The following table shows appropriate dial plan

Info icon This preview shows pages 51–54. Sign up to view the full content.

View Full Document Right Arrow Icon
The following table shows appropriate dial plan security levels depending on whether MTLS, SRTP, or both are enabled or disabled. Table 1. VoIPSecurity Values for Various Combinations of Mutual TLS and SRTP Security Level Mutual TLS SRTP Unsecured Disabled Disabled 47
Image of page 51

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide Security Level Mutual TLS SRTP SIPSecured Enabled (required) Disabled Secured Enabled (required) Enabled (required) When integrating Exchange UM with Lync Server 2010, you need to select the most appropriate dial plan security level for each voice profile. In making this selection, you should consider the following: MTLS between Exchange UM and Lync Server is the default configuration. Therefore, the dial plan security level of SIPSecured or Secured is recommended. The use of SIP dial plans with a security level of Unsecured is not supported. If you set the dial plan security to SIPSecured, SRTP is disabled. In this case, the Microsoft Lync 2010 client encryption level must be set to rejected or optional. If you set the dial plan security to Secured, SRTP is enabled and required by Exchange UM. In this case, the Lync 2010 client encryption level must be set to optional or required. Survivable Branch Appliance Security If you deploy a Survivable Branch Appliance for branch-site resiliency, you should take steps to reduce the threat of theft or other malicious access. If a Survivable Branch Appliance is compromised, you should have a plan to reduce the threat to your deployment, including taking the following steps: Revoke the branch Registrar and Mediation Server certificate from the issuing certificate authority. Remove the Survivable Branch Appliance account from Active Directory Domain Services. Remove the Survivable Branch Appliance from the trusted server list by running Topology Builder and remove the Survivable Branch Appliance from the topology, and then publishing the revised topology. Block the FQDN of the Survivable Branch Appliance so it cannot connect through your Edge Servers. Securing Clients for Lync Server 2010 When you configure clients prior to deploying an Microsoft Lync Server 2010 network, take the following recommended measures to enhance client security: Use Windows 7, Windows Vista, or Windows XP with the latest service pack. Configure client policies for media encryption and other functionality. Some of these key policies are client bootstrapping policies that specify, for example, the default servers and security mode that the client should use until sign-in is complete. Because these policies take effect before the client signs in and begins receiving in-band provisioning settings from the server, they must exist in the client computer’s registry before initial sign-in. You can use Group Policy to configure these policies. There are also certain settings that you should configure by using Lync Server Management Shell before client deployment. For details 48
Image of page 52
Microsoft Lync Server 2010 Security Guide about these policies and settings, see Key Client Policies and Settings in the Planning documentation.
Image of page 53

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 54
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern