McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 44

↗ View in doc context
page
44
source
cucm/v15/preferred-architecture/preferred-architecture.md
chunk_id
cucm::v15::preferred-architecture::preferred-architecture::50

Preferred Architecture for Cisco Collaboration Release 15 On-Premises Deployments PAGE 44
Security

• LDAP connections Configure your LDAP connection(s) to utilize either ports 636 or 3269 (global catalog) instead of non-secure connections on 389 or 3268. With a Cisco Unified CM multi-cluster deployment, also enable encryption for: • Intercluster Lookup Service (ILS) • Location Bandwidth Manager (LBM)-to-LBM communication between clusters To protect sensitive voice and video communications, enable endpoint encryption for signaling and media. This is especially important if your network is not entirely trusted and secure. This requires SIP OAuth and/or enabling mixed mode in Cisco Unified CM. You can select which endpoints are configured to use signaling and media encryption and which are not via the phone security profiles. Benefits These security recommendations provide the following benefits: • Your collaboration deployment is more secure if the physical access is protected, and the IP network is secured. • By protecting network access to servers and phones, you make it more difficult to compromise them and get access to other devices in the deployment. • By implementing toll fraud protection mechanisms, you can prevent unauthorized access to your telephony system, data network, and PSTN lines. • By signing certificates with a CA, certificate management becomes easier. Furthermore, overall security is improved because users will not receive certificate prompts as often. This reduces the likelihood that users become accustomed to bypassing certificate warnings to access a resource and, ideally, they will scrutinize any prompts they receive more thoroughly. • Several secure features are implemented by default. For example, with Cisco Unified CM, phone configurations and firmware loads are signed so that it becomes more difficult to compromise the phones by loading malicious configurations or firmware. • Encryption protects against eavesdropping, tampering, and protects the privacy of voice and video calls. By encrypting communications between all devices, including the endpoints, you can achieve end-to-end encryption. With the latest ciphers and encryption protocols including TLS 1.3, rest assured that your encrypted connections are highly secured providing the highest level of privacy.