Table Of Contents
Configuring Security Features for Cisco Unified MeetingPlace Express
Security Recommendations For Your System
About Toll Fraud Prevention Options
How to Secure Your System
Configuring User Password Requirements
Limiting the Number of Failed User Login Attempts
Configuring Requirements for Meeting Passwords
Restricting Access to Scheduled Meetings and Recordings
Restricting the Use of Vanity Meeting IDs
Restricting Third Parties from Starting Reservationless Meetings
Restricting Dial-Out Privileges for Guest Users
Restricting Dial-Out Privileges for Profiled Users
Configuring Security Features for Cisco Unified MeetingPlace Express
Revised: October 18, 2006, OL-11374-01
This chapter describes how to improve the security of your system.
Topics in this section include:
•
Security Recommendations For Your System
•About Toll Fraud Prevention Options
•How to Secure Your System
The content in this chapter applies in the following cases:
•You have a Cisco Unified MeetingPlace Express system.
•You have a Cisco Unified MeetingPlace Express VT system.
Security Recommendations For Your System
While your company may already have guidelines for restricting access to its computer systems, we also recommend that you perform the tasks listed in Table 11-1.
Related Topics
•About Toll Fraud Prevention Options
About Toll Fraud Prevention Options
Cisco Unified MeetingPlace Express enables you to monitor and prevent toll fraud occurrences by doing the following:
•Restrict dial-out privileges to specific users by completing these tasks:
–Restricting Dial-Out Privileges for Guest Users
–Restricting Dial-Out Privileges for Profiled Users.
•Monitor dial-out usage by completing these tasks:
–Running a Report about Port Utilization
–Exporting Information about Outgoing Calls
–Exporting Information about Meetings
Related Topics
•Security Recommendations For Your System
How to Secure Your System
This section provides tasks that help improve the security of your system. Topics in this section include:
•Configuring User Password Requirements
•Limiting the Number of Failed User Login Attempts
•Configuring Requirements for Meeting Passwords
•Restricting Access to Scheduled Meetings and Recordings
•Restricting the Use of Vanity Meeting IDs
•Restricting Third Parties from Starting Reservationless Meetings
•Restricting Dial-Out Privileges for Guest Users
•Restricting Dial-Out Privileges for Profiled Users
Configuring User Password Requirements
You can increase the security of your Cisco Unified MeetingPlace Express system by doing the following:
•Requiring longer user passwords
•Requiring users to change their passwords more frequently
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page:
a. Click System Configuration.
b. Click Usage Configuration.
Step 4 In the Usage Configuration page, configure the following fields:
•Minimum profile password length, page C-145—A higher value is more secure than a lower value.
•Change profile password (days), page C-145—A lower value is more secure than a higher value.
•Minimum user password length, page C-145—A higher value is more secure than a lower value.
•Change user password (days), page C-145—A lower value is more secure than a higher value.
Step 5 Click Save.
Tip
Remember that long passwords and frequent password changes may frustrate your users. Align your password requirements with those already in use at your company.
Related Topics
•Security Recommendations For Your System
•About This Page: Usage Configuration, page C-144
Limiting the Number of Failed User Login Attempts
This topic describes how to configure the number of times in a session that a user can fail to log in to Cisco Unified MeetingPlace Express before the user profile becomes "locked." Users with locked user profiles cannot log in.
Before You Begin
•The preconfigured Admin profile cannot be locked.
•Before reaching the maximum number of login attempts, the user may restart the counter for failed login attempts by taking one of the following actions:
–Close the browser and open a new one to continue the login attempts.
–End the call to Cisco Unified MeetingPlace Express and begin a new call to continue the login attempts.
•Calls to the attendant are not supported if you use a SIP trunk to integrate Cisco Unified MeetingPlace Express with Cisco Unified CallManager Release 4.x.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page:
a. Click System Configuration.
b. Click Usage Configuration.
