servers.

General antivirus guidelines and recommendations

General Antivirus guidelines and recommendations.

Remote administration

Security Best Practices to consider when using various remote administration applications.

Additional security best practices

Additional Security Best Practices for:

  • Additional Cisco Call Center Applications
  • Microsoft Internet Information Server
  • Sybase EAServer (Jaguar)
  • RMS Listener Hardening
  • WMI Service Hardening
  • SNMP Service Hardening
  • Toll Fraud Prevention
  • Syskey
  • Third-Party Security Providers
  • Third-Party Management Agents

Related documentation

Documentation for Cisco Unified ICM/Contact Center Enterprise & Hosted, as well as related documentation, is accessible from at:

Product naming conventions

In this release, the product names listed in the table below have changed. The New Name (long version) is reserved for the first instance of that product name and in all headings. The New Name (short version) is used for subsequent instances of the product name.


This document uses the naming conventions provided in each GUI, which means that in some cases the old product name is in use.

Old Product Name

New Name (long version)

New Name (short version)

Cisco IPCC Enterprise Edition

Cisco Unified Contact Center Enterprise

Unified CCE

Cisco IPCC Hosted Edition

Cisco Unified Contact Center Hosted

Unified CCH

Cisco Intelligent Contact Management (ICM) Enterprise Edition

Cisco Unified Intelligent Contact Management Enterprise

Unified ICME

Cisco Intelligent Contact Management (ICM) Hosted Edition

Cisco Unified Intelligent Contact Management Hosted

Unified ICMH

Cisco Call Manager/Cisco Unified Call Manager

Cisco Unified Communications Manager

Unified CM


This manual uses the following conventions:



boldface font

Boldface font is used to indicate commands, such as user entries, keys, buttons, and folder and submenu names. For example:
  • Choose Edit > Find.
  • Click Finish.

italic font

Italic font is used to indicate the following:
  • To introduce a new term; for example: A skill group is a collection of agents who share similar skills.
  • For emphasis; for example: Do not use the numerical naming convention.
  • A syntax value that the user must replace; for example: IF(condition, true-value, false-value)
  • A book title; for example: Refer to the Cisco CRS Installation Guide.

window font

Window font, such as Courier, is used for the following:
  • Text as it appears in code or that the window displays; for example: <html><title>Cisco Systems,Inc. </title></html>
  • Navigational text when selecting menu options; for example: ICM Configuration Manager > Tools > Explorer Tools > Agent Explorer

< >

Angle brackets are used to indicate the following:
  • For arguments where the context does not allow italic, such as ASCII output.
  • A character string that the user enters but that does not appear on the window such as a password.

Documentation and service requests

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Documentation feedback

You can provide comments about this document by sending email to the following address:

We appreciate your comments.