CUCM Backup: How to Backup Cisco Unified Communications Manager

Cisco Unified Communications Manager is a software-based call-processing system developed by Cisco Systems. The software tracks all active VoIP network components including phones, gateways, conference bridges, voicemail boxes and more. Due to the business-critical nature of the system, automated, secure backup is a requirement.

Cisco Systems, Inc. has recommended Titan FTP Server Enterprise Edition as an approved backup server for Cisco Unified Communications Manager. Cisco UCM has the ability to back up sound files to a server using SFTP. Backing up to Titan FTP Server could not be easier or more effective, and can be done by completing two simple tasks:

1. Setting up an SFTP server
2. Configuring Cisco Unified Communications Manager for backup

The steps above are simple and well-documented. SRT offers a Quick Start Guide to assist customers with this process.  The Quick Start Guide is located at:

http://webdrive.com/wp-content/uploads/Configure-Titan-FTP-with-Cisco.pdf

For CUCM Administrators looking for a fully managed, off-site, secure backup solution, SRT offers CUCM Backup as a secure, always online, disaster recovery plan (DRP) ready solution with free Tier-1 support for setup and configuration of your CUCM Backups. With our CUCM Backup Service and free setup support, our experienced team can have you up and running in minutes.

http://www.cucmbackup.com/

For CUCM Administrators looking for an on-premise backup solution, a full-function, 20-day trial of Titan FTP Server enables Cisco UCM (CUCM) customers to configure and test this configuration in their own environments before making a purchase. Once a trial has been configured, all settings are retained for the licensed version. The administrator simply enters the registration code into the trial server to enable the fully licensed version to run. The purchase includes 12 months of maintenance.

Access more information on Titan FTP Server, or download the trial to begin your evaluation.

 

 

CUCM Backup: How to Backup Cisco Unified Communications Manager

Cisco Unified Communications Manager is a software-based call-processing system developed by Cisco Systems. The software tracks all active VoIP network components including phones, gateways, conference bridges, voicemail boxes and more. Due to the business-critical nature of the system, automated, secure backup is a requirement.

Cisco Systems, Inc. has recommended Titan FTP Server Enterprise Edition as an approved backup server for Cisco Unified Communications Manager. Cisco UCM has the ability to back up sound files to a server using SFTP. Backing up to Titan FTP Server could not be easier or more effective, and can be done by completing two simple tasks:

1. Setting up an SFTP server
2. Configuring Cisco Unified Communications Manager for backup

The steps above are simple and well-documented. SRT offers a Quick Start Guide to assist customers with this process.  The Quick Start Guide is located at:

http://webdrive.com/wp-content/uploads/Configure-Titan-FTP-with-Cisco.pdf

For CUCM Administrators looking for an on-premise solution, a free 20-day trial of Titan FTP Server enables Cisco UCM customers to configure and test this configuration in their own environments before making a purchase. Once a trial has been configured, all settings are retained for the licensed version. The administrator simply enters the registration code into the trial server to enable the fully licensed version to run. The purchase includes 12 months of maintenance.

Access more information on Titan FTP Server,  or download the trial to begin your evaluation.

Server Upgrade Best Practices

It may seem mundane, but remembering to do little things, such as upgrading server software from time to time, can make life much more easy and manageable. One simple upgrade can help ensure that you are receiving all the most recent maintenance updates, patches and fixes, and news about your particular product. To make this process run even more smoothly, be sure to follow these best practices for upgrading server software.

•Find out what windows service packs should be applied and apply them.

•Assure that your maintenance is up-to-date and that you are using the correct registration codes for your product as old or outdated registration codes can delay the upgrade process. You can easily find this out by running the “check for program updates” utility in your product’s program group.

• Back up your database/registry/configurations. The backup procedures can be found in the program administrator under HELP… Help Contents… Contents Tab… Configuring Servers… Backing up Servers.

