Skip to main content
Skip table of contents

UCX on-prem Suite Security Features

Introduction

Imagicle has spent a lot of efforts and developments to achieve a high grade of security in its applications included in the UC Suite. All services, libraries and interfaces to external appliances have been secured and encrypted, thus avoiding any undesired data sniffing.

In this article, we are listing several security features and best practices to achieve a secure environment.

Microsoft Windows OS vulnerabilities

Microsoft is taking good care about its OS vulnerabilities and Microsoft issues several updates and service packs each year to solve security breaches encountered by customers or caused by viruses or malwares. This includes "IIS", which is heavily used by Imagicle as embedded web server for its web portal, mobile apps and clients' gadgets.

That's why we are recommending our customers to run Windows Updates on a regular base, as explained in our Installation Requirements.

Other Microsoft applications and components

Imagicle US Suite embeds a MS-SQL Server Express instance and we always make sure that security updates are always included in our Virtual Appliances and software packages. Consequently, we more and more recommend our partners and customers to keep their Imagicle UC Suite updated to latest software release, to make sure that proper SQL and runtime libraries updates (.NET, C++, ASP, others) are in place.

Imagicle Web Portal and APIs

These are the most risky interfaces that we open to the outside world. Through the web portal and web APIs, there are a number of security breaches which might really cause a lot of damage to customers. For example, you can enter some Javascript commands into a web portal’s field, and those Java instructions might cause undesired data sniffing from SQL or even passwords retrieval.

Imagicle has identified a no-profit foundation called "Open Web Application Security Project" (OWASP) that works mainly to improve the software security. Thousands of OWASP members (including Imagicle) are sharing web-related security issues encountered in their software and, thanks to all contributors, OWASP has compiled a list of the TOP TEN web security breaches which are affecting most of the web accesses worldwide. The list is available here.

Antivirus

Installing an antivirus in Imagicle UC Suite server is indeed a good practice and it prevents malwares to hit operating systems and Imagicle applications. We have described how to configure your antivirus application to protect Imagicle server, without interfering with Imagicle apps performances, in this KB.

Data encryption at rest

As dictated by several worldwide regulations related to data security and privacy, Imagicle offers the possibility to leverage Microsoft BitLocker to encrypt the content of Imagicle UC Suite hard drive.

BitLocker is Microsoft's encryption program that provides full-disk encryption of the hard drives. By utilizing the latest encryption algorithms and leveraging the power and efficiency of modern CPUs, the entire contents of the startup disk are encrypted, preventing unauthorized access to the data stored on the disk, except for those with either the login account to decrypt the disk, or those owning the recovery key.

By enabling BitLocker's whole-disk encryption, data is secured from prying eyes. All attempts to access HD data, physically or over the network, are stopped with either a prompt to authenticate or error messages stating the data cannot be accessed, even when attempting to access data backups, as BitLocker encrypts those too. Please find extensive instructions about how to enable BitLocker in this article.

As an alternative to Microsoft BitLocker, customers can also leverage VMware own disk encryption.

TLS 1.2 Protocol

TLS 1.2 grants a high level of security and encryption to all communications involving web portal and email systems. A detailed article is available here, explaining how to enable such protocol within Imagicle UC Suite.

A specific article is also available to enable secure TLS connection to MS-SQL server. Please read here.

HTTPS Protocol and relevant Digital Certificate

Imagicle can implement HTTPS protocol to access own web portal, XML Phone Services, ECC-Curri web service and other https-based accesses hosted by IIS. You can decide to leverage the existing self-signed Digital Certificate or the certificate issued by your own Domain Controller or a certificate issued by a well-known Certificate Authority. All those cases are fully explained in this article.

Once updated Digital Certificate is in place, you can leverage it to enable encrypted https/XML transactions between Imagicle UC Suite and Cisco Call Manager:

  • Imagicle External Call Control (CURRI ECC) for Phone Lock and Contact Manager's Caller ID. See here.

  • Imagicle Phone Services for Phone Lock, Contact Manager, Call Recording. See here.

Email Server Secure Connections

Imagicle can provide email notifications to user and administrators, related to scheduled reports and alerts generated by Imagicle Monitoring service. Imagicle UC Suite routes email notifications to an existing customer's email server using SMTP protocol, with automatic SSL or TLS negotiation on any TCP port (465, 587, others). See relevant KB here.

Imagicle Digital Fax application supports fax handling through user's email client, allowing email-to-fax and fax-to-email transactions. To enable this feature, Digital Fax leverages above secure SMTP connection to send fax-related email notifications. To send faxes, Digital Fax connects to customer's email server using one of the following protocols, with automatic protocol negotiation:

  • SSL/TLS POP3 on TCP port 995 (or any other)

  • SSL/TLS IMAP4 on TCP port 993 (or any other)

  • EWS using HTTPS on TCP port 443, with Proxy support

EWS basic and Oauth2 authentications are both supported. See relevant articles here and here.

Imagicle Secure Call Recording

Imagicle Call Recording application allows to record encrypted calls, leveraging Secure SIP and TLS audio streams coming from Cisco UCM. To enable Secure Call Recording, you can use the existing, self-signed Certificate included in Imagicle UC Suite server. Please consult this article, explaining how to download the Digital certificate and upload it in CUCM.

Secure SIP configuration for Call Recording is fully explained in this article.

Imagicle Secure Advanced Queuing

Imagicle Advanced Queuing application allows to enable encrypted calls between Cisco UCM and Imagicle server, leveraging Secure SIP and TLS audio streams. To enable Secure Advanced Queuing calls, you can use the existing, self-signed Certificate included in Imagicle UC Suite server. Please consult this article, explaining how to download the Digital certificate and upload it in CUCM.

Secure SIP configuration for Advanced Queuing is fully explained in this article.

Active Directory Secure Connection

As of March 2020, Microsoft has updated security requirements for LDAP connections to Active Directory. So now Secure LDAP (LDAPS) has become mandatory for all LDAP connections to Active Directory. LDAP connections to Active Directory will not work unless Secure LDAP is configured.

Imagicle follows above Microsoft statement and therefore Secure LDAP using SSL on port 636 is automatically enabled for both authentication and users' synchronization. If required, you can still configure non-secure LDAP on port 389, but obviously this is not recommended.

More info are available in this article.

Attendant Console Secure Connection

Starting from 2021.Winter.1 release, Attendant Console connects to UC Suite through a secure, TLS 1.2 encrypted TCP session on port 51235. If required, you can still leverage previous non-secure connection on TCP port 51234.

More info are available in this article.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.