Cybersecurity is an integral component of your IT infrastructure.
This includes your VOIP phone system.
Cisco BE6K not only offers businesses with reliable voice, video, mobility, and messaging services for businesses with fewer than 1,000 users, but it does so securely.
(You can find lots of information about BE6K in our Learning Center.)
Cisco Business Edition 7000 (BE7K) effectively has the same function as BE6K, but it is for businesses with more than 1,000 users.
Regardless of if your business is big or small, at The KR Group, we know from working with a wide range of businesses that one of your top concerns about installing a new phone system is how secure it is.
We’re here to assure you that BE6K is secure. In fact, Cisco takes a comprehensive approach to security in the following areas:
- Admin credentials
- Voice operating system
- Other security concerns
These are some of the most important areas when it comes to BE6K and BE7K security and should answer many of your concerns.
Secure hardware with BE6K and BE7K
When it comes to your hardware’s security, there are a couple of things to consider.
1. The physical security of your hardware
All hardware should be securely stored in a locked IT closet. This prevents someone from walking in or an unauthorized employee from tampering with your hardware.
2. Set up security
Beyond the physical security, each server has a dedicated setup for out-of-band management (remote access).
CIMC (Cisco’s integrated management console) allows you to control everything about the server unless it has to do with the physical hardware, such as unplugging the device or connecting network cables.
The amount of control you have with the hardware means you also need security for logging into these controls.
Secure administrative credentials with BE6K and BE7K
Cisco BE6K and BE7K automatically come with non-secure admin credentials, and the administrator will need to change the password to make it more secure.
You should also consider using a company-wide password policy, which encompasses your phone system.
Some tips for strong, hard-to-crack passwords include:
- Use multiple characters and mix it up with uppercase and lowercase letters, numbers, and symbols
- Don’t reuse passwords on multiple accounts
- Avoid easy-to-guess passwords
- Don’t use obvious personal information as a password, such as addresses, birthdays, anniversaries, relatives’ names
You can also tie log admin credentials to an outside Active Directory with passwords that follow the same tips.
Secure firmware with BE6K and BE7K
Another important security component is keeping your firmware updated.
Since firmware is responsible for the low-level control of a device (such as your servers or desk phones), updates are imperative. When an update comes out for your firmware, it often is to address a security gap and keep your environment safe.
Cisco does their part to ensure these security gaps are addressed, but it is up to you to make sure the updates are installed.
VMware security with BE6K and BE7K
In most environments, businesses run BE6K or BE7K on VMWare, which means the security concerns of this hypervisor are just as valid as they are with any other use.
Your VMware environment will have a default password, but you’ll want to replace it using the password tips we discussed earlier. You can also consider other authentication means to complement your password.
Other security measures to consider with VMware include:
- Staying current with VMware security patches, which are meant to address gaps or vulnerabilities
- Placing CIMC and VMWare levels in isolated networks which only admin teams can access
Secure voice operating system with BE6K and BE7K
With BE6K and BE7K, you’re using Unified Communications Manager for your voice operating system.
This needs to be secured as well.
If you want to login to the command line or GUI, SSL certificates, back-ups, etc., you’ll need a separate set of credentials.
The reason behind this is because this component needs to be closely guarded. Having just one user ID – and choosing carefully who has access to this information – you have greater control.
Other security concerns with BE6K and BE7K
Before we wrap up our BE6K or BE7K security conversation, there are a few things we should note:
1. You may want to consider encrypted voice traffic.
If an attacker does infiltrate your network, encrypting your data prevents them from making sense of the data.
You also have the option to encrypt voice traffic to prevent snooping.
2. Back-ups serve as a last line of defense against disaster.
Whether it is a natural disaster or a malware attack, if your data is lost or damaged, you’ll want a way to recover it.
This is true for all systems within your network, including your phone system.
3. SSL certificates provide authentication.
Another security measure included in BE6K and BE7K is self-signed security certificates.
These SSLs aren’t automatically validated, but you’re able to use an internal or external certificate authority to validate them.
Choosing Cisco BE6K or BE7K
Being concerned about security means you want to be vigilant about your IT environment.
When it comes to an on-premises VOIP phone system, Cisco BE6K and BE7K address security on multiple fronts, including hardware, administrator credentials, firmware, VMware, and voice operating systems.
With these security concerns addressed, we encourage you to take a look at some of our other articles on Cisco BE6K: