Security can be implemented on many levels. Applications security is dependent upon security implemented at the infrastructure level. For more details on security at the network infrastructure level, refer to the security design considerations in the Cisco IP Telephony Solution Reference Network Design documentation, available here:
Corporate Data Access
In addition to call routing, Unified CCX or Cisco Unified IP IVR scripts often process enterprise data from existing corporate data stores such as a database or a corporate directory server for functions such as account authentication and order status. These data stores often already exist and share data with other enterprise applications. This figure shows an example of a network where voice and data components reside in separate VLANs and are separated by a firewall.
Unified CCX can communicate with these external sources through its subsystems, provided that Network Address Translation (NAT) is not used.
SSL HTTPS ConnectionThe certificates uploaded using the Cisco Unified OS Administration interface to the Tomcat trust store is available to secure all HTTP connections made during script execution. The following can be secured:
Custom java code that provides web services
Enhanced Security API (ESAPI)
A new security filter is added to the Application Administration component. This filter identifies malicious user input and protects the application against XSS attacks.
If the Application Administration users find any user activity that was allowed earlier is now blocked by the security filter, then disable the security filter using a CLI command.