An important aspect in planning of your UCX system's configuration are security considerations.
The first security aspect that you must consider is the exposure of the UCX system to the public Internet. You should not expose the UCX system to the public network more than what is absolutely necessary. If you have no users who must access the UCX system remotely, you should not expose the system to public network at all. If you plan to support remote users, you should first consider the use of VPN for these users. If using VPN is not acceptable (or applicable) for some reasons, you should make publicly accessible only those services that are really necessary.
If you decide to allow the access to certain services of the UCX system from the public network, you must make all necessary precautions to safeguard these services. Specific measures are beyond the scope of this section.
The second most important security aspect that should be reviewed as part of your planning are passwords for
You should use the following common guidelines for passwords:
As the very first step in the configuration of your UCX system, you should change the password of the admin account. The UCX Web-based Configuration Utility presents a page where you can change this password when you enter the utility for the first time. We strongly recommend you to use a strong password for this account because the password provides full access to the UCX Web-based Configuration Utility as well as the Linux system's admin account.
You could also prepare a list of additional user accounts for access to the UCX Web-based Configuration Utility and configuration areas to which these user accounts should have access.
You should decide what strategy you will use when generating passwords for SIP extensions. Typically, these passwords must be entered only once and then they are stored in the SIP phone configuration files or in the phones' non-volatile memory. As the user does not have to remember or enter the password every time, there should be no reason to provide simple or easy to remember password for SIP extensions. We recommend the use of strong passwords that are different for each SIP extension (for example randomly generated passwords). This practice can be a very good safeguard against attempts to hack your SIP accounts using brute force methods when you support remotely connected SIP users.
On the UCX system, the voicemail password can be used for more than just the access to the user's mailbox. This password can be also used to access the UCX User Portal that provides a number of features including the following:
From the feature list above, it is obvious that even voicemail passwords must not be simple, common to all mailboxes or easy to guess. We recommend the use of at least 6 digits for voice mail passwords and avoiding repetitions, sequences or easy to guess numbers such as various dates.