Submit Search
Upload
Secure collab on prem hikmat
•
1 like
•
998 views
Cisco Canada
Follow
Secure Collaboration for On-premise VoIP Deployments (CUCM and CUBE/ SBC)
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 61
Download now
Download to read offline
Recommended
MPP Phone Roadmap
MPP Phone Roadmap
Cisco Canada
Cisco contact center
Cisco contact center
Cisco Canada
Meraki powered services bell
Meraki powered services bell
Cisco Canada
Simplifying the secure data center
Simplifying the secure data center
Cisco Canada
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Canada
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
Cisco DevNet
F5 Networks: architecture and risk management
F5 Networks: architecture and risk management
AEC Networks
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks
Recommended
MPP Phone Roadmap
MPP Phone Roadmap
Cisco Canada
Cisco contact center
Cisco contact center
Cisco Canada
Meraki powered services bell
Meraki powered services bell
Cisco Canada
Simplifying the secure data center
Simplifying the secure data center
Cisco Canada
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Canada
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
Cisco DevNet
F5 Networks: architecture and risk management
F5 Networks: architecture and risk management
AEC Networks
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks: Introduction to Silverline WAF (web application firewall)
F5 Networks
F5 Cloud Story
F5 Cloud Story
MarketingArrowECS_CZ
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
Cisco Canada
Security and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
Chapter 8 overview
Chapter 8 overview
ali raza
Meraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
Cisco Canada
Cisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIs
Private
Chapter 5 overview
Chapter 5 overview
ali raza
Ottawa e-NFV Session
Ottawa e-NFV Session
Cisco Canada
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada
Ignite your network digitize your business
Ignite your network digitize your business
Cisco Canada
CCNA Security - Chapter 6
CCNA Security - Chapter 6
Irsandi Hasan
TechWiseTV Workshop: Enterprise NFV
TechWiseTV Workshop: Enterprise NFV
Robb Boyd
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Cisco Canada
VIPRION 2400 and vCMP
VIPRION 2400 and vCMP
F5 Networks
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Canada
#CiscoLiveLA 2017 Presentacion de Jerome Henry
#CiscoLiveLA 2017 Presentacion de Jerome Henry
ITSitio.com
SDN in the Enterprise
SDN in the Enterprise
Cisco Canada
Leverage the Network
Leverage the Network
Cisco Canada
Has video really killed the audio star?
Has video really killed the audio star?
Cisco Canada
F5 Solutions for Service Providers
F5 Solutions for Service Providers
BAKOTECH
Enhance your Collaboration Experience by Enabling Pervasive Video on your Cis...
Enhance your Collaboration Experience by Enabling Pervasive Video on your Cis...
Cisco Canada
Расширенные возможности Cisco Unified Border Element. Настройка, поиск и устр...
Расширенные возможности Cisco Unified Border Element. Настройка, поиск и устр...
Cisco Russia
More Related Content
What's hot
F5 Cloud Story
F5 Cloud Story
MarketingArrowECS_CZ
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
Cisco Canada
Security and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
Chapter 8 overview
Chapter 8 overview
ali raza
Meraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
Cisco Canada
Cisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIs
Private
Chapter 5 overview
Chapter 5 overview
ali raza
Ottawa e-NFV Session
Ottawa e-NFV Session
Cisco Canada
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Canada
Ignite your network digitize your business
Ignite your network digitize your business
Cisco Canada
CCNA Security - Chapter 6
CCNA Security - Chapter 6
Irsandi Hasan
TechWiseTV Workshop: Enterprise NFV
TechWiseTV Workshop: Enterprise NFV
Robb Boyd
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Cisco Canada
VIPRION 2400 and vCMP
VIPRION 2400 and vCMP
F5 Networks
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Canada
#CiscoLiveLA 2017 Presentacion de Jerome Henry
#CiscoLiveLA 2017 Presentacion de Jerome Henry
ITSitio.com
SDN in the Enterprise
SDN in the Enterprise
Cisco Canada
Leverage the Network
Leverage the Network
Cisco Canada
Has video really killed the audio star?
Has video really killed the audio star?
Cisco Canada
F5 Solutions for Service Providers
F5 Solutions for Service Providers
BAKOTECH
What's hot
(20)
F5 Cloud Story
F5 Cloud Story
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
Security and Virtualization in the Data Center
Security and Virtualization in the Data Center
Chapter 8 overview
Chapter 8 overview
Meraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
Cisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIs
Chapter 5 overview
Chapter 5 overview
Ottawa e-NFV Session
Ottawa e-NFV Session
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Cisco Connect Toronto 2017 - Cloud and On Premises Collaboration Security Exp...
