The topic lists some considerations related to integrating Cisco Unity Connection with Cisco Unified Communications Manager and to securing Cisco Unity Connection to prevent toll fraud.
- The extension that is configured in Cisco Unity Connection can be four digits or +E.164 and should equal the dialed number in Cisco Unified Communications Manager.
- MWI is sent only to the configured extension in Cisco Unity Connection, not to alternate extensions.
- Class of service
- The CSS on the voicemail ports or SIP trunk should be restricted.
- The restriction can be combined with restriction tables on Cisco Unity Connection.
- Harden the PINs and use the lockout mechanism.
- When authentication is used, the LDAP security policies are applied.
When the extensions on Cisco Unified Communications Manager are configured as +E.164 numbers, use the same numbers in Cisco Unity Connection. If these extensions do not match, MWI is not turned on for new voice messages.
To prevent toll fraud, configure the CSS on the voicemail ports or SIP trunk to disallow, for example, international calls. This restriction can be combined with restriction tables in Cisco Unity Connection.
In addition, you can prevent the misuse of voice mailboxes by hardening the PINs. Brute-force attacks may allow hackers to transfer themselves to international or premium numbers, generating high phone bills. Define security policies in your company for PIN and password selection. Use mailbox locking after the PIN is entered incorrectly three times, for example. When LDAP authentication is used, the LDAP server security policies apply for the password instead of the Cisco Unity Connection password policies.