Step 4 In the Usage Configuration page, configure the following field:
•Maximum profile login attempts, page C-146—A lower value is more secure than a higher value.
Step 5 Click Save.
Related Topics
•Cisco Unified CallManager Restrictions for Integration in a SIP Environment
•Security Recommendations For Your System
•Information About the Active, Inactive, and Locked States of User Profiles, page 8-23
•About This Page: Usage Configuration, page C-144
•About the Admin Profile, page 8-21
Configuring Requirements for Meeting Passwords
You can increase the security of your Cisco Unified MeetingPlace Express system by doing the following:
•Requiring passwords for meetings scheduled by some or all users
•Requiring longer meeting passwords
Meeting passwords prevent uninvited people from attending meetings.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page, click Meeting Configuration.
Step 4 In the Meeting Configuration page, configure the following field:
•Minimum meeting password length, page C-101—A higher value is more secure than a lower value.
Step 5 Click Save.
Step 6 On the left side of the page, click User Configuration.
Step 7 Take one of the following actions:
•To configure a user group, click User Group Management.
•To configure an individual user profile, click User Profile Management.
Step 8 Take one of the following actions:
•To configure an existing user group or user profile, click Edit.
•To configure a new user group or user profile, click Add New. Configure the required fields, which are marked with an asterisk.
Step 9 Configure one of the following fields:
•Password required, page C-12 (user group)—Select Yes.
•Password required, page C-23 (user profile)—Select Yes.
Step 10 Click Save.
Step 11 Repeat Step 6 through Step 10 for all user groups and user profiles for which you want to require meeting passwords.
Tips
Remember that the password must be communicated to the meeting invitees in order for them to join the meeting:
•Configure user groups and user profiles to include passwords in e-mail notifications. See the "Configuring E-Mail Notification Settings for a User Group" section.
•If not all meeting invitees will receive e-mail notifications, then the meeting scheduler or another organizer must manually communicate the meeting password.
Related Topics
•Security Recommendations For Your System
•About This Page: Meeting Configuration, page C-97
•About This Page: Add User Group, page C-9
•About This Page: Add User Profile, page C-16
Restricting Access to Scheduled Meetings and Recordings
This topic describes how to restrict unprofiled users from taking the following actions:
•Attend meetings that are scheduled by some or all users.
•Listen to meetings recorded by some or all users.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page, click User Configuration.
Step 4 Take one of the following actions:
•To configure a user group, click User Group Management.
•To configure an individual user profile, click User Profile Management.
Step 5 Take one of the following actions:
•To configure an existing user group or user profile, click Edit.
•To configure a new user group or user profile, click Add New. Configure the required fields, which are marked with an asterisk.
Step 6 To restrict meeting attendance and access to meeting recordings to profiled users, configure one of the following fields to "Users with Cisco Unified MeetingPlace Express profiles only":
•Who can attend, page C-12 (user group)
•Who can attend, page C-23 (user profile)
Step 7 Click Save.
Step 8 Repeat Step 3 through Step 7 for all user groups and user profiles for which you want to restrict meeting access to profiled users.
Tips
•Remember that if meeting attendance is restricted to profiled users, then unprofiled external users (such as your customers or business partners) and users with locked profiles cannot attend.
•Similarly, if access to meeting recordings is restricted to profiled users, then unprofiled external users (such as your customers or business partners) and users with locked profiles cannot access these meeting recordings.
Related Topics
•Security Recommendations For Your System
•About This Page: Add User Group, page C-9
•About This Page: Add User Profile, page C-16
Restricting the Use of Vanity Meeting IDs
By default, Cisco Unified MeetingPlace Express allows the meeting scheduler to request a specific meeting ID, such as one that is easy to remember (12345) or one that spells a word (24726 or CISCO). If, however, an uninvited person knows the phone number of your Cisco Unified MeetingPlace Express server, then that person can easily guess a popular meeting ID and join a meeting that he is not authorized to attend.