Cornerstone – To back up your database: Use the standard backup functionality built into SQLServer to backup the SQLServer Database. For more information about backing up your SQL Server database, see http://msdn.microsoft.com/en-us/library/ms187510.aspx or contact your SQL Server Administrator. To back up the Cornerstone Registry: Using Regedit – export the Server’s directory under HKEY_LOCAL_MACHINE\SOFTWARE\South River Technologies\Titan FTP Server. Save the .reg file and copy it to your computer (or a new computer). Copy that .reg file to the new computer and then, while on the new computer, double-click on the .reg file to import the information into the registry. Repeat this process for the information stored under HKEY_LOCAL_MACHINE\Software\ODBC\ODBC.INI as this contains information related to the SQLServer connection used by Cornerstone to communicate with your SQLServer Restart the computer for everything to take effect properly. Once you have restarted the new machine, launch your Cornerstone Administrator, and make sure that the IP settings for each server have been changed to the new server address.

Titan – To back up your Titan server configuration, reun RegEdit and export the Server’s directory under HKEY_LOCAL_MACHINE\SOFTWARE\South River Technologies\Titan FTP Server. Notify your users in advance of when the server will be offline so they can plan appropriately.

• Schedule the server upgrade after business hours if possible. If operations are 24X7, it is a good idea to be running in a clustered environment so that you can take a server offline without impact.

• Have a plan for how to roll back if there are any issues with the upgrade.

• Even if you are sure you know what you are doing, it doesn’t hurt to read any instructions or help files that come with the software. You might learn something you did not know.

Don’t forget to keep up with important installs. Following the correct steps can save you from unnecessary stress and keep your operations running smoothly.

FTP vs. SFTP

You have likely heard of FTP (File Transfer Protocol)  and SFTP (Secure File Transfer Protocol), but did you know that there are some major differences between the two? Generally speaking, FTP in its basic form is not secure, whereas the SFTP protocol is used to ensure that file transmission will be secure.

 FTP

File Transfer Protocol (FTP) is a very well-established protocol, developed in the 1970s, and was designed to allow two computers to transfer data over the internet. One computer is the Server and the other is the Client. The FTP protocol typically uses port 21 as its main means of communication. An FTP server will listen for client connections on port 21.

FTP clients will then connect to the FTP server on port 21 and initiate a conversation. This main connection is called the Control Connection or Command Connection. This conversation is performed in plain text, meaning that all communication between the two parties is sent unprotected, verbatim, over the internet. The FTP client will usually authenticate itself with the FTP server by sending over a username and a password, both in plain text. This alone makes FTP very unsecure as it would not be terribly difficult for a third party to steal the users’ credentials.

After the client has authenticated itself with the server, the client will usually begin to transfer files either to the server, or from the server. File Transfers in FTP are typically performed over a second, auxiliary, connection called a ‘data connection.’ The Client and Server will typically, through a series of synchronized commands, negotiate a new common ‘port’ which will be used to transfer the file. Once the new port is negotiated, the new data connection is made between the parties and the file is then transferred. During the file transfer, the original Control Connection will sit idle and wait until the file transfer has completed. Once the transfer has been completed, the control connection is then used to signal the success or failure of a file transfer.

The need for a data connection is one of the main concerns for internet usage recently. For security reasons, companies are limiting the number of ports, or openings, on their publicly facing firewalls. FTP traditionally requires a block of ports to remain open on either the Server firewall or the Client firewall to aid with the creation of data connections. Many companies are refusing to open these ports, causing them to look for a different solution.

Along with file transfers, the client will typically also request directory information from the server. The format of information such as a directory listing is a bit primitive based on today’s standards (as FTP was established in the 1970s), and as such, the FTP client is sometimes only able to retrieve a subset of the attributes which are available on the server.

While generic FTP is not secure, extensions have been added over the years to allow for the securing of FTP conversations using industry standard SSL. FTP/S, as its commonly known, allows for the encryption of both the Control and Data connections either concurrently or independently. This is important because the negotiation of the SSL connection is time consuming, and having to do it twice, once for the Data connection and once for the Control connection, can be expensive if a client plans to transfer a large number of small files.

FTP/S (or FTP over SSL) commonly runs on port 21 and sometimes on port 990. The primary difference between these two ports is that if a client connects to an FTP/S server on port 990, it’s implied that the Client intends to perform SSL and the SSL handshake takes place immediately. Because of this, FTP/S on port 990 is commonly referred to as Implicit FTP/S, since the port number implies security.  FTP clients who connect on port 21 and intend to use SSL for security will need to explicitly state their intentions by sending an AUTH SSL or AUTH TLS command to the server. Once the server receives this command, the two parties perform an SSL handshake and enter a secure state. For this reason, FTP/S on port 21 is commonly referred to as Explicit FTP/S.