Ignite your network digitize your business
Ignite your network digitize your business
CCNA Security - Chapter 6
CCNA Security - Chapter 6
TechWiseTV Workshop: Enterprise NFV
TechWiseTV Workshop: Enterprise NFV
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
Collaboration d’équipe de nouvelle génération (Partie 1 de 2)
VIPRION 2400 and vCMP
VIPRION 2400 and vCMP
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
Cisco Connect Toronto 2017 - Optimizing your client's Wi-Fi Experience
#CiscoLiveLA 2017 Presentacion de Jerome Henry
#CiscoLiveLA 2017 Presentacion de Jerome Henry
SDN in the Enterprise
SDN in the Enterprise
Leverage the Network
Leverage the Network
Has video really killed the audio star?
Has video really killed the audio star?
F5 Solutions for Service Providers
F5 Solutions for Service Providers
Viewers also liked
Enhance your Collaboration Experience by Enabling Pervasive Video on your Cis...
Enhance your Collaboration Experience by Enabling Pervasive Video on your Cis...
Cisco Canada
Расширенные возможности Cisco Unified Border Element. Настройка, поиск и устр...
Расширенные возможности Cisco Unified Border Element. Настройка, поиск и устр...
Cisco Russia
Outsourcing your TDM Gateways: SIP Trunking as a Service Provider Cloud Service
Outsourcing your TDM Gateways: SIP Trunking as a Service Provider Cloud Service
Cisco Canada
CUBE(SP) - функциональность пограничного контроллера сеансов связи на ASR 1000.
CUBE(SP) - функциональность пограничного контроллера сеансов связи на ASR 1000.
Cisco Russia
Семейство мультисервисных маршрутизаторов Cisco ISR G2. Обзор технических ха...
Семейство мультисервисных маршрутизаторов Cisco ISR G2. Обзор технических ха...
Cisco Russia
Сводный отчет лаборатории тестирования Miercom: Cisco ASA 5515-X, ASA 5525-X,...
Сводный отчет лаборатории тестирования Miercom: Cisco ASA 5515-X, ASA 5525-X,...
Cisco Russia
VoiceCon Orlando: UC Architectures
VoiceCon Orlando: UC Architectures
ekrapf
Successfully Migrate Cisco Call Manager 4x To 7x With a Proven Framework
Successfully Migrate Cisco Call Manager 4x To 7x With a Proven Framework
glamba
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
Hope, fear, and the data center time machine
Hope, fear, and the data center time machine
Cisco Canada
Jabber making the most of
Jabber making the most of
Cisco Canada
Simplifier le deploiement d'applications dans le nuage hybride
Simplifier le deploiement d'applications dans le nuage hybride
Cisco Canada
Cucm 9.x licensing
Cucm 9.x licensing
Michael Ganschuk
Call Control Guided Tour
Call Control Guided Tour
Stefan Lilov
Deploying WebEx Between Cloud and On-Prem for Canadian Customers
Deploying WebEx Between Cloud and On-Prem for Canadian Customers
Cisco Canada
Cisco Sales Associates Program
Cisco Sales Associates Program
Cisco Canada
Converge ou Hyperconverge? Cisco HyperFlex
Converge ou Hyperconverge? Cisco HyperFlex
Cisco Canada
L'automatisation dans les reseaux d'entrerprise
L'automatisation dans les reseaux d'entrerprise
Cisco Canada
vikram cisco voice new resume
vikram cisco voice new resume
vikram s
Cisco systems, inc. interview questions and answers
Cisco systems, inc. interview questions and answers
PremierLeague
Viewers also liked
(20)
Enhance your Collaboration Experience by Enabling Pervasive Video on your Cis...
Enhance your Collaboration Experience by Enabling Pervasive Video on your Cis...
Расширенные возможности Cisco Unified Border Element. Настройка, поиск и устр...
Расширенные возможности Cisco Unified Border Element. Настройка, поиск и устр...
Outsourcing your TDM Gateways: SIP Trunking as a Service Provider Cloud Service
Outsourcing your TDM Gateways: SIP Trunking as a Service Provider Cloud Service
CUBE(SP) - функциональность пограничного контроллера сеансов связи на ASR 1000.
CUBE(SP) - функциональность пограничного контроллера сеансов связи на ASR 1000.
Семейство мультисервисных маршрутизаторов Cisco ISR G2. Обзор технических ха...
Семейство мультисервисных маршрутизаторов Cisco ISR G2. Обзор технических ха...
Сводный отчет лаборатории тестирования Miercom: Cisco ASA 5515-X, ASA 5525-X,...
Сводный отчет лаборатории тестирования Miercom: Cisco ASA 5515-X, ASA 5525-X,...
