Security Enhancements Show
Introduction To ensure that your organization is protected from potential threats Messaging offers various features which you can easily implement on your site. Messaging is compatible with many common security measures, such as the SSL standard for web access to web applications and Messaging. Please refer to the following sections for details regarding these features. •UC Credentials and Security •Weblinks (Voice Mail & Fax Security) on page 647 - This configuration forces users to access attachments on their messages via a link, which means that the attachments cannot be forwarded as usual. •Enabling SSL from the IIS on page 658 - This configuration allows users to securely connect to Messaging web services. UC Credentials and Security Messaging provides ongoing improvements to the security policies and routines contained within the program. Data integrity and secure access is constantly being tested and improved. Improvements have been made to passwords and system access that make unauthorized access more difficult. Administrator Passwords Administrator passwords can be alphanumeric. Number only passwords are less secure as they are more easily compromised. For cases where alphanumeric passwords are used, telephone access to the system for remote maintenance is not possible. The Supervisor main menu is not reachable unless the password is entirely numeric. Note: Alphanumeric passwords are case sensitive, and can contain numbers, letters, and symbols (any characters accessible through the keyboard, e.g. [email protected]#$%^&*()_+<>?). UC Credentials To help ensure application access safety and data integrity, Messaging provides the resources to control and manage user authentication. These elements strengthen access through client applications which previously allowed the use of weak, numeric only usernames and passwords. All client access (i.e. Avaya iLink Pro, Web Access) requires an application username and an alphanumeric password. Accessing the system through a telephone keypad is still accomplished using the mailbox number and a numeric password. Security Policies The security policies that are enforced regarding numeric / alphanumeric user credentials are as follows: 1.Numeric passwords are usable only for access from a telephone keypad (Voicemail password). 2.The Application User username supports multiple formats, such as email addresses ([email protected]), single words (MyPassword), and mixed alphanumeric strings ($jcarter9876!). 3.Continued support for all Company security settings where possible with respect to Application User passwords including: a.Ask to change password on first access: Logging in from any client will display the password change prompt. b.Password rules: Forced Password Changes, and the number of periods where passwords cannot be reused. c.Number of incorrect attempts before mailbox will be locked. d.Password Rules reflect alphanumeric passwords options (e.g. Allow sequential characters in password). e.Allow Repeat numbers in Voicemail password applies to Voicemail passwords only. f.Fields that require a separation of policy application include: 4.The setting Allow only alphanumeric…, which prevents users from putting voicemail only passwords in the user/password field, are enforced as a hidden default setting. 5.Upon new mailbox creation, the default Application password will be assigned. 6.The Password Reset option for the Application password is similar to the Voicemail Password Reset in the web portal. 7.A Mailbox Bulk Manager utility allows CSV files to be used to import, export and update user data. It also provides for the mass randomization of usernames, voicemail and application passwords. After an upgrade from a previous version of Messaging, existing users with numeric credentials will be allowed to log in once using those credentials from client applications (i.e. Web Access, iLink Pro, iLink Pro Mobile, etc): a.After a successful login, they are required to create a new, alphanumeric password based upon these policies. b.After a successful login, the user will be given a new username from one of the following: c.Old client versions that support numeric only passwords cannot connect to an updated server. This will force the adoption of the new security model. Otherwise, the program remains vulnerable to security exploits. d.New clients can connect to older server versions using number-only credentials. Server and User Settings The Messaging Admin and the Web Admin utilities provide the following settings for UC Credentials and security. •Company wide security settings are configured through the Company > Passwords/Security tab. The default Voicemail and Application Passwords are also configured here.  •User specific settings are made through the Mailbox > General tab. Password Reset Utility Users can reset their Voicemail and Application passwords through the web interface. 1.Using any web browser, enter the URL for the voice server (i.e. user.yourcompany.com). Select Password Reset. 