Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
Configuring Security Features for Cisco Unified MeetingPlace Express
Downloads: This chapterpdf (PDF - 238.0KB) The complete bookPDF (PDF - 5.53MB) | Feedback

Configuring Security Features for Cisco Unified MeetingPlace Express

Table Of Contents

Configuring Security Features for Cisco Unified MeetingPlace Express

Security Recommendations For Your System

About Toll Fraud Prevention Options

How to Secure Your System

Configuring User Password Requirements

Limiting the Number of Failed User Login Attempts

Configuring Requirements for Meeting Passwords

Restricting Access to Scheduled Meetings and Recordings

Restricting the Use of Vanity Meeting IDs

Restricting Third Parties from Starting Reservationless Meetings

Restricting Dial-Out Privileges for Guest Users

Restricting Dial-Out Privileges for Profiled Users


Configuring Security Features for Cisco Unified MeetingPlace Express


Revised: October 18, 2006, OL-11374-01

This chapter describes how to improve the security of your system.

Topics in this section include:

Security Recommendations For Your System

About Toll Fraud Prevention Options

How to Secure Your System

The content in this chapter applies in the following cases:

You have a Cisco Unified MeetingPlace Express system.

You have a Cisco Unified MeetingPlace Express VT system.

Security Recommendations For Your System

While your company may already have guidelines for restricting access to its computer systems, we also recommend that you perform the tasks listed in Table 11-1.

Table 11-1 Security Recommendations for Cisco Unified MeetingPlace Express

Security Recommendation
Where to Find Information

Secure the server's physical location. Keep the server in an area protected by a lock or a card-key system to prevent unauthorized access to the system.

Keep the database current. Deactivate or delete the user profiles of employees who leave the company.

Information About the Active, Inactive, and Locked States of User Profiles, page 8-23

Change the default passwords for the preconfigured Admin profile.

Changing the Passwords for the Admin Profile, page 1-2

Complete as many security-related tasks as are appropriate for your user base.

How to Secure Your System.


Related Topics

About Toll Fraud Prevention Options

About Toll Fraud Prevention Options

Cisco Unified MeetingPlace Express enables you to monitor and prevent toll fraud occurrences by doing the following:

Restrict dial-out privileges to specific users by completing these tasks:

Restricting Dial-Out Privileges for Guest Users

Restricting Dial-Out Privileges for Profiled Users.

Monitor dial-out usage by completing these tasks:

Running a Report about Port Utilization

Exporting Information about Outgoing Calls

Exporting Information about Meetings

Related Topics

Security Recommendations For Your System

How to Secure Your System

This section provides tasks that help improve the security of your system. Topics in this section include:

Configuring User Password Requirements

Limiting the Number of Failed User Login Attempts

Configuring Requirements for Meeting Passwords

Restricting Access to Scheduled Meetings and Recordings

Restricting the Use of Vanity Meeting IDs

Restricting Third Parties from Starting Reservationless Meetings

Restricting Dial-Out Privileges for Guest Users

Restricting Dial-Out Privileges for Profiled Users

Configuring User Password Requirements

You can increase the security of your Cisco Unified MeetingPlace Express system by doing the following:

Requiring longer user passwords

Requiring users to change their passwords more frequently

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click System Configuration.

b. Click Usage Configuration.

Step 4 In the Usage Configuration page, configure the following fields:

Minimum profile password length, page C-145—A higher value is more secure than a lower value.

Change profile password (days), page C-145—A lower value is more secure than a higher value.

Minimum user password length, page C-145—A higher value is more secure than a lower value.

Change user password (days), page C-145—A lower value is more secure than a higher value.

Step 5 Click Save.


Tip

Remember that long passwords and frequent password changes may frustrate your users. Align your password requirements with those already in use at your company.

Related Topics

Security Recommendations For Your System

About This Page: Usage Configuration, page C-144

Limiting the Number of Failed User Login Attempts

This topic describes how to configure the number of times in a session that a user can fail to log in to Cisco Unified MeetingPlace Express before the user profile becomes "locked." Users with locked user profiles cannot log in.

