> > > UCSEC

Implementing Cisco Unified Communications Security (UCSEC)

Course Description Schedule Course Outline
 

Course Content

Implementing Cisco Unified Communications Security (UCSEC) v1.0 is a new five-day ILT class that is designed to provide you with the necessary knowledge and skills to implement security features in a Cisco Unified Communications environment. Cisco Unified Communications support several features and mechanisms to secure voice signaling and communications and to mitigate attacks against Cisco Unified Communications networks. The Implementing Cisco Unified Communications Security (UCSEC) v1.0 course introduces security mechanisms and describes different implementation scenarios that increase the security level of Cisco Unified Communications networks.

Who should attend

This course is primarily intended for:

  • Network administrators
  • Network engineers

Others who would find this course useful include:

  • Systems engineers

Prerequisites

The knowledge and skills you must have before attending this course are as follows:

  • Working knowledge of converged voice and data networks
  • Working knowledge of Cisco IOS gateways, Cisco Unified SRST gateways, and Cisco Unified Border Element
  • Working knowledge of Cisco Unified Communications Manager and Cisco Unified Communications Manager Express
  • CCNP® Voice certification is recommended

Additional knowledge and skills that will help you benefit fully from the course are as follows:

  • Knowledge of network security fundamentals
  • Knowledge of Cisco IOS Firewall and Cisco ASA adaptive security appliance firewalls
  • Knowledge of IPsec and SSL VPNs
  • CCNA® Security certification is recommended

Cisco learning offerings:

Course Objectives

Upon completing this course, you will be able to:

  • Identify vulnerabilities in Cisco Unified Communications networks and describe security strategies, cryptographic services, PKI, and VPN technologies
  • Implement network infrastructure security features
  • Implement Cisco Unified Communications Manager and Cisco Unified Communications endpoint security features
  • Implement network infrastructure security features

Detailed Course Outline

Module 1: Vulnerabilities of Cisco Unified Communications Networks and Security Fundamentals

Identify vulnerabilities in Cisco Unified Communications networks, and describe security implementation strategies, cryptographic services, PKI, and VPN technologies.

Lesson 1: Assessing Vulnerabilities of Cisco Unified Communications Networks

  • Identify the threats to a Cisco Unified Communications solution
  • Describe types of attackers and attacks
  • Identify weaknesses of protocols that are used in Cisco Unified Communications networks
  • Describe what needs to be considered regarding end users and administrators when dealing with security
  • Describe identity spoofing and the identity types that an attacker can impersonate
  • Explain examples of DoS attacks
  • Describe an example of unauthorized privilege escalation that is achieved by exploiting a buffer overflow issue
  • Describe eavesdropping attacks and the techniques that can be employed to perform them
  • Describe data manipulation and discuss how data integrity can be compromised
  • Describe attacks against Cisco Unified IP phones

Lesson 2: Describing Security Implementation Strategies

  • Describe how risk assessment is performed
  • Describe guidelines for security implementation
  • Describe the function of a security policy
  • Describe the need for auditing and how auditing can be performed
  • Describe the need for accountability and how accountability can be implemented

Lesson 3: Describing Cryptographic Services and Functions

  • Describe cryptographic services
  • Describe the characteristics of symmetric encryption and what it is used for
  • Describe the characteristics of asymmetric encryption and what it is used for
  • Describe the characteristics of hashes and what they are used for
  • Describe the characteristics of HMAC and what they are used for
  • Describe the characteristics of digital signatures and what they are used for

Lesson 4: Describing Key Management and PKI

  • Describe the issues of key management when using symmetric keys and when using asymmetric keys
  • Describe the purpose of a PKI
  • Describe how a PKI works
  • Describe considerations when implementing a PKI
  • Describe how commonly used applications utilize a PKI for secure communication

Lesson 5: Describing IPsec and Cisco AnyConnect SSL VPN

  • Describe the purpose of IPsec and Cisco AnyConnect SSL
  • Describe the characteristics of IPsec
  • Describe the operation of IPsec
  • Describe considerations when implementing IPsec
  • Describe special implementation models of IPsec
  • Describe the characteristics of Cisco AnyConnect SSL
  • Describe the operation of Cisco AnyConnect SSL
  • Describe considerations when implementing Cisco AnyConnect SSL

Module 2: Network Infrastructure Security

Implement network infrastructure security features such as network separation and firewalls, IEEE 802.1X in phone VLANs, and the IP Phone VPN Client.