2.Enter an email address and select the password to reset: reset Voicemail Password or Application Password. 3.Enter the security code in the space provided, Click Send a Request when ready. 4.The specified email address will receive a message with a link. Click on the link to enter the details of the new password. 5.Enter a new password in the spaces provided, then click Reset Password. 6.The account password will be changed to the new value. Weblinks (Voice Mail & Fax Security) Overview This feature allows you to increase the security level of Voicemail and Faxes that are transferred via email by storing all the files on the server itself. Instead of the attachments being sent and received, the sender’s attachment is stored on the server while the receiver gets a link to access the file. The below process illustrates an example of how this can be implemented. Due to the variation between different sites, following these steps exactly as shown (especially with regards to the URL and folder paths) may prevent the feature from working properly on your own system. A professional technician with networking knowledge who understands the process would be able to configure the settings necessary for your own system setup. Also, please keep in mind that the configuration procedure will differ depending on the version of your IIS. In general, Windows 2003 and XP will use IIS 6 while Windows 2008 and Windows 7 use IIS 7, which changes the interface you must configure the feature from. Note: Voice messages which are listened to through the telephone using the Weblinks action link within the email will not automatically change the read status of the voice message. Therefore, listening to message in this fashion will not extinguish the message light on integrated environments. The end users have the option of marking the message as read through the options available at the bottom of the Weblinks message. Performing such an action will extinguish the message light on integrated environments if the message is the last unread message. Configuration Process The exact procedure to setup Weblinks depends upon which version of IIS (Internet Information Services) is installed on the server. Warning: Only follow the procedure that is relevant to your system. Do Not perform both IIS setup procedures. If the server has IIS 7 installed, begin the process on page 648. If the server has IIS 6 installed, begin the process on page 650. Regardless of which version of IIS is present, the Messaging setup remains the same. Once the appropriate version of IIS has been configured, continue with the Messaging setup on page 652. Configuration with IIS 7 1.In order to utilize Weblinks, you must first confirm that you have the necessary Windows components installed for IIS. You will need HTTP Redirection and CGI enabled within IIS. The screenshot here shows adding the component from
Configuration with IIS 6 1.Open the Start
menu. 2.On the left-hand side, select 3.On
the right-hand side, select Click on Allow. 4.You will get the following warning. Click Yes to accept the changes and continue. 5.Repeat steps step 1- step 4 for All Unknown ISAPI Extensions. Messaging Configuration Once the appropriate version of IIS has been setup, continue with the Messaging configuration. 1.From IXM Admin > Configuration > VPIM/SMTP, change the value of HTML Content to True. 2.In order to utilize the Weblinks function, the mailbox has to be associated with the Feature Group that has the function enabled. From Messaging Admin > PBX > Company > Feature Group, go to the Synchronization Options tab and select the type of messages you wish to use Weblinks with from the dropdown menu. 3.If a user does not utilize IMAP CSE Synchronization between their Messaging mailbox and the mail server account, you may opt for the forwarding method. From IXM Admin > PBX > Company > Mailbox, open the properties of the mailbox you wish to enable Weblinks for, then go to the Message Options tab. Create an entry to forward the emails. When the mailbox is associated with the Feature Group that has the Weblinks enabled, as shown in previous step, you can enable the HTML Content checkbox. Be sure to leave the Attachment checkbox disabled if you wish to send the URL only. Warning: Please keep in mind that this step is only for users who will be using email forwarding instead of IMAP CSE Synchronization. If you configure forwarding for users who are using IMAP CSE Synchronization, there will be an infinite loop of messages. You should either use IMAP sync or forwarding but never both for the same mailbox. 4.When all your server side configuration has been completed, restart the server computer. 5.Locate the webmailconfig.exe file in the Messaging folder (by default, this is C:\UC). From Windows, go to Start > Run and enter the
full path and file name in the space provided. Add the /i parameter, and the URL of the server where the files will be kept. C:\UC\webmailconfig.exe /i https://user.erb.com Note: Be sure to include the http or https protocol designator in the URL.