VoiceCon Orlando: UC Architectures
VoiceCon Orlando: UC Architectures
Successfully Migrate Cisco Call Manager 4x To 7x With a Proven Framework
Successfully Migrate Cisco Call Manager 4x To 7x With a Proven Framework
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Hope, fear, and the data center time machine
Hope, fear, and the data center time machine
Jabber making the most of
Jabber making the most of
Simplifier le deploiement d'applications dans le nuage hybride
Simplifier le deploiement d'applications dans le nuage hybride
Cucm 9.x licensing
Cucm 9.x licensing
Call Control Guided Tour
Call Control Guided Tour
Deploying WebEx Between Cloud and On-Prem for Canadian Customers
Deploying WebEx Between Cloud and On-Prem for Canadian Customers
Cisco Sales Associates Program
Cisco Sales Associates Program
Converge ou Hyperconverge? Cisco HyperFlex
Converge ou Hyperconverge? Cisco HyperFlex
L'automatisation dans les reseaux d'entrerprise
L'automatisation dans les reseaux d'entrerprise
vikram cisco voice new resume
vikram cisco voice new resume
Cisco systems, inc. interview questions and answers
Cisco systems, inc. interview questions and answers
Similar to Secure collab on prem hikmat
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2
Solomon Abavire Kobina,
Protegendo sua cloud
Protegendo sua cloud
Cisco do Brasil
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Canada
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Canada
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
Cisco Russia
BRKSEC-2494.pdf
BRKSEC-2494.pdf
JacksonGonzalez14
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Cisco Russia
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
Fab Fusaro
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PROIDEA
F5 TMOS v13.0
F5 TMOS v13.0
MarketingArrowECS_CZ
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
Cisco Canada
The Data Center Network Evolution
The Data Center Network Evolution
Cisco Canada
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Canada
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
STATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology Guideline
Videoguy
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco Canada
Ccvp plus module 2
Ccvp plus module 2
Le Ngoc Viet
Container security within Cisco Container Platform
Container security within Cisco Container Platform
Sanjeev Rampal
F5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overview
xKinAnx
Similar to Secure collab on prem hikmat
(20)
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2
Protegendo sua cloud
Protegendo sua cloud
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Cisco Connect Toronto 2017 - Putting Firepower into the Next Generation Firewall
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
BRKSEC-2494.pdf
BRKSEC-2494.pdf
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
PLNOG16: Automatyzacja kreaowania usług operatorskich w separacji od rodzaju ...
F5 TMOS v13.0
F5 TMOS v13.0
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
The Data Center Network Evolution
The Data Center Network Evolution
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
STATE OF ALABAMA Information Technology Guideline
STATE OF ALABAMA Information Technology Guideline
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Ccvp plus module 2
Ccvp plus module 2
Container security within Cisco Container Platform
Container security within Cisco Container Platform
F5 TLS & SSL Practices
F5 TLS & SSL Practices
Presentation cloud orchestration solution overview
Presentation cloud orchestration solution overview
More from Cisco Canada
Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
Cisco Canada
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
Cisco Canada
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco Canada
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
Cisco Canada
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco Canada
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco Canada
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Canada
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco Canada
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
Cisco Canada
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
Cisco Canada
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco Canada
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco Canada
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Canada
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Canada
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Canada
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
Cisco Canada
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Canada
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
Cisco Canada
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Canada
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
Cisco Canada
More from Cisco Canada
(20)
Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
Recently uploaded
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
costume and set research powerpoint presentation
costume and set research powerpoint presentation
phoebematthew05
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Recently uploaded
(20)
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
costume and set research powerpoint presentation
costume and set research powerpoint presentation
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Secure collab on prem hikmat
1.
Secure Collaboration for
On- Premise VoIP Deployments (CUCM and CUBE/SBC) Hikmat El Ajaltouni Systems Engineer Jan.26, 2017
2.
• Secure Network,
Secure Endpoints, Secure Call Control • Collaboration System Release 11.5 Security Update • Deploying and Handling Certificates & PKI in CUCM • CUBE/SBC • Cisco Product Security Agenda
3.
