Cisco Unity Security Guide (With Microsoft Exchange), Release 4.x
Using Security Software

Table Of Contents

Using Security Software

Using Cisco Security Agent

Using Antivirus Software


Using Security Software


In this chapter, you will find descriptions of potential security issues related to Cisco Security Agent for Cisco Unity and to antivirus software; information on any actions you need to take; recommendations that will help you make decisions; discussion of the ramifications of the decisions you make; and in many cases, best practices.

Administrators who are responsible for system security should consider using the following to protect their Cisco Unity systems from external threats:

Cisco Security Agents for Cisco Unity, the Cisco Unity Bridge, and Cisco Personal Assistant. These security agents protect the application and the operating system by blocking malicious attacks, such as buffer overflows, Trojan horses, malformed packets, and malicious HTML requests.

Antivirus software. When updated regularly, antivirus software protects against internet worm attacks, removes viruses, and detects spyware.

We recommend that you install Cisco Security Agent for Cisco Unity and antivirus software as a part of your initial system installation. In addition, your system maintenance plan should include periodic reviews of system security measures.

See the following sections in this chapter for more information:

Using Cisco Security Agent

Using Antivirus Software

Using Cisco Security Agent

Cisco Security Agents for Cisco Unity, the Cisco Unity Bridge, and Cisco Personal Assistant provide:

Intrusion detection and prevention.

Defense against previously unknown attacks because Cisco Security Agents do not require signatures, as antivirus software does.

Reduced downtime, propagation of attacks, and clean-up costs.

The agent is provided free of charge by Cisco Systems for use with Cisco Unity, the Cisco Unity Bridge, and Cisco Personal Assistant software. The agent provides Windows platform security (host intrusion detection and prevention) that is based on a tested set of security rules, known as a policy. The agent controls system operations by using a policy that allows or denies specific system actions before system resources are accessed. A policy controls access to system resources based on:

The resources being accessed

The operation being invoked

The process invoking the action

This occurs transparently and does not hinder overall system performance.


Caution You should not view Cisco Security Agent software as providing complete security. Rather, view it as an additional line of defense that, when used correctly with other standard defenses such as antivirus software and firewalls, provides enhanced security. Each Cisco Security Agent provides enhanced defense for many different installations and configurations, and thus cannot enforce network access control rules, which block outbound or inbound network traffic, or act as a host-based firewall.

For system requirements and installation instructions for the Cisco Security Agents for Cisco Unity, the Cisco Unity Bridge, and Cisco Personal Assistant, refer to the applicable release notes:

The Release Notes for Cisco Security Agent for Cisco Unity and the Release Notes for Cisco Security Agent for Cisco Unity Bridge are available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_release_notes_list.html.

The Release Notes for Cisco Security Agent for Cisco Personal Assistant are available at http://www.cisco.com/en/US/products/sw/voicesw/ps2026/prod_release_notes_list.html.

Using Antivirus Software

To minimize the risk of viruses, install an antivirus software package on the Cisco Unity server.

Best Practices

Selecting antivirus software—A list of supported antivirus software can be found in Cisco Unity System Requirements, and Supported Hardware and Software, available at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html.

Disabling antivirus software during Cisco Unity installation—If antivirus software is installed before you install Cisco Unity, disable it before proceeding. Note that in some cases, you may need to completely remove the antivirus software, and reinstall it after you have completed the Cisco Unity installation.

Excluding from virus scanning the directory in which Cisco Unity is installed—If antivirus software is installed on the Cisco Unity server, exclude from scanning the directory in which Cisco Unity is installed (the default directory is CommServer), as well as all subdirectories, so that the Cisco Unity Administrator and the Cisco Unity Assistant will work properly. Refer to the antivirus software Help for instructions on excluding directories from scanning.

Blocking DCOM communications—Do not block DCOM communications on subscriber workstations, or the Media Master control bar will not function correctly.

Blocking WAV attachments—Do not configure virus-scanning software to block WAV attachments, or recordings will be removed from voice messages.

Updating antivirus definitions—Configure antivirus software to alert you every week or two to check the manufacturer website for new antivirus definitions. If you already have a policy for updating these definitions on the other computers on your network, follow the same policy for the Cisco Unity server. If you do not already have a policy, we recommend that you download and install the new definitions on the Cisco Unity server when the software prompts you to do so.

Scheduling virus scanning—When scheduling virus scanning, select a time when the Cisco Unity server is processing a low volume of calls (for example, after the end of the regular business day), and when there are no other processes running (for example, do not schedule virus scanning concurrently with a backup or while generating reports).

Using Microsoft recommendations to protect Exchange—If Exchange is installed on the Cisco Unity server, refer to the Microsoft website for the latest information on protecting an Exchange server from viruses.

Using Microsoft recommendations to protect SQL Server and MSDE—Refer to the Microsoft website for the latest information on protecting SQL Server and MSDE from viruses.