Lesson 1: Implementing Network Separation and Packet Filtering

  • Describe the function of security domains
  • Describe network separation methods
  • Implement voice VLANs
  • Describe how network access control is implemented between security domains and describe how NAT can be used between security domains
  • Describe the most important stateless packet filtering features on Cisco IOS routers, Cisco Catalyst switches, and Cisco ASA adaptive security appliances
  • Describe how stateful packet filters can be used to provide network access control
  • Describe the need for deep packet inspection and how it interacts with network access control
  • Describe the operation of application proxies and the features that they provide
  • Describe network separation considerations when implementing softphones

Lesson 2: Implementing Switch Security Features

  • Describe the security features available in Cisco Catalyst switches
  • Describe the characteristics of 802.1X
  • Describe how 802.1X works
  • Describe how to implement 802.1X

Lesson 3: Implementing Cisco AnyConnect SSL VPNs in Cisco Unified Communications Networks

  • Describe the characteristics of the IP phone VPN Client feature
  • Describe the trust requirements of the IP phone VPN Client feature
  • Describe considerations when implementing the IP phone VPN Client feature
  • Describe how to implement the IP phone VPN Client feature
  • Describe how to verify proper operation of the IP phone VPN Client feature

Module 3: Cisco Unified Communications Manager and Endpoint Security Features

Harden Cisco Unified Communications endpoints and implement toll-fraud prevention features and Cisco Unified Communications Manager cryptographic security features.

Lesson 1: Hardening Cisco Unified Communications Endpoints

  • Describe general guidelines for device hardening, including Cisco IOS devices
  • List IP phone and Cisco Unified Communications Manager hardening options
  • Describe how to control access to the Settings button on the IP phone in Cisco Unified Communications Manager
  • Describe how to control PC port access at the IP phone in Cisco Unified Communications Manager
  • Describe how to process GARP packets at the IP phone in Cisco Unified Communications Manager
  • Describe how to control IP phone web server access in Cisco Unified Communications Manager

Describe how to harden Cisco IOS gateways

Lesson 2: Implementing Toll-Fraud Prevention

  • List toll-fraud prevention features
  • Describe the purpose and the configuration of class classification in Cisco Unified Communications Manager
  • Describe how Cisco Unified Communications Manager can be configured to block external-to-external transfers
  • Describe how Cisco Unified Communications Manager can be configured to drop ad hoc conferences when no on-net party remains in the conference
  • Describe how CoS can be implemented in Cisco Unified Communications Manager in order to avoid toll fraud
  • Describe how Cisco Unified Communications Manager can be configured to force an end user to enter a valid FAC before processing calls
  • Describe how call monitoring and accounting can be configured in Cisco Unified Communications Manager in order to detect and prevent toll fraud
  • Describe how Cisco Unified Communications Manager Express and Cisco IOS gateways can be configured for toll-fraud prevention

Lesson 3: Implementing Native Cisco Unified Communications Manager Security Features

  • Describe how Cisco Unified Communications Manager protects IP phones by using firmware that is digitally signed
  • Describe SIP digest authentication, what attacks it can mitigate, and how it is implemented for IP phones and SIP trunks
  • Describe how SIP trunks can be configured to use TLS for signaling and SRTP for media
  • Describe how IPsec is supported in Cisco Unified Communications Manager
  • Describe the purpose of the Security by Default feature
  • Describe the components of the Security by Default feature
  • Describe how an IP phone can validate received certificates using CVS and describe how configuration file protection is provided by Security by Default
  • Describe how Security by Default interacts with other security features

