Contents

• Preface
• Purpose
• Audience
• Organization
• Related documentation
• Product naming conventions
• Conventions
• Documentation and service requests
• Documentation feedback

Preface

---

Purpose

This document describes security hardening configuration guidelines for Cisco Unified Intelligent Contact Management (Unified ICM) Release 9.0(1) on Windows Server 2008 R2 and Windows Server 2008 R2. The term "Unified ICM" includes: Unified Contact Center Enterprise/Hosted (Unified CCE/CCH), and Cisco Unified Intelligent Contact Management Enterprise/Hosted. Optional Unified ICM applications that apply to these server configurations are also addressed here, with the exception of the following: Cisco Unified Web Interaction Manager (Unified WIM), Media Blender (when not co-resident with a Peripheral Gateway [PG]; if co-resident with a PG then these best practices are applicable), Dynamic Content Adapter and Cisco Unified E-Mail Interaction Manager (Unified EIM). References throughout this document to "Unified ICM/Cisco Unified Contact Center Enterprise (Unified CCE)" will assume the aforementioned configurations. Any accompanying applications that make up the customer's particular solution, whether Cisco provided—such as PSO applications—or provided by a Cisco partner, have not been approved for use with these security hardening recommendations. Special testing and qualification must be considered to ensure that recommended security configurations do not hinder the operation of those applications.

The configurations presented in this document represent parameters used internally within Cisco to develop and test the applications. Other than the base Operating System and application installations, any deviation from this set cannot be guaranteed to provide a compatible operating environment. It is important to note recommendations contained in this document will not always be uniformly implemented; some implementations—as based on corporate policy, specific IT utilities (for example, backup accounts) or other external guidelines—may modify or limit the application of these guidelines.

Note	Operating System Security Hardening is not supported for Release 9.0(1).

Audience

This document is primarily intended for server administrators and OS and application installers.

It is assumed that the target reader of this document is an experienced administrator familiar with Windows Server 2008 R2 and Windows Server 2008 R2 installations. It is further assumed that the reader is fully familiar with the applications that make up the Unified ICM/Unified CCE solution, as well as with the installation and administration of these systems. It is the intent of these best practices to additionally provide a consolidated view of securing the various third-party applications on which the Cisco contact center applications depend. If vendor recommendations differ from these guidelines, following such recommendations may result in systems that are not protected from malicious attacks.

Organization

This document is organized into the following chapters:

Chapter	Description
Encryption support	A brief overview of the encryption methods used in Unified ICM/Unified CCE.
IPsec and NAT support	Security best practices for deploying IPsec and Network Address Translation (NAT) in an Unified ICM/Unified CCE environment.
IPsec with Network Isolation Utility	Details on how to deploy a preconfigured IPsec policy for Unified ICM/CCE environment.
Windows Server 2008 R2 firewall configuration	The use of Windows Firewall and details about the Cisco Windows Firewall configuration script.
Cisco Unified Contact Center Security Wizard	Details on how to use the Security Wizard to configure various security features.
Microsoft Windows	Security Best Practices to use when updating Windows Server 2008 R2.
SQL Server Hardening	Security Best Practices for SQL Server.
Cisco SSL Encryption utility	Details on using the SSL Encryption Utility.
Microsoft Baseline Security Analyzer	Example of what to expect when running MBSA on a typical Unified ICM Server.
Auditing	Security Best Practices for setting Auditing Policies on Unified ICM/CCE Servers.
General antivirus guidelines and recommendations	General Antivirus guidelines and recommendations.
Remote administration	Security Best Practices to consider when using various remote administration applications.
Additional security best practices	Additional Security Best Practices for: Additional Cisco Call Center Applications Microsoft Internet Information Server Sybase EAServer (Jaguar) RMS Listener Hardening WMI Service Hardening SNMP Service Hardening Toll Fraud Prevention Syskey Third-Party Security Providers Third-Party Management Agents

Related documentation

Documentation for Cisco Unified ICM/Contact Center Enterprise & Hosted, as well as related documentation, is accessible from Cisco.com at: http://www.cisco.com/cisco/web/psa/default.html.