SFTP (Secure File Transfer Protocol)

SFTP (Secure File Transfer Protocol) is a relatively new protocol, developed in the 1990s, which allows for the transfer of files and other data over a connection that has previously been secured using the SSH protocol.  While it’s similar to FTP/S in that both protocols communicate over a secure connection, that’s basically where the similarities end.

Unlike FTP, the SFTP protocol is “packet-based” instead of text-based. Where FTP might send a command such as “DELE file.txt,” SFTP would send a binary 0xBC and then “file.txt.” The key difference is that by sending less data, the SFTP protocol is faster over the long-term as less data is crossing the wire.

Another difference is that with SFTP, file transfers are performed in-line over the main Control Connection, thus eliminating the need to open  a separate Data Connection for transfers. This has many benefits. First, by re-using the main Data Connection, there are fewer connections open between the client and the server, i.e., fewer connections through firewalls.

Since SFTP runs over SSH, it’s inherently secure and there is no non-secure version. This is a plus for system administrators who are trying to enforce corporate security policies.

Another difference is that most versions of SFTP are able to deliver a much richer and detailed set of data about the files. FTP is rather bland about the files’ properties, but SFTP allows the user to access the permissions, date, time, size, and other information not normally available to FTP.

These are the inherent differences between FTP and SFTP. WebDrive, which is often used as an FTP client, also supports SFTP. Titan FTP Server Enterprise Edition supports both FTP and SFTP.

What’s the real cost?

The recent data breach at Bethpage Federal Credit Union has compromised 86,000 consumer debit account records.  The breach was the result of a simple human error, and the lack of policies to ensure that such errors would not happen.

This is no small issue forBethpage, given the costs associated with the cleanup:

• Reissuing 86,000 credit cards
• Paying for credit monitoring for the 86,000 customers affected by the breach
• Loss of customers
• Loss of reputation
• Hiring security firms to monitor access to the files

Plus, they still have to put a long-term solution in place to prevent a similar breach from occurring in the future – a solution that they should have had in place a long time ago.  The solution needs to have multiple levels of security, and should ideally make use of all of the following:

1. Disable anonymous access to their servers.  This alone could have potentially prevented the servers from being indexed by Google
2. Use server software that forces selection of strong passwords
3. Install a reverse proxy server outside of their firewall to enable closing inbound ports
4. Encrypt the data on the server
5. Enforce policies about where sensitive data can be posted

These steps are inexpensive and easy to implement, which begs the question:  why weren’t these technologies in place a long time ago?  And if they were, why were internal policies unclear or unknown to employees?  Other credit unions should take heed.  While this data breach shows no indication that data was actually downloaded and used, hackers will certainly take notice and test other credit unions for similar situations.

Implementing an MFT solution like Cornerstone MFT now can save a tremendous amount of expense, effort and embarrassment later.  Cornerstone includes a web interface that can easily be made available to any or all employees who may need to post data on company servers.  A simple policy requiring users to only post sensitive data through this interface would eliminate the possibility that the user will erroneously believe that a server is secure.

Verizon data breach report: Simple and cheap options could help to reduce 63% of data breach incidents

Verizon has published its 2012 data breach report, and as expected, it’s filled with statistics reflecting a wide variety of data breaches, and some comprehensive suggestions for mitigating these risks. The interesting point made by the report is that for 63% of breaches, the tools, procedures and practices required to reduce these risks are “simple and cheap.”

Here are four “simple and cheap” options for reducing the risk of network intrusion:

Putting a firewall in place. A firewall limits the openings into your system, but it doesn’t eliminate them.

Putting a “reverse proxy” in front of your firewall enables you to close the inbound ports and have them opened dynamically from inside of the firewall. Then the inbound requests come as a response on the outbound channel. This “simple and cheap” solution makes it more difficult for “port scanning” software to find a way into your server. Products such as DMZedge Server, which works in conjunction with Cornerstone MFT, address this risk.

