Presentation is loading. Please wait.

Presentation is loading. Please wait.

TOI: FIPS 140-2 compliance Unity Connection 8.6 Mike Canfield- Test engineer Yolanda Liu – Dev engineer.

Published byElfreda Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "TOI: FIPS 140-2 compliance Unity Connection 8.6 Mike Canfield- Test engineer Yolanda Liu – Dev engineer."— Presentation transcript:

1 TOI: FIPS 140-2 compliance Unity Connection 8.6 Mike Canfield- Test engineer Yolanda Liu – Dev engineer

2 What is FIPS 140-2 Federal Information Processing Standards Publication 140-2 Security requirements for Cryptographic Modules Unity Connection uses FIPS compliant crypto libraries Literally restricts which ciphers and algorithms can be used Detects if libraries have been tampered with and halts system

3 Enabling/Disabling FIPS mode Enable FIPS in CLI with the following command: Disable FIPS in CLI with the following command: Command only applies to the current server. To enable FIPS on all the servers in the cluster, run the CLI command on each server. IMPORTANT: enable/disable FIPS on the next server only when the current server has come back up in FIPS mode. admin:utils fips enable admin:utils fips disable

4 FIPS status Status check in CLI with the following command: Returns the current FIPS mode If the system is in FIPS mode the status of the FIPS 140-2 components startup self-tests and integrity check. admin:utils fips status

5 Fresh install Install system Enable FIPS Configure system as normal

6 Pre-existing telephony systems Secure ports: SCCP or SIP Edit 4/28/2011: You need to regenerate the root certificate for non-secure telephony integrations too. 1.Regenerate root certificate 2.Upload root cert to CUCM 3.Restart CallManager service on CUCM 4.Restart Conversation Manager service on Unity Connection 5.Confirm ports are registered Relevant logs for troubleshooting: CuCsMgr CuMixer Tomcat When examining logs look for: SSL, openssl, SSH, type errors

7 Unified Messaging Service Set Web-based Authentication Mode from "NTLM/Digest" to "Basic“ Use "test" button IMPORTANT: Because “Basic” is used, an IPsec policy must be configured to be secure/FIPS compliant Relevant logs for troubleshooting: CuMbxSync CuCsMgr Tomcat When examining logs look for: SSL, openssl, SSH, type errors

8 Other IPSec dependencies Please refer to Unity Connection 8.6 documentation Edit 4/28/2011- As an FYI: Digital Networking – Secure messaging will be protected by IPsec across diginet UM service (unlikely FIPS systems will have this enabled) Speechview (unlikely FIPS systems will have this enabled)

9 Troubleshooting If the FIPS integrity and self-tests testing fails during boot up, the system halts. Users can try a reboot to check if the condition is a temporary problem. If the issue persists, only option is to decommission the server or use a recovery CD. It’s very unlikely but FIPS modules can fail FIPS checks during run time. In this case, the client application will likely core. If a restart doesn’t fix the problem, Cisco will need to take a closer look. Anything dealing with encryption could potentially be impacted by FIPS. If this is suspected, disable FIPS mode and attempt to reproduce the issue to determine possible relationship.

10 References Other Cisco FIPS 140-2 TOI http://wwwin- eng.cisco.com/Eng/VTG/IPCBU/CUCM/CallManager_MontBlanc/Presentations/FIPS_TOI.pptx http://wwwin- eng.cisco.com/Eng/VTG/IPCBU/CUCM/CallManager_MontBlanc/Presentations/MontBlanc_I R2_UCR2008_FIPS_PKI-IA_IPSec_Auth_TOI.pptx FIPS 140-2 General information http://en.wikipedia.org/wiki/FIPS_140-2 http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

Download ppt "TOI: FIPS 140-2 compliance Unity Connection 8.6 Mike Canfield- Test engineer Yolanda Liu – Dev engineer."

Similar presentations

Dexter Team IPv6 in Connection 8.5.

Dexter Team IPv6 in Connection 8.5.
TOI - Refresh Upgrades in Cisco Unity Connection 8.6

TOI - Refresh Upgrades in Cisco Unity Connection 8.6
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Chapter 16 Chapter 16: Troubleshooting. Chapter 16 Learning Objectives n Develop your own problem-solving strategy n Use the Event Viewer to locate and.

Chapter 16 Chapter 16: Troubleshooting. Chapter 16 Learning Objectives n Develop your own problem-solving strategy n Use the Event Viewer to locate and.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Click to add text SAP XBP 3.0 exploitation TWS Education + Training.

Click to add text SAP XBP 3.0 exploitation TWS Education + Training.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Ch. 5 – Access Points. Overview Access Point Connection.

Ch. 5 – Access Points. Overview Access Point Connection.
Security Enhanced Linux (SELinux)

Security Enhanced Linux (SELinux)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Backup, Restore, and Server Replacement Josh Rose UCBU Software Engineer.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Similar presentations

Ads by Google