-
Cisco Unity Security Guide (With IBM Lotus Domino), Release 4.x
-
Index
-
Preface
-
Securing the Cisco Unity Server(s) and the Operating System
-
Securing Microsoft Software on the Cisco Unity Server(s)
-
Using Security Software
-
Preventing Toll Fraud
-
Securing the Connection Between Cisco Unity, Cisco CallManager, and IP Phones
-
Securing Accounts
-
Authentication for Cisco Unity Applications
-
Password and Account Policy Management
-
Using SSL to Secure Client/Server Connections
-
Securing Subscriber Messages
-
Feedback
Table Of Contents
Best Practices for Accounts That Are Used to Access the Cisco Unity Administrator
Best Practices for Accounts That Are Used to Access the Cisco Unity Server
Best Practices When Deleting Cisco Unity Subscriber Accounts
Best Practices for Securing Default Accounts
Securing Accounts
Introduction
In this chapter, you will find descriptions of potential security issues related to securing accounts; information on any actions you need to take; recommendations that will help you make decisions; ramifications of the decisions you make; and in many cases, best practices.
See the following sections:
•
Best Practices for Accounts That Are Used to Access the Cisco Unity Administrator
•
•
•
For the latest requirements for Cisco Unity service accounts and permissions, refer to the applicable Cisco Unity installation guide, available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.
Understanding Accounts
Each regular Cisco Unity subscriber account is associated with a Domino Person document. When you use either the Cisco Unity Bulk Import wizard or the Cisco Unity Administrator to create a subscriber account, note that Cisco Unity does not:
•
•
•
To access the Cisco Unity Administrator and the Status Monitor, administrators may or may not require an enabled Active Directory account or Windows NT account, as follows:
•
•
•
If an Active Directory or Windows NT account is required, after you create a subscriber account that will be used to administer Cisco Unity, you must then use the GrantUnityAccess utility to associate the subscriber account with an Active Directory or Windows NT account that will allow the subscriber to access the Cisco Unity Administrator. For details, see the "Best Practices for Accounts That Are Used to Access the Cisco Unity Administrator" section.
Best Practices for Accounts That Are Used to Access the Cisco Unity Administrator
The Cisco Unity Administrator is a website that you use to do most administrative tasks. Depending on the associated class of service rights, accounts that can be used to access the Cisco Unity Administrator can offer access to settings used to define how Cisco Unity works for individual subscribers (or for a group of subscribers), system schedules, call management options, and other important data. If your site is comprised of multiple Cisco Unity servers, an account used to access one Cisco Unity Administrator may be able to gain access to the other Cisco Unity Administrators as well. To secure access to the Cisco Unity Administrator, consider the following best practices.
Best Practice: Limit the Use of the Administration Account
Until you create a Cisco Unity subscriber account specifically for the purpose of administering Cisco Unity, you log on to the Cisco Unity Administrator by using the Active Directory or Windows NT credentials that are associated with the administration account that was selected when Cisco Unity was installed. The administration account is automatically associated with a class of service that offers full system access rights to the Cisco Unity Administrator. This means that not only can the administration account access all pages in the Cisco Unity Administrator, but it also has read, edit, add, and delete privileges for all Cisco Unity Administrator pages. For this reason, you should limit the use of this highly privileged account to only one or to very few individuals.
As an alternative to the administration account, you can create additional accounts that have class of service rights to access the Cisco Unity Administrator, but offer fewer privileges. If your organization depends on more than person to administer Cisco Unity, you can modify the class of service rights for each account so that access to the Cisco Unity Administrator is appropriate to the administrative tasks that each person performs. By creating additional accounts, you also ensure that additional accounts are available to access the Cisco Unity Administrator in the event that the administration account is deleted or corrupted.
To learn about the ways in which you create additional accounts or grant administrative rights to existing accounts so that they can be used to access the Cisco Unity Administrator, refer to the "Cisco Unity Administrator Accounts" section in the "Accessing the Cisco Unity Administrator" chapter of the Cisco Unity System Administration Guide. The guide is available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.
Best Practices: Use Class of Service to Restrict Access to the Cisco Unity Administrator
When modifying class of service settings and assignments to secure access to the Cisco Unity Administrator, consider the following best practices:
•
•
•
To learn how to create and modify classes of service, refer to the "Class of Service Settings" chapter of the Cisco Unity System Administration Guide. The guide is available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.
Best Practice: Do Not Use Other Accounts to Access the Cisco Unity Administrator
Cisco Unity administrators should not use the same account to access the Cisco Unity Administrator that they use to log on to the Cisco Personal Communications Assistant (PCA). In addition, administrators should not use Cisco Unity service accounts to access the Cisco Unity Administrator.
Best Practices for Accounts That Are Used to Access the Cisco Unity Server
When you install Cisco Unity, you can choose the drive and directory where it is installed. By default, it is installed in the CommServer directory.
By default, the Active Directory accounts that Cisco Unity services log on as have Full Control access to the CommServer directory because they belong either to the local Administrators group (when the Cisco Unity server is a member server) or the Domain Admins group (when the Cisco Unity server is a domain controller). However, we recommend that you not use these accounts as administration accounts. Instead, we recommend that you designate a highly privileged account for use by a system administrator, and grant Full Control permissions to the Cisco Unity directories and files so that the account can be used for administration and troubleshooting.
Best Practice
Verify that other domain accounts used by Cisco Unity system administrators are restricted to read-only access, and verify that all Cisco Unity subscribers and any other domain accounts and groups have no access rights to the directories or files on the Cisco Unity server. To restrict access, exclude the System Group Everyone from the default user permissions for C:\ or the root of any other drive on the Cisco Unity server. Instead, as applicable, assign authenticated users. Finally, verify that no explicitly privileged assignments have been made to individual groups or accounts.
Best Practices When Deleting Cisco Unity Subscriber Accounts
Deleting a Cisco Unity subscriber account does not delete the Active Directory or Windows NT account (if there is one) or the Domino Person document for that subscriber. You can delete the Active Directory or Windows NT account and Domino Person document separately after you delete the subscriber account in the Cisco Unity Administrator.
Best Practices for Securing Default Accounts
Table 6-1 lists the Cisco Unity subscriber accounts and the Domino Person documents and mail files that are created by Cisco Unity, when they are created, and best practices for securing them.