Disabling anonymous access. While you may have directories on your server that are available for public access, you are still enabling someone to cross the moat. Ideally, any server with public access should be segmented out of your network and placed in the DMZ. This prohibits public users from ever getting inside. Servers that are inside your network should have anonymous access disabled, requiring a password for access to any information.

Creating intelligent passwords. Your birthdate or the names of your kids or your pets are easily guessable. This risk is typically more of a concern for breaches that are internally initiated, but it’s a good practice in general to avoid using names and dates as your password. Password hacking programs are out there as well, to speed up the process of guessing a password. Having passwords that contain a wider variety of characters will make automated attempts at guessing passwords more difficult. The best practice is to include 1 capital letter, 1 lower case letter (the computer views these as different characters), 1 special character, 1 number, and a length of at least 6 characters – although longer is better. Using software that forces passwords to have these combinations of characteristics is another “simple and cheap” way to increase your overall security.

If breaches are so costly, and these solutions are so simple and cheap, why don’t more companies implement them?

My FTP Server Works Great! Why Should I Change Now?

You’ve been running your favorite FTP server software for years, and it works flawlessly. It’s one of the great things about FTP: it’s a simple protocol that, if implemented correctly, is a file transfer workhorse. The technology isn’t sexy, but it does the job. So what’s the problem with using an FTP server? What’s wrong with FTP?
 
Some of FTP’s bad press is undeserved, for a number of reasons. First is that good implementations of the protocol are plentiful. Whether you use a drive-mapping FTP client like WebDrive, a more traditional FTP client or even command line FTP, you can easily connect to FTP download sites, manage your website or manage your own file distribution center. If you are asking your partners or customers to connect to files that you host on an FTP server, they can easily connect to you with minimal cost and effort. Second is that FTP has been around for a long time. The technology is stable and unchanged. Ease of implementation and stability should be big plusses for anyone thinking about storing files on an FTP server.
 
But what are the downsides?
 
The biggest limitation of FTP is that it’s not inherently secure. Much of FTP’s bad press has been due to the lack of security. When determining whether or not to use FTP for a given application, it’s important to evaluate the confidentiality of the content. If security is a concern, use FTP over SSL or choose another protocol that has the security built in.
 
Another issue is that FTP is not a collaborative protocol. While FTP may be fine for one way transactions, such as simple uploads or downloads, FTP servers are not a good fit for files that will be dynamically updated by multiple users. Here’s the reason why: User 1 downloads a file and adds “hello world” to the end of the file content. There is now a copy on the server and an updated copy on user 1’s PC. At the same time, user 2 downloads the same file and adds “this is a test” to the end of the file content. So there is yet another version of the file on user 2’s PC. When user 1 uploads the file, it overwrites the file on the server, replacing it with the “hello world” version. Now when user 2 uploads the file, it overwrites the “hello world” version with the “this is a test” version. The addition of “hello world” is gone! In collaborative environments, a WebDAV server, or an application that’s based on WebDAV, such as GroupDrive, can lock the file on the server, keeping users from inadvertently overwriting a file while another user is editing it.
 
Good Use Cases for FTP Servers

• Hosting files that are available for public download such as white papers, product specifications, user manuals, software updates, drivers and other support material.
• Hosting non-confidential files that are available for internal users with login credentials. HR forms, employee manuals, templates, etc.
• Backup. It’s relatively easy to backup internal file servers and individual PCs to an FTP server. If some of the content to be backed up is confidential, using FTP over SSL may be recommended.
• Receiving large batches of files from other systems or applications – again, provided that these are not confidential – is easy and inexpensive to implement with FTP.

FTP servers are relatively inexpensive and easy to install. Many Titan FTP Server customers successfully run their servers for years without a single technical support incident. The important thing is to use the right tool for the job.

WebDAV vs. FTP

In many conversations with our customers, I often run into a common question:  “What’s the difference between WebDAV and FTP?”  There seems to be confusion about the differences between the two protocols.  Since SRT’s products support both WebDAV and FTP, I thought it would be a good topic to cover in this week’s blog.

Web-based Distributed Authoring and Versioning (WebDAV), by definition, is a set of extensions to the HTTP (Hypertext Transfer Protocol), which allows users to edit and manage files collaboratively on remote Web servers.  One of the major features in WebDAV is the ability to lock files automatically to prevent data being overwritten by another user.  WebDAV also supports XML properties so users can access data about the file, the author, the date the file was modified and namespace manipulation, which allows resources to be copied or moved.