Before You Begin

The preconfigured Admin profile cannot be locked.

Before reaching the maximum number of login attempts, the user may restart the counter for failed login attempts by taking one of the following actions:

Close the browser and open a new one to continue the login attempts.

End the call to Cisco Unified MeetingPlace Express and begin a new call to continue the login attempts.

Calls to the attendant are not supported if you use a SIP trunk to integrate Cisco Unified MeetingPlace Express with Cisco Unified CallManager Release 4.x.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click System Configuration.

b. Click Usage Configuration.

Step 4 In the Usage Configuration page, configure the following field:

Maximum profile login attempts, page C-146—A lower value is more secure than a higher value.

Step 5 Click Save.


Related Topics

Cisco Unified CallManager Restrictions for Integration in a SIP Environment

Security Recommendations For Your System

Information About the Active, Inactive, and Locked States of User Profiles, page 8-23

About This Page: Usage Configuration, page C-144

About the Admin Profile, page 8-21

Configuring Requirements for Meeting Passwords

You can increase the security of your Cisco Unified MeetingPlace Express system by doing the following:

Requiring passwords for meetings scheduled by some or all users

Requiring longer meeting passwords

Meeting passwords prevent uninvited people from attending meetings.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page, click Meeting Configuration.

Step 4 In the Meeting Configuration page, configure the following field:

Minimum meeting password length, page C-101—A higher value is more secure than a lower value.

Step 5 Click Save.

Step 6 On the left side of the page, click User Configuration.

Step 7 Take one of the following actions:

To configure a user group, click User Group Management.

To configure an individual user profile, click User Profile Management.

Step 8 Take one of the following actions:

To configure an existing user group or user profile, click Edit.

To configure a new user group or user profile, click Add New. Configure the required fields, which are marked with an asterisk.

Step 9 Configure one of the following fields:

Password required, page C-12 (user group)—Select Yes.

Password required, page C-23 (user profile)—Select Yes.

Step 10 Click Save.

Step 11 Repeat Step 6 through Step 10 for all user groups and user profiles for which you want to require meeting passwords.


Tips

Remember that the password must be communicated to the meeting invitees in order for them to join the meeting:

Configure user groups and user profiles to include passwords in e-mail notifications. See the "Configuring E-Mail Notification Settings for a User Group" section.

If not all meeting invitees will receive e-mail notifications, then the meeting scheduler or another organizer must manually communicate the meeting password.

Related Topics

Security Recommendations For Your System

About This Page: Meeting Configuration, page C-97

About This Page: Add User Group, page C-9

About This Page: Add User Profile, page C-16

Restricting Access to Scheduled Meetings and Recordings

This topic describes how to restrict unprofiled users from taking the following actions:

Attend meetings that are scheduled by some or all users.

Listen to meetings recorded by some or all users.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page, click User Configuration.

Step 4 Take one of the following actions:

To configure a user group, click User Group Management.

To configure an individual user profile, click User Profile Management.

Step 5 Take one of the following actions:

To configure an existing user group or user profile, click Edit.

To configure a new user group or user profile, click Add New. Configure the required fields, which are marked with an asterisk.

Step 6 To restrict meeting attendance and access to meeting recordings to profiled users, configure one of the following fields to "Users with Cisco Unified MeetingPlace Express profiles only":

Who can attend, page C-12 (user group)

Who can attend, page C-23 (user profile)

Step 7 Click Save.

Step 8 Repeat Step 3 through Step 7 for all user groups and user profiles for which you want to restrict meeting access to profiled users.


Tips

Remember that if meeting attendance is restricted to profiled users, then unprofiled external users (such as your customers or business partners) and users with locked profiles cannot attend.

Similarly, if access to meeting recordings is restricted to profiled users, then unprofiled external users (such as your customers or business partners) and users with locked profiles cannot access these meeting recordings.