Lesson 4: Implementing Cisco Unified Communications Manager Security Features Based on Security Tokens

  • Describe the issuers of certificates that are used in a secure Cisco Unified Communications Manager environment
  • Describe the purpose of the CTL file
  • Describe how a CTL file is created or updated
  • Describe how the CTL file interacts with the ITL file
  • List the security features that rely on the CTL file
  • Describe how Cisco Unified Communications Manager provides secure signaling to IP phones
  • Describe how Cisco Unified Communications Manager enables IP phones to use secure media exchange to other IP phones
  • Describe how Cisco Unified Communications Manager provides IP phone configuration file encryption
  • Describe how Cisco Unified Communications Manager can provide secure conference bridges to IP phones
  • Describe the impact of encrypted signaling on intermediate network devices providing NAT or firewall services

Module 4: Secure Cisco Unified Communications Integration and Features

Implement secure Cisco Unified Communications Manager integration with external devices such as gateways, firewalls, and application proxies.

Lesson 1: Implementing SRTP to Gateways and Signaling Protection by IPsec

  • Provide an overview of secure Cisco IOS gateway communication
  • Describe the signaling and media protection options between the Cisco Unified Communications Manager and a SIP gateway
  • Describe the media protection to MGCP gateways
  • Describe the media protection to H.323 gateways
  • Describe how to configure IPsec for signaling encryption

Lesson 2: Implementing Secure Signaling and SRTP in SRST and Cisco Unified Communications Manager Express

  • Describe the trust requirements for secure SRST
  • Describe how IP phones can trust their SRST gateway
  • Describe how SRST gateways can trust IP phones
  • Describe secure SRST operation
  • Describe how to implement secure SRST
  • List security features provided by Cisco Unified Communications Manager Express
  • Describe the PKI topology and trust requirements when implementing secure Cisco Unified Communications Manager Express
  • Describe additional Cisco Unified Communications Manager Express security features
  • Describe how to implement security features in Cisco Unified Communications Manager Express

Lesson 3: Implementing Trusted Relay Points

  • Describe the purpose of trusted relay points
  • Describe the characteristics of trusted relay points
  • Describe the components of trusted relay points
  • Describe how trusted relay points work
  • Describe how to implement trusted relay points

Lesson 4: Implementing Proxies for Secure Signaling and SRTP

  • Describe the purpose and function of an application layer gateway, also known as a proxy
  • Describe the purpose and functions of Cisco Unified Border Element
  • Describe Cisco Unified Border Element security features including signaling and media proxy
  • Describe how to configure Cisco Unified Border Element as signaling and media proxy
  • Describe the purpose and functions of the Cisco ASA adaptive security appliance TLS proxy feature
  • Describe how to configure a TLS proxy in the Cisco ASA adaptive security appliance
  • Describe the purpose and functions of the Cisco ASA adaptive security appliance phone proxy feature
  • Describe how to configure a phone proxy in the Cisco ASA adaptive security appliance
  • Describe the differences between Cisco Unified Border Element, TLS proxy, and phone proxy

UCSEC v1.0 Labs

  • Lab 1-1: Identifying Security Weaknesses in a Cisco Unified Communications Network
  • Lab 2-1: Implementing Firewalls
  • Lab 2-2: Implementing 802.1X
  • Lab 2-3: Implementing Cisco AnyConnect SSL VPNs
  • Lab 3-1: Implementing Cisco Unified Communications Manager Security Features Based on Security Tokens
  • Lab 4-1: Implementing SRTP to Gateways and Signaling Protection by IPsec
  • Lab 4-2: Implementing Secure SRST and Secure Cisco Unified Communications Manager Express
  • Lab 4-3: Implementing Trusted Relay Points
  • Lab 4-4: Implementing Proxies for Signaling and RTP
Classroom Training

Duration 5 days

Price
  • United States: US$ 3,495
  • Cisco Learning Credits: 35 CLC
Enroll now