6.Stop and restart the World Wide Web Publishing Service on the computer to complete the setup. Weblinks Example The following is an example of how the attachments are handled using this function. The email itself only contains the text of the message. The attachment is left on the server. If you were to forward this email to someone with no permission to access the mail server, they would not be able to listen to the message. While the email is forwarded, the attachment itself remains secure on the server. By using the Playback buttons, the voice message can be played through the current device, or the telephone associated with the user’s default extension. Additional buttons allow the message to be Mark Read or Deleted from the voice server. A call to the sender can also be initiated by clicking the UC Dial (dial through the Messaging voice server) or Dial (dial through a configured device, such as a cell phone when out of the office) buttons. The View button opens an new window in the browser. This window contains playback controls for the message. Fax messages processed through Weblinks will behave in the same manner. The attachment remains on the server while only links to view the message are sent to the user. Forwarded messages will contain links which are only viewable by authorized users. Enabling SSL from the IIS Introduction It is recommended that you enable SSL on the Web related features to ensure secure connections. Note: Digital certificates encrypt data using Secure Sockets Layer (SSL) technology, the industry-standard method for protecting web communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. SSL is built into all major browsers and web servers. By installing a digital certificate, you enable your browser’s SSL capabilities. Requirements
Procedure SSL configuration is done on the Microsoft Windows platform hosting the site. This guide is provided as a courtesy for those who wish to configure SSL with Messaging. For further assistance, consult the professionals at Microsoft and its affiliates. This example shows Windows Server 2008 with IIS 7. 1.From the Windows desktop, click Start > All Programs > Administrative Tools > Server Manager. 2.In the left hand-pane, open Roles, then Web Server (IIS), and select 3.Under Connections, choose the web site. In the Home pane for the site, scroll down to the IIS section and double-click Server Certificates. 4.In the right-hand Actions pane, click Create Certificate Request. 5.Fill in the information for Distinguished Name Properties. Common name: Enter the publicly accessible URL for the site. Organization: Type the corporation name. Organizational unit: Define the department for this certificate. City/locality: Enter the location information. State/province: Enter the location information. Country/region: Enter the location information. Click Next when ready. 6.Choose the Cryptographic service provider and Bit length (2048 or better is recommended) required by the certifying agency. Click Next. 7.Enter the filename and path for the certificate request file. Click Finish. 8.Pass this file to the authority providing the certificate. Make sure that it has the correct file extension specified by the authority. 9.The certifying authority will return the certificate in another file. Save the certificate file on the computer’s hard drive in a known location. 10.In the right-hand Actions pane, click Complete Certificate Request. 11.To
Specify Certificate Authority Response, enter the path to and the filename of the certifying authority’s response from step 9. Click the ellipsis button Enter a user Friendly name to use when referring to this certificate. Click OK when finished. The certificate will be installed for the site. 12.Double-clicking on the Server Certificates icon brings up a list of the certificates installed on the server. The new certificate is listed using its Friendly name. When installing Windows using the unattended installation method what file must be present for this to be successful?An unattended installation is the traditional method of deploying a Windows operating system. Unattended installations use an answer file named Unattend. xml, which contains user input to various GUI dialog boxes that appear during the installation process.
Which security component can be either network or host based?IDS can be either network or host-based. A network-based IDS monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.
Which of the Windows Internet Properties System Utility tabs provides access to proxy settings?Which of the Windows Internet Properties system utility tabs provides access to proxy settings? The Security tab of the Internet Properties utility in Windows allows for imposing restrictions on web content allowed in Microsoft Internet Explorer web browser.
What document is intended to provide guidance on the proper handling of potentially toxic materials?MSDSs should provide general guidance. Also obtain help from a qualified professional who knows how to evaluate the hazards of a specific job, especially those related to very toxic materials, and how to select the proper PPE.
|
Which Windows Control Panel utility allows you to store digital certificates for websites?
zusammenhängende Posts
Urheberrechte © © 2024 toptenid.com Inc.
