ebook img

The Essentials of Endpoint Security Compliance Presentation PDF

43 Pages·2013·1.09 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Essentials of Endpoint Security Compliance Presentation

The Essentials of Endpoint Security & Compliance • Session 1: The Impact of Security by Default • Session 2: Understanding and Managing ITL & CTL Files • Session 3: Leading Practices for Endpoint Security & Compliance Copyright UnifiedFX Limited 2013 The Essentials of Endpoint Security & Compliance The Impact of Security by Default http://www.unifiedfx.com House Rules • This session IS being recorded • email [email protected] for details • Submit questions to “All Panellists” during the session using the WebEx interface. • Review of Questions and Answers will be covered at the end of the session Copyright UnifiedFX Limited 2013 Speakers • Akhil Behl • Solutions Architect with Cisco Advanced Services • Leading Cisco Unified Communications Security Expert • Author of “Securing Cisco IP Telephony Networks” • Stephen Welsh • Unified FX CTO • Original author of PhoneView Copyright UnifiedFX Limited 2013 Agenda • Security by Default • Overview • Signed Configuration Files • Secure Phone URL’s • Secure Phone Web Server • Common Issues • Recommendations • Useful Resources • Endpoint Security & Health Check Report • Demo • Questions & Answer Session Copyright UnifiedFX Limited 2013 Overview of Security by Default • Introduced with UCM 8 • Increase the security level of UCM clusters • Cannot be disabled/removed • Revert/downgrade: • Prepare Cluster for Rollback to pre 8.0 • What it doesn’t include: • Media and signalling security is only by virtue of CTL • Only applicable to Cisco Unified IP Phones Copyright UnifiedFX Limited 2013 Signed Configuration Files • Signed Configuration was optional, now mandatory with ITL • Prevents unauthorised software to be loaded onto Phone (i.e. recent Hack demo by Ang Cui) • TFTP Server’s certificate (callmanager.pem) is used to sign configurations • Phone ITL File is used to verify configuration file Note: If ITL file does not match TFTP cert then changing the phone configuration is not possible Copyright UnifiedFX Limited 2013 Phone URL’s • Introduction of HTTPS version of Phone URLs: • Used by default for secure phone models • Authentication, Directories, Idle, Information, Messages, Services • Trust Verification Service (TVS) • Verifies HTTPS certificates on behalf of phone (Cert Proxy) • Initial Trust List (ITL) is used to trust TVS service (TVS.pem) • Considerations: • Make sure the hostname in the URL matches the certificate used in the target • Temporary work around, replace HTTPS URL’s with HTTP versions in Enterprise Parameters (Port 8443 => 8080) Copyright UnifiedFX Limited 2013 Phone URL’s Trust Verification Service Operation Copyright UnifiedFX Limited 2013 Phone Web Server • Disabled by Default • Typically used for gathering phone local information: • Serial, Switch Port, QoS stats • May affect some applications: • Remote control, paging & inventory applications • Can it be re-enabled easily? • Enterprise Phone Configuration Copyright UnifiedFX Limited 2013

Description:
Akhil Behl. • Solutions Architect with Cisco Advanced Services. • Leading Cisco Unified Communications Security Expert. • Author of “Securing Cisco
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.