Related Topics

Security Recommendations For Your System

About This Page: Add User Group, page C-9

About This Page: Add User Profile, page C-16

Restricting the Use of Vanity Meeting IDs

By default, Cisco Unified MeetingPlace Express allows the meeting scheduler to request a specific meeting ID, such as one that is easy to remember (12345) or one that spells a word (24726 or CISCO). If, however, an uninvited person knows the phone number of your Cisco Unified MeetingPlace Express server, then that person can easily guess a popular meeting ID and join a meeting that he is not authorized to attend.

This topic describes how to prevent unauthorized meeting attendance by disabling the ability to request a vanity meeting ID when scheduling a meeting. Instead, a unique, randomly generated ID is assigned to every scheduled meeting. Users cannot change the assigned meeting IDs.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page, click Meeting Configuration.

Step 4 In the Meeting Configuration page, configure the following field:

Allow vanity meeting IDs, page C-101—Select No.

Step 5 Click Save.


Related Topics

Security Recommendations For Your System

About This Page: Meeting Configuration, page C-97

What to Do Next

You can also prevent unauthorized meeting attendance in the following ways:

Requiring meeting passwords—See the "Configuring Requirements for Meeting Passwords" section.

Restricting scheduled meeting attendance to profiled users—See the "Restricting Access to Scheduled Meetings and Recordings" section.

Restricting Third Parties from Starting Reservationless Meetings

This topic describes how to configure the system so that only the meeting owner may start a reservationless meeting.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click System Configuration.

b. Click Meeting Configuration.

Step 4 In the Meeting Configuration page, configure the following field:

Reservationless: Allow 3rd party initiate, page C-101—Select No.

Step 5 Click Save.


Related Topics

Information About Reservationless Meetings

Security Recommendations For Your System

Information About the Active, Inactive, and Locked States of User Profiles, page 8-23

About This Page: Usage Configuration, page C-144

Restricting Dial-Out Privileges for Guest Users

This topic describes how to restrict guests from dialing out. By completing this task, only profiled users who successfully log in to Cisco Unified MeetingPlace Express can dial out. This restriction can reduce the potential for toll fraud.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click System Configuration.

b. Click Usage Configuration.

Step 4 In the Usage Configuration page, set the Allow guest outdials field to No.

Step 5 Click Save.


Related Topics

Security Recommendations For Your System

About Dial-Out Features and Voice Prompt Languages, page 8-11

About Toll Fraud Prevention Options

Restricting Dial-Out Privileges for Profiled Users

Exporting Information about Outgoing Calls

About This Page: User Group Management, page C-152

About This Page: User Profile Management, page C-153

What to Do Next

To further restrict dial-out privileges on your system, proceed to the "Restricting Dial-Out Privileges for Profiled Users" section.

Restricting Dial-Out Privileges for Profiled Users

This topic describes how to restrict dial-out privileges to specific user groups and user profiles. Restricting dial-out privileges reduces the potential for toll fraud.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 Click User Configuration on the left side of the page.

Step 4 To restrict dial-out privileges for specific user groups, complete these steps:

a. Click User Group Management.

b. In the User Group Management page, select a user group and click Edit in the same row. The Edit User Groups Details page appears.

c. To restrict dial-out privileges, configure the following fields:

Can call out of meetings—Set to No.

Ask for profile password—Set to Yes.

d. Click Save.

e. Repeat Step 4 for all user groups whose dial-out privileges you want to restrict.

Step 5 To restrict dial-out privileges for specific user profiles, complete these steps:

a. Click User Profile Management.

b. In the User Profile Management page, select a user profile and click Edit in the same row. The Edit user profiles details page appears.

c. To restrict dial-out privileges, configure the following fields:

Can call out of meetings—Set to No.

Ask for profile password—Set to Yes.

d. Click Save.

e. Repeat Step 5 for all user profiles whose dial-out privileges you want to restrict.


Related Topics

Security Recommendations For Your System

About Dial-Out Features and Voice Prompt Languages, page 8-11

About Toll Fraud Prevention Options

Restricting Dial-Out Privileges for Guest Users

Exporting Information about Outgoing Calls

About This Page: User Group Management, page C-152

About This Page: User Profile Management, page C-153