• Related documentation includes the documentation sets for Cisco CTI Object Server (CTI OS), Cisco Agent Desktop (CAD), Cisco Agent Desktop - Browser Edition (CAD-BE), Cisco Unified Contact Center Management Portal, Cisco Unified Customer Voice Portal (CVP), Cisco Unified IP IVR, Cisco Unified Intelligence Center, and Cisco Support Tools. The following list provides more information.
• For documentation for these Cisco Unified Contact Center products mentioned above, go to http://www.cisco.com/cisco/web/psa/default.html, click Voice and Unified Communications, then click Customer Collaboration, then click Cisco Unified Contact Center Products or Cisco Unified Voice Self-Service Products, then click the product or option you are interested in.
• For troubleshooting tips for these Cisco Unified Contact Center products mentioned above, go to http://docwiki.cisco.com/wiki/Category:Troubleshooting, then click the product or option you are interested in.
• Documentation for Cisco Unified Communications Manager is accessible from: http://www.cisco.com/cisco/web/psa/default.html.
• Technical Support documentation and tools are accessible from: http://www.cisco.com/en/US/support/index.html.
• The Product Alert tool is accessible from (login required): http://www.cisco.com/pcgi-bin/Support/FieldNoticeTool/field-notice.
• For information on the Cisco software support methodology, see Software Release and Support Methodology: ICM/IPCC available at (login required): http://www.cisco.com/en/US/partner/products/sw/custcosw/ps1844/prod_bulletins_list.html.
• For a detailed list of language localizations, see Cisco Unified ICM/Contact Center Product and System Localization Matrix available at the bottom of the following page: http://www.cisco.com/en/US/products/sw/custcosw/ps1001/prod_technical_reference_list.html.

Product naming conventions

In this release, the product names listed in the table below have changed. The New Name (long version) is reserved for the first instance of that product name and in all headings. The New Name (short version) is used for subsequent instances of the product name.

Note	This document uses the naming conventions provided in each GUI, which means that in some cases the old product name is in use.

Old Product Name	New Name (long version)	New Name (short version)
Cisco IPCC Enterprise Edition	Cisco Unified Contact Center Enterprise	Unified CCE
Cisco IPCC Hosted Edition	Cisco Unified Contact Center Hosted	Unified CCH
Cisco Intelligent Contact Management (ICM) Enterprise Edition	Cisco Unified Intelligent Contact Management Enterprise	Unified ICME
Cisco Intelligent Contact Management (ICM) Hosted Edition	Cisco Unified Intelligent Contact Management Hosted	Unified ICMH
Cisco Call Manager/Cisco Unified Call Manager	Cisco Unified Communications Manager	Unified CM

Conventions

This manual uses the following conventions:

Convention	Description
boldface font	Boldface font is used to indicate commands, such as user entries, keys, buttons, and folder and submenu names. For example: Choose Edit > Find. Click Finish.
italic font	Italic font is used to indicate the following: To introduce a new term; for example: A skill group is a collection of agents who share similar skills. For emphasis; for example: Do not use the numerical naming convention. A syntax value that the user must replace; for example: IF(condition, true-value, false-value) A book title; for example: Refer to the Cisco CRS Installation Guide.
window font	Window font, such as Courier, is used for the following: Text as it appears in code or that the window displays; for example: <html><title>Cisco Systems,Inc. </title></html> Navigational text when selecting menu options; for example: ICM Configuration Manager > Tools > Explorer Tools > Agent Explorer
< >	Angle brackets are used to indicate the following: For arguments where the context does not allow italic, such as ASCII output. A character string that the user enters but that does not appear on the window such as a password.

Documentation and service requests

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Documentation feedback

You can provide comments about this document by sending email to the following address:

mailto:ccbu_docfeedback@cisco.com

We appreciate your comments.