-
Security Best Practices Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0
-
Preface
-
Encryption support
-
IPsec and NAT support
-
IPsec with Network Isolation Utility
-
Windows Server 2008 R2 firewall configuration
-
Cisco Unified Contact Center Security Wizard
-
Microsoft Windows
-
SQL Server Hardening
-
Cisco SSL Encryption utility
-
Network Access Protection
-
Microsoft Baseline Security Analyzer
-
Auditing
-
General antivirus guidelines and recommendations
-
Remote administration
-
Additional security best practices
-
Index
-
Feedback
Contents
Auditing
You can set auditing policies to track significant events, such as account logon attempts. Always set Local policies.
Note
Domain auditing policies always overwrite local auditing policies. Make the two sets of policies identical where possible.To set local auditing policies, select .
- View auditing policies
- View security log
- Real-Time alerts
- SQL Server auditing policies
- Active Directory auditing policies
View auditing policies
Procedure
Real-Time alerts
MSFT Windows provides the SNMP Event Translator facility, which lets you translate events in the Windows eventlog into real-time alerts by converting the event into an SNMP trap. Use evntwin.exe or evntcmd.exe to configure SNMP traps.
For additional information about configuring the translation of events to traps, see Microsoft TechNet: http://technet.microsoft.com/en-us/library/cc759390(WS.10).aspx.
Refer to the Cisco SNMP Installation and Basic Configuration guide for information about configuring SNMP trap destinations.
SQL Server auditing policies
For general SQL Server auditing policies, see SQL server Auditing at Microsoft.
SQL Server C2 Security auditing
C2 security is a government rating for security in which the system has been certified for discretionary resource protection and auditing capability.
Cisco does not support C2 auditing for SQL Server in the Unified ICM/Unified CCE environment. Cisco cannot guarantee that enabling C2 auditing on SQL Server will not have significant negative impact on the system. For more information on C2 Auditing, see C2 Audit Mode Option.
Active Directory auditing policies
It is recommended that you audit Active Directory account management and logins, and monitor audit logs for unusual activity.
The following table contains the recommended and default DC Audit policies.
Table 1 Active Directory Audit Policy Recommendations Policy
Default Setting
Recommended Setting
Comments
Audit account logon events
No auditing
Success and Failure
Account logon events are generated when a domain user account is authenticated on a Domain Controller.
Audit account management
Not defined
Success
Account management events are generated when security principal accounts are created, modified, or deleted.
Audit directory service access
No auditing
Success
Directory services access events are generated when an Active Directory object with a System Access Control List (SACL) is accessed.
Audit logon events
No auditing
Success and Failure
Logon events are generated when a domain user interactively logs onto a Domain Controller or when a network logon to a Domain Controller is performed to retrieve logon scripts and policies.
Audit object access
No auditing
(No change)
Audit policy change
No auditing
Success
Policy change events are generated for changes to user rights assignment policies, audit policies, or trust policies.
Audit privilege use
No auditing
(No change)
Audit process tracking
No auditing
(No change)
Audit system events
No auditing
Success
System events are generated when a user restarts or shuts down the Domain Controller or when an event occurs that affects either the system security or the security log.