Secure Network, Secure
Endpoints, Secure Call Control BRKUCC-2501
4.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Infrastructure Security Measures Segregation • Virtual LANs (VLANs) separate voice and data traffic • VLAN Access Control Lists (VACLs) limit traffic between devices on the voice VLAN • QoS Packet Marking ensures UC traffic receives appropriate priority over other traffic Layer 3 • IP Source Guard examines physical port, VLAN, IP, & MAC for inconsistencies Layer 2 • DHCP Snooping creates binding table • Dynamic ARP Inspection examines ARP & GARP for violations • Port Security limits the number of MAC addresses allowed per port • 802.1x limits network access to authentic devices on assigned VLANs BRKUCC-2501 5
5.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public IP Phone Security Features • Cryptographically assured device identity • Manufacture Installed Certificate(MIC) • Locally Significant Certificates (LSC) • Signed firmware images • Signed & encrypted configuration files • Mutually authenticated & encrypted signaling & media • Embedded 802.1x Supplicant • Positive disconnect for handset & speakerphone • Positive off-hook indicator for speakerphone • Disable or block access to voice VLAN for downstream port • Disable web interface • Disable “settings” button • Disable SSH access • FIPS mode (select models) • Gratuitous ARP rejection BRKUCC-2501 6
6.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Unified Communications Manager Security • Disallow trivial passwords • Require minimum length • Prevent reuse with configurable depth • Lockout on failed attempts with configurable depth, time span, & duration • Lockout on inactivity with configurable time span • Expire after configurable time span • Expiry warning with configurable time span User Credential Policies • Control frequency of credential modifications with configurable time span • Force credential modification on next attempt • Prevent credential modification by user • Lockout by administrator • Configurable session timeouts • SAML Single-Sign-On (SSO) BRKUCC-2501 7
7.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Unified Communications Manager Security Encrypted Signaling & Media • SIP & SCCP Phones • SIP Video Endpoints • MGCP, H.323, & SIP Trunks • TAPI & JTAPI Applications • Meet-me, ad-hoc, & barge Conferences • Extension Mobility Cross-Cluster • Intercluster Lookup Service (ILS) • Location Bandwidth Manager (LBM) Secure Interfaces & Protocols • Web, CLI, CTI, & LDAP • HTTPS, TLS, SRTP, SSH, SFTP, SLDAP, IPSec, TFTP BRKUCC-2501 8
8.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public UCM Cluster Security Mode • Non-Secure or Mixed • NOT On/Off • Mixed Mode Requirements: • Export Restricted version of UCM • CTL File • Configured via Windows CTL Client or ‘utils ctl set-cluster’ CLI Mixed Non-Secure BRKUCC-2501 9
9.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Unified Communications Manager Security Encrypted Signaling & Media • SIP & SCCP Phones • SIP Video Endpoints • MGCP, H.323, & SIP Trunks • TAPI & JTAPI Applications • Meet-me, ad-hoc, & barge Conferences • Extension Mobility Cross-Cluster • Intercluster Lookup Service (ILS) • Location Bandwidth Manager (LBM) Secure Interfaces & Protocols • Web, CLI, CTI, & LDAP • HTTPS, TLS, SRTP, SSH, SFTP, SLDAP, IPSec, TFTP Require Mixed Mode BRKUCC-2501 10
10.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Cluster Security Mode: Feature Tradeoffs Feature Non Secure Cluster Mixed Mode Cluster Auto-registration* Signed & Encrypted Phone Configs Signed Phone Firmware Secure Phone Services (HTTPS) CAPF + LSC IP VPN Phone Secure Endpoints (TLS & SRTP) BRKUCC-2501 New in 11.5 11
11.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Hardened Appliance Model • SELinux enforcing mode provides host based intrusion protection • iptables provides host based firewall • Third party software installations NOT allowed • Root account disabled, no other uid=0 accounts • OS and applications are installed with a single package • All software updates must be signed packages from Cisco • Secure Management (HTTPS, SSH, SFTP) • Audit logging • Active & Inactive partition architecture – easy to fallback if needed Why is CUCM considered a hardened platform? BRKUCC-2501 12
12.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Balancing Risk Low Easy or Default Medium Moderate and Reasonable High Advanced or Not Integrated Hardened Platform IP VPN Phone UC-Aware Firewall (Inspection) SELinux – Host Based Intrusion Protection Secure Directory Integration (SLDAP) Phone Proxy iptables - Integrated Host Firewall Encrypted Configuration Ipsec Signed Firmware & Configuration TLS & SRTP for Phones & Gateways Rate Limiting HTTPS Trusted Relay Points (TRP) Managed VPN (Remote Worker) Separate Voice & Data VLANs QoS Packet Marking Network Anomaly Detection STP, BPDU Guard, SmartPorts DHCP Snooping Scavenger Class QoS Basic Layer 3 ACL’s (Stateless) Dynamic ARP Inspection 802.1x & NAC Phone Security Settings IP Source Guard, Port Security Cost - Complexity - Resources - Performance - Manpower - Overhead BRKUCC-2501 13
13.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Eliminate Toll Fraud • Deny network access to unauthorized users • Partitions and Calling search spaces provide dial plan segmentation and access control • Device Pool “Calling Search Space for Auto-registration” to limit access to dial plan • Employ Time of day routing to deactivate segments of the dial plan after hours How Do Our Customers Prevent Toll Fraud? • Require Forced Authentication Codes on route patterns to restrict access on long distance or internal calls. • “Drop Ad hoc Conferences” (CallManager Service Parameter) • “Block OffNet to OffNet transfer” (CallManager Service Parameter) • Monitor Call Detail Records • Employ Multilevel Administration • Voice Gateways: Call Source Authentication (IOS 15.1(2) feature) BRKUCC-2501 14
14.