File Transfer Protocol (FTP) is a simple network protocol based on IP, which allows users to transfer files between computers on the Internet.  FTP service is based on a client/server architecture.  An FTP client program initiates a connection to a remote computer running FTP server software.   Once a connection is established, the client can send and receive copies of files.  To connect to an FTP server, the client typically requires a username and password.  There are also public FTP archives that follow a special convention that accepts a username of “anonymous”.

There are several file transfer protocols available:

FTP – the plain FTP protocol, which has been around since the 1970’s.  It usually runs over TCP port 21, and is not secure.

FTPS – which stands for FTP over TLS/SSL.  It is often called Secure FTP and runs over TCP port 21 or 990.

SFTP – another file transfer protocol that has nothing to do with FTP.  The acronym stands for SSH File Transfer Protocol.  SFTP runs over an SSH session, usually on TCP port 22.  The protocol has been around since the 1990’s.

The FTP protocol supports two modes of data transfer, plain text and binary, and usually defaults to plain text.  Unlike the WebDAV protocol, FTP does not support automatic file locking, which can lead to users accessing the same file and potentially overwriting changes made to that file by the initial user.

SRT’s WebDrive , often used as an FTP client, supports a variety of protocols.  WebDrive can be used as a WebDAV Client to map a drive letter to WebDAV servers, including Sharepoint.  WebDrive also supports SFTP and Amazon S3.   WebDrive is now available as a Mac OSX FTP, SFTP and WebDAV Client.

SRT’s Titan Editions support FTP, SFTP, and FTPS.

A Copy is Always Dangerous – Regardless of Medium

There’s always concern about sending files electronically. Passwords and encryption make us feel more comfortable about the level of file transfer and email security. But the biggest risk of sending out data is the possibility for that data to be misdirected. It’s a far bigger risk than the risk of intentional hacking.

In a different twist on the ever-growing story of inadvertent data breaches, Under Armour has recently suffered a breach through the US Mail. The Baltimore Sun reports that the Under Armour data breach was caused by the company’s auditing firm, PricewaterhouseCooper, mailing an unencrypted thumb drive containing employee information, including Social Security Numbers and salary information. And that thumb drive is now lost in the mail.

Under Armour has acted responsibility with full disclosure of the breach and by offering its employees free credit monitoring. While the worst-case scenario is almost unimaginable, even the best-case scenario is still grim. Whether or not the data is compromised, Under Armour will endure:

• Reduced employee confidence
• Increased stress levels for employees resulting in incalculable decreases in productivity
• The expense of providing credit monitoring for employees
• Management focus on crisis remediation rather than strategic growth for their successful business

And not to mention the negative PR that is generated from this type of a mistake. As with many other businesses who have suffered inadvertent data breaches, the impact on customer and employee trust and the good name of the business is significant. Once an email is sent, a package is dropped in the mail or a file transfer is executed, we lose a little bit (or sometimes a lot!) of control over where that data lands. Millions of emails, hard-copy letters and packages are successfully delivered every day. But when something goes wrong, the results can be catastrophic.

What can you do?

1. Don’t send copies of confidential data through any medium. Keep your data securely on your server, and control who can access it.
2. To simplify access, use a solution that sends an email link that requires the recipient to validate their identity before they can see the data.
3. Keep in mind that a valid recipient can still get data that they are not authorized to see. If the wrong email attachment is sent, it can’t be pulled back. If the file is on a server and sent via link, the file can simply be moved and the link will just return a “not found” message.
4. Files on the server should also be encrypted. This protects the data when it is not in transit.

Mailing a thumb drive does avoid the inherent problems of email with regard to file sizes, but it’s not any more secure. An email that uses a link to a file on the server can address this issue, as well as the issue of potential loss or misdirection. The Cornerstone Managed File Transfer solution has an email security module called MailArmour that addresses all of these issues.

Any time a copy of your data leaves your hands and travels out into the world there are risks. Keeping your data on a server and controlling access is the safest solution.

South River Technologies Announces Strategic Partnership with Aquion

South River Technologies Announces Strategic Partnership with @Aquion Pty : http://tinyurl.com/c6k63bx