This topic describes how to prevent unauthorized meeting attendance by disabling the ability to request a vanity meeting ID when scheduling a meeting. Instead, a unique, randomly generated ID is assigned to every scheduled meeting. Users cannot change the assigned meeting IDs.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page, click Meeting Configuration.
Step 4 In the Meeting Configuration page, configure the following field:
•Allow vanity meeting IDs, page C-101—Select No.
Step 5 Click Save.
Related Topics
•Security Recommendations For Your System
•About This Page: Meeting Configuration, page C-97
What to Do Next
You can also prevent unauthorized meeting attendance in the following ways:
•Requiring meeting passwords—See the "Configuring Requirements for Meeting Passwords" section.
•Restricting scheduled meeting attendance to profiled users—See the "Restricting Access to Scheduled Meetings and Recordings" section.
Restricting Third Parties from Starting Reservationless Meetings
This topic describes how to configure the system so that only the meeting owner may start a reservationless meeting.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page:
a. Click System Configuration.
b. Click Meeting Configuration.
Step 4 In the Meeting Configuration page, configure the following field:
•Reservationless: Allow 3rd party initiate, page C-101—Select No.
Step 5 Click Save.
Related Topics
•Information About Reservationless Meetings
•Security Recommendations For Your System
•Information About the Active, Inactive, and Locked States of User Profiles, page 8-23
•About This Page: Usage Configuration, page C-144
Restricting Dial-Out Privileges for Guest Users
This topic describes how to restrict guests from dialing out. By completing this task, only profiled users who successfully log in to Cisco Unified MeetingPlace Express can dial out. This restriction can reduce the potential for toll fraud.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 On the left side of the page:
a. Click System Configuration.
b. Click Usage Configuration.
Step 4 In the Usage Configuration page, set the Allow guest outdials field to No.
Step 5 Click Save.
Related Topics
•Security Recommendations For Your System
•About Dial-Out Features and Voice Prompt Languages, page 8-11
•About Toll Fraud Prevention Options
•Restricting Dial-Out Privileges for Profiled Users
•Exporting Information about Outgoing Calls
•About This Page: User Group Management, page C-152
•About This Page: User Profile Management, page C-153
What to Do Next
To further restrict dial-out privileges on your system, proceed to the "Restricting Dial-Out Privileges for Profiled Users" section.
Restricting Dial-Out Privileges for Profiled Users
This topic describes how to restrict dial-out privileges to specific user groups and user profiles. Restricting dial-out privileges reduces the potential for toll fraud.
Procedure
Step 1 Log in to Cisco Unified MeetingPlace Express.
Step 2 Click Administration at the top of the page.
Step 3 Click User Configuration on the left side of the page.
Step 4 To restrict dial-out privileges for specific user groups, complete these steps:
a. Click User Group Management.
b. In the User Group Management page, select a user group and click Edit in the same row. The Edit User Groups Details page appears.
c. To restrict dial-out privileges, configure the following fields:
–Can call out of meetings—Set to No.
–Ask for profile password—Set to Yes.
d. Click Save.
e. Repeat Step 4 for all user groups whose dial-out privileges you want to restrict.
Step 5 To restrict dial-out privileges for specific user profiles, complete these steps:
a. Click User Profile Management.
b. In the User Profile Management page, select a user profile and click Edit in the same row. The Edit user profiles details page appears.
c. To restrict dial-out privileges, configure the following fields:
–Can call out of meetings—Set to No.
–Ask for profile password—Set to Yes.
d. Click Save.
e. Repeat Step 5 for all user profiles whose dial-out privileges you want to restrict.
Related Topics
•Security Recommendations For Your System
•About Dial-Out Features and Voice Prompt Languages, page 8-11
•About Toll Fraud Prevention Options
•Restricting Dial-Out Privileges for Guest Users
•Exporting Information about Outgoing Calls
•About This Page: User Group Management, page C-152
•About This Page: User Profile Management, page C-153
Feedback