• Secure Network,
Secure Endpoints, Secure Call Control • Collaboration System Release 11.5 Security Update • Deploying and Handling Certificates & PKI in CUCM • Securing the Edge with CUBE/SBC • Cisco Product Security Agenda
15.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CSR 11.5 – The Federal Space Federal Certifications Testing Agencies Common Criteria NIAP (NSA) DoD Unified Capability Approved Products List JITC Commercial Solutions for Classified NSA / CSS FedRAMP 3PAO
16.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Common Criteria Support CUCM 11.0 Enhancement • Accepted and supported by 26 Countries Worldwide via Common Criteria Recognition Arrangement (CCRA) • The following features have been added/modified in CUCM to meet certification requirement for SIP Signaling and Media: • Support for ECC(Elliptical Curve Cryptography) for CUCM certificates*. Software features that required modification to support ECC: • Self-signed certificates, certificate signing requests (CSR), certificate import and bulk certificate management • Certificate Trust List (CTL) and ITL (Initial Trust List). • SIP connections. • CAPF (Certificate Authority Proxy Function) • CTI (Computer Telephony Integration) • Support configuration download over secure channel– HTTPS • New entropy source and entropy management • Audit logging as outlined in Network Device Protection Profile Data Protection https://www.nsa.gov/business/programs/elliptic_curve.shtml* The certificate manager will support generating ECC certificates that have an EC Key Pair of 256, 384 or 521 bits
17.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CSR 11.5 – FIPS 140-2 FIPS 186-4 Digital Signature Standards: DSA, RSA, ECDSA FIPS 180-4 Secure Hash Standards: SHA-1, SHA-256, SHA-384 FIPS 197 Advanced Encryption Standards: AES-128, AES-256 NIST SP 800- 38(A-F) AES Block Cipher Modes: CBC, CCM, GCM NIST SP 800-52 Selection, Config and Use of TLS Implementations
18.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CSR 11.5 – Encryption Strengths 11.5 11.0
19.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CSR 11.5 – Encryption Strengths NSA Top Secret NSA Secret 11.5 11.0
20.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CSR 11.5 – Robust Security TOP SECRET
21.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Enhancements in 11.5 • Auto-registration allowed in mixed mode • New ECDSA certificates for Tomcat and XMPP • RSA key sizes increased to 4096 bits • Configurable SHA2 (512) signed files from TFTP • Authenticated UDS search • Configurable form-based authentication for web applications BRKUCC-2501 22
22.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public LSC Enhancements in 11.5 • Certificate Monitoring service monitors LSCs for expiry • CCMAdmin / BAT “Find & List Phone” page allows search by • LSC expiration • LSC issued by • LSC issuer expires by • Configurable LSC certificate expiry (CAPF Service Parameter) • CAPF signs LSCs with SHA2 hash algorithm BRKUCC-2501 For LSCs installed on 11.5 or later only 23
23.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public LSC Expiration Visibility in UCM 11.5 Search & Reporting BRKUCC-2501 24
24.
• Secure Network,
Secure Endpoints, Secure Call Control • Collaboration System Release 11.5 Security Update • Deploying and Handling Certificates & PKI in CUCM • Securing the Edge with CUBE/SBC • Cisco Product Security Agenda
25.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public PKI – Public Key Infrastructure Consists Of… Public + Private keypair • Private Key remains secret • Public Key widely distributed Allows For… • Asymmetric key encryption • one-way encryption and decryption • Symmetric key encryption • Public Key exchange used to establish shared-secret between two parties • Message encryption and authentication protocols BRKUCC-2501 26
26.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Types of Certificates Self-Signed certificates used by Certificate Authorities to sign other certificates. Certificates issued to a specific entity (a device) and signed or issued by a root CA and sometimes also by intermediate CAs. Certificates signed by a Root CA and in turn can sign other identity certificates.
27.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Lorem ipsum dolor sit amet, consectetur adipiscing elit. John Doe CCIE# 63542 Certificate What’s a Digital Certificate? X.509 Certificate Version Serial Number Signature Algorithm Signature Hash Algorithm Issuer Valid From Valid To Subject Name Public Key Serial Number: 63542 Issued By: Cisco Systems Issued To: John Doe 5/4/20 Validity: May 4th, 2020
28.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Digital Certificates • Digital passport • Self-signed or CA-Signed • Contains the owner’s public key • Proves the identity of a public key’s owner BRKUCC-2501 29
29.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public 30 Pubic Key Infrastructure
30.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Certificate File Formats -----BEGIN CERTIFICATE----- MIIE2TCCA8GgAwIBAgIKamlnswAAAAAAAzANBgkqhkiG9w0BAQUFADA1MRYwFAYD VQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgw HhcNMDUwNjEwMjIxNjAxWhcNMjkwNTE0MjAyNTQyWjA5MRYwFAYDVQQKEw1DaXNj byBTeXN0ZW1zMR8wHQYDVQQDExZDaXNjbyBNYW51ZmFjdHVyaW5nIENBMIIBIDAN BgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAoMX33JaUNRXx9JlOu5tB4X3beRaR u/NU8kFKlDJiYskj95rnu5t56AcpTjD1rhvFIVZGsPj05o6BuBbMqJuF0kKB23zL lKkRYRIcXOozIByaFqd925kGauI2r+z4Cv+YZwf0MO6l+IgaqujHPBzO7kj9zVw3 8YaTnj1xdX007ksUqcApewUQ74eeaTEw9Ug2P9irzhXi6FifPmJxBIcmpBViASWq 1d/JyVu4yaEHe75okpOTIKhsvRV100RdRUvsqNpgx9jI1cjtQeH1X1eOUzKTSdXZ D/g2qgfEMkHFp68dGf/2c5k5WnNnYhM0DR9elXBSZBcG7FNcXNtq6jUAQQIBA6OC AecwggHjMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFNDFIiarT0Zg7K4F kcfcWtGwR/dsMAsGA1UdDwQEAwIBhjAQBgkrBgEEAYI3FQEEAwIBADAZBgkrBgEE AYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBQn88gVHm6aAgkWrSugiWBf 2nsvqjBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vd3d3LmNpc2NvLmNvbS9zZWN1 cml0eS9wa2kvY3JsL2NyY2EyMDQ4LmNybDBQBggrBgEFBQcBAQREMEIwQAYIKwYB BQUHMAKGNGh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9jZXJ0cy9j cmNhMjA0OC5jZXIwXAYDVR0gBFUwUzBRBgorBgEEAQkVAQIAMEMwQQYIKwYBBQUH AgEWNWh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5L3BraS9wb2xpY2llcy9p bmRleC5odG1sMF4GA1UdJQRXMFUGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH AwUGCCsGAQUFBwMGBggrBgEFBQcDBwYKKwYBBAGCNwoDAQYKKwYBBAGCNxQCAQYJ KwYBBAGCNxUGMA0GCSqGSIb3DQEBBQUAA4IBAQAw8zAtjPLKN0pkmSQpCvKGqkLV I+ii6itvaSN6go4cTAnPpE+rhC836WVg0ZrG2PML9d7QJwBcbx2RvdFOWFEdyeP3 OOfTC9Fovo4ipUsG4eakqjN9GnW6JvNwxmEApcN5JlunGdGTjaubEBEpH6GC/f08 S25l3JNFBemvM2tnIwcGhiLa69yHz1khQhrpz3B1iOAkPV19TpY4gJfVb/Cbcdi6 YBmlsGGGrd1lZva5J6LuL2GbuqEwYf2+rDUU+bgtlwavw+9tzD0865XpgdOKXrbO +nmka9eiV2TEP0zJ2+iC7AFm1BCIolblPFft6QKoSJFjB6thJksaE5/k3Npf -----END CERTIFICATE----- Base-64 encoding
31.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CUCM Certificate Types • Used for TLS connections to CallManager service (TCP port 5061 for SIP or 2002 for SCCP) • Signs TFTP files like configuration files, localization files, etc. CallManager CallManager-EC • Use for TLS connections to CAPF service (TCP port 3804) • Signer of the phones Locally Signed Certificates (LSC)CAPF • Used for HTTPS connections from Web services (TCP port 8443)Tomcat • For TLS connections to the TVS service (TCP port 2445)TVS
32.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CallManager Service •CallManager •CallManager-trust Tomcat Service • tomcat • tomcat-trust CAPF Service •CAPF •CAPF-trust Certificate Trust Stores
33.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CUCM Trust Certificate Management
34.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Do I trust this device? High Level View of a Secure Connection Establishment ? Yes Trust it?Yes Trust-store CUCM CUBE
35.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Transport Layer Security (TLS) Client Server TLS Record Protocol TLS Handshake Client/Server model Application protocol independent • Uses asymmetric cryptography to authenticate peer identity • Shared secret negotiation is secure and reliable
36.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public TLS connections in Wireshark • Client: Entity initiating the connection • Server: Entity receiving the connection • Wireshark filters: • ‘ssl’ – Only packets with SSL data • ‘tcp.port == nnn’ – All TCP packets for the connection including SYN, ACK with no data BRKUCC-2501 37
37.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Certificates in Wireshark BRKUCC-2501 38
38.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public • New option to share a single CA signed certificate across all nodes in a cluster • Each cluster node’s FQDN included as Subject Alternative Name (SAN) in a single certificate, custom SANs can also be included • Available for Unified CM (UCM + IM&P) and Unity Connection clusters • Specifically for Tomcat, CallManager, CallManager-ECDSA, CUP-XMPP & CUP-XMPP-S2S certificate types Multi-Server Certificate Support Simplify Certificate Management In Clustered Environments Of UCM 10.5 And Later Unified CM Cluster UCM nodes IM&P nodes One CA signed Multi-Server Tomcat certificate for the entire Unified CM cluster BRKUCC-2501 39
39.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco PublicBRKUCC-2501 Endpoint Certificates • Manufacturing Installed Certificate (MIC) • Installed in the factory for Cisco IP Phones • Valid for 10 years • No certificate revocation support • Locally Significant Certificates (LSC) • Preferred certificate for endpoint identity • Endpoint support includes IP Phones, TelePresence, Jabber clients, CIPC • LSC signed by CAPF Service running on UCM Publisher • LSC supports the same RSA and EC key sizes as Unified CM • LSC can be installed, re-issued, deleted in bulk with UCM Bulk Admin Tool • LSC signed by CAPF is valid for 5 years, configurable in UCM 11.5 • Paper process required to track certificate expiration prior to UCM 11.5 Cryptographically assured device identity 40 8811, 8841, 8851, 8861
40.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public LSC Revocation Catered for in CUCM 10.X • Historic Elephant in the room • Prior to release 10 what happened if a phone was lost or stolen? • Offline CA Mode • CUCM still can’t revoke LSC but the CA can! CA CAPF (Offline CA Mode) (1) LSC CSR (2) CA Signed LSC CA LSC:XXXX LSC Serial No. XXXX Revoked! ISE
41.
Certificate Trust List
(CTL) & Initial Trust List (ITL) BRKUCC-2501
42.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Certificate Trust List (CTL) • Enabling Mixed Mode to support encrypted signaling and media requires CTL • Minimum of 2 USB secure tokens required, KEY- CCM-ADMIN-K9= or new KEY-CCM-ADMIN2-K9= • CTL client produces Certificate Trust List (CTL) file and uploads to CUCM TFTP • Download the CTL Client from CUCM Admin, install on Windows workstation • CTL file is downloaded by endpoints and is the basis for endpoint certificate trust CTL provides a trust mechanism for Cisco endpoints BRKUCC-2501 43
43.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Certificate Trust List (CTL) • Unified CM 10.0 supports two different methods of building the CTL • Classic CTL client, minimum 2 USB tokens required • New token-less CTL • Token-less CTL is activated with admin cli command (publisher only), • utils ctl set-cluster mixed-mode • CallManager certificate private key is used to sign the CTL, rather than the USB token • DRS backup !!! • Other CTL cli commands include • utils ctl update CTLFile • utils ctl set-cluster non-secure-mode New token-less CTL option BRKUCC-2501 44
44.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Initial Trust List (ITL) • Unlike the CTL file, the ITL file is built automatically when the cluster is installed or upgraded to 8.0+ • Downloaded by phones at boot or reset, after CTL file • Has the same format as the CTL File • Does not require eTokens; uses a soft eToken (the CallManager cert private key) • Static and Dynamic ITL Files are built • ITLFile.tlv ITLSEPMAC.tlv Security by Default component BRKUCC-2501 45
45.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Trust Verification Service • Trust Verification Service (TVS) runs on each CUCM server and authenticates certificates on behalf of the phone • Provides endpoint trusted certificates scale • Instead of downloading all the trusted certificates, phones need only to trust TVS • Up to 3 TVS per phone (primary, secondary and tertiary from CallManager Group) • No support when failover to SRST by phone • TVS function relies on SBD enabled and correct TVS certificate in the endpoint’s ITL file Security by Default Component BRKUCC-2501 46
46.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public • ITL file is built by the TFTP service in UCM 8.6+ • TVS service built the ITL file in UCM 8.0 & 8.5 • Each node running TFTP creates a unique ITL • ITL file is rebuilt when: • TFTP Service Restarts • Any certificate inside the ITL changes • CallManager Group Changes • IP Phones automatically reset on certificate change (8.6+) • ITL Signature should always match on endpoint and TFTP server Managing Security by Default (SBD) ITL File Awareness BRKUCC-2501 47
47.
• Secure Network,
Secure Endpoints, Secure Call Control • Collaboration System Release 11.5 Security Update • Deploying and Handling Certificates & PKI in CUCM • Securing the Edge with CUBE/SBC • Cisco Product Security Agenda
48.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Why does an Enterprise need an SBC ? SESSION CONTROL Call Admissions Control Trunk Routing Ensuring QoS Statistics and Billing Redundancy/ Scalability INTERWORKING SIP - SIP H.323 - SIP SIP Normalization DTMF Interworking Transcoding Codec Filtering DEMARCATION Fault Isolation Topology Hiding Network Borders L5/L7 Protocol Demarcation SECURITY Encryption Authentication Registration SIP Protection Voice Policy Firewall Placement Toll Fraud Enterprise 1 IP SIP CUBE IP Enterprise 2 IP CUBE SIP Rich Media (Real time Voice, Video, Screenshare etc.. ) Rich Media
49.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public VXML SRST Cisco Unified Border Element Address Hiding H.323 and SIP interworking DTMF interworking SIP security Transcoding Note: An SBC appliance would have only these features Unified CM Conferencing and Transcoding IP Routing & MPLS WAN & LAN Physical Interfaces CUBE Voice Policy TDM Gateway PSTN Backup FW, IPS, QoS Note: Some features/components may require additional licensing An Integrated Network Infrastructure Service
50.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CUBE Call Processing Actively involved in the call treatment, signaling and media streams SIP B2B User Agent Signaling is terminated, interpreted and re-originated Provides full inspection of signaling, and protection against malformed and malicious packets Media is handled in two different modes: Media Flow-Through Media Flow-Around Digital Signal Processors (DSPs) are required for transcoding (calls with dissimilar codecs) IP CUBE CUBE IP Media Flow-Around Signaling and media terminated by the Cisco Unified Border Element Media bypasses the Cisco Unified Border Element Media Flow-Through Signaling and media terminated by the Cisco Unified Border Element Transcoding and complete IP address hiding require this model
51.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public High-density Dedicated Gateways Transitioning to SIP Trunking... 52 Re-purpose your existing Cisco voice gateway’s as Session Border Controllers SIP/H323/MGCP Media TDM PBX SRST CME A Enterprise Campus Enterprise Branch Offices MPLS BEFORE Media SIP Trunks SRST IP PSTNA TDM PBX CME MPLS CUBE with High Availability Active Standby CUBE CUBE PSTN is now used only for emergency calls over FXO lines AFTER Enterprise Branch Offices
52.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public • Step 1 – Configure IP PBX to route all calls (HQ and branch offices) to the edge SBC • Step 2 – Get SIP Trunk details from the provider • Step 3 – Enable CUBE application on Cisco routers • Step 4 – Configure call routing on CUBE (Incoming & Outgoing dial- peers) • Step 5 – Normalize SIP messages to meet SIP Trunk provider’s requirements • Step 6 – Execute the test plan Steps to transitioning... 53 Media SRST Enterprise Campus IP PSTN A TDM PBX CME MPLS Enterprise Branch Offices CUBE with High Availability Active Standby CUBE CUBE PSTN is now used only for emergency calls over FXO lines SIP Trunk
53.
SIP Trunking and
Design Deployment Reference Slides
54.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Cisco Session Management & CUBE: Essential Elements for Collaboration • CUBE provides session border control between IP networks • Demarcation • Interworking • Session control • Security • Cisco SME centralizes network control • Centralizes dial plan • Centralized applications • Aggregates PBXs 55 Video Mobile SIP TRUNK TO CUBE 3rd Party IP PBX TDM PBX CUBE Cisco Session ManagementIM, Presence, Voicemail Cisco B2B
55.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public CUBE Deployment Scenarios SIP Trunks for PSTN Access Network- based Media Recording Solution SIP H.323 SP VOIP ServicesSBC TDM SIP Trunk Partner API MediaSense CUBE SIP RTP SIP Active Standby SP IP NetworkSBC Extending to Video and High Availability for Audio Calls IVR Integration for Contact Centers SIP CVP vXML Server Media Server SP IP NetworkSBC Business to Business Telepresence SP IP Network SIP SIP SBC CUBE CUBE CUBE CUBE CUBE 56
56.
• Secure Network,
Secure Endpoints, Secure Call Control • Collaboration System Release 11.5 Security Update • Deploying and Handling Certificates & PKI in CUCM • Securing the Edge with CUBE/SBC • Cisco Product Security Agenda
57.
Cisco Product Security
Awareness BRKUCC-2501
58.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Cisco PSIRT Has Your Back • Dedicated, global team managing security vulnerability information related to Cisco products and networks • Responsible for Cisco Security Advisories, Responses and Notices • Interface with security researchers and hackers • Assist Cisco product teams in securing products • Subscribe (RSS or email) to Cisco notification service Product Security Incident Response Team (PSIRT) - www.cisco.com/go/psirt BRKUCC-2501 59
59.
© 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Public Product Security Awareness • Subscribe/Monitor PSIRT security advisories, responses and notices • Consult advisory details to understand impact, workarounds, and other details • Reference linked Cisco Applied Mitigation Bulletins (AMB) when available • Make preparations to patch systems via upgrade or COP files • Verify DRS backups available before patching critical systems BRKUCC-2501 60
60.
Thank you BRKUCC-2501
Download now