Home > Store

Securing Cisco IP Telephony Networks

Register your product to gain access to bonus material or receive a coupon.

Securing Cisco IP Telephony Networks

Book

  • Sorry, this book is no longer in print.
Not for Sale

Description

  • Copyright 2013
  • Edition: 1st
  • Book
  • ISBN-10: 1-58714-295-3
  • ISBN-13: 978-1-58714-295-6

The real-world guide to securing Cisco-based IP telephony applications, devices, and networks


Cisco IP telephony leverages converged networks to dramatically reduce TCO and improve ROI. However, its critical importance to business communications and deep integration with enterprise IP networks make it susceptible to attacks that legacy telecom systems did not face. Now, there’s a comprehensive guide to securing the IP telephony components that ride atop data network infrastructures–and thereby providing IP telephony services that are safer, more resilient, more stable, and more scalable.


Securing Cisco IP Telephony Networks provides comprehensive, up-to-date details for securing Cisco IP telephony equipment, underlying infrastructure, and telephony applications. Drawing on ten years of experience, senior network consultant Akhil Behl offers a complete security framework for use in any Cisco IP telephony environment. You’ll find best practices and detailed configuration examples for securing Cisco Unified Communications Manager (CUCM), Cisco Unity/Unity Connection, Cisco Unified Presence, Cisco Voice Gateways, Cisco IP Telephony Endpoints, and many other Cisco IP Telephony applications. The book showcases easy-to-follow Cisco IP Telephony applications and network security-centric examples in every chapter.


This guide is invaluable to every technical professional and IT decision-maker concerned with securing Cisco IP telephony networks, including network engineers, administrators, architects, managers, security analysts, IT directors, and consultants.

  • Recognize vulnerabilities caused by IP network integration, as well as VoIP’s unique security requirements
  • Discover how hackers target IP telephony networks and proactively protect against each facet of their attacks
  • Implement a flexible, proven methodology for end-to-end Cisco IP Telephony security
  • Use a layered (defense-in-depth) approach that builds on underlying network security design
  • Secure CUCM, Cisco Unity/Unity Connection, CUPS, CUCM Express, and Cisco Unity Express platforms against internal and external threats
  • Establish physical security, Layer 2 and Layer 3 security, and Cisco ASA-based perimeter security
  • Complete coverage of Cisco IP Telephony encryption and authentication fundamentals
  • Configure Cisco IOS Voice Gateways to help prevent toll fraud and deter attacks
  • Secure Cisco Voice Gatekeepers and Cisco Unified Border Element (CUBE) against rogue endpoints and other attack vectors
  • Secure Cisco IP telephony endpoints–Cisco Unified IP Phones (wired, wireless, and soft phone) from malicious insiders and external threats

This IP communications book is part of the Cisco Press® Networking Technology Series. IP communications titles from Cisco Press help networking professionals understand voice and IP telephony technologies, plan and design converged networks, and implement network solutions for increased productivity.

Sample Content

Online Sample Chapter

Cisco IP Telephony Security Framework

Sample Pages

Download the sample pages (includes Chapter 4 and Index)

Table of Contents

Introduction xxiii

Part I Introduction to Cisco IP Telephony Security 3

Chapter 1 What Is IP Telephony Security and Why Do You Need It? 3

Defining IP Telephony Security 4

    What Is IP Telephony? 4

    What Is IP Telephony Security? 4

    What Is the Rationale Behind Securing an IP Telephony Network? 6

    What Can You Do to Safeguard Your IP Telephony Network? 7

IP Telephony Security Threats 8

    How Do Hackers Attack an IP Telephony Network? 8

        Foot Printing 9

        Scanning 9

        Enumeration 9

        Exploit 9

        Covering Tracks 10

    What Are IP Telephony Security Threats and Countermeasures? 10

    Threats 11

    Countermeasures 12

An Insight to VoIP Security Tools 12

    IP Telephony Security/Penetration Tools 13

        Sniffing Tools 13

        Scanning and Enumeration Tools 14

        Flooding/DoS Tools 14

        Signaling and Media-Manipulation Tools 15

Business Challenges and Cisco IP Telephony Security Responses 15

    Common Business Challenges Associated with IP Telephony Security 15

    Cisco IP Telephony Security Responses 16

Summary 17

Chapter 2 Cisco IP Telephony Security Building Blocks 19

Introduction to IP Telephony Security Methodology 19

    Understanding the IP Telephony Security Methodology 19

    Demystifying IP Telephony Security Methodology 21

IP Telephony Security Architecture 22

Exploring IP Telephony Security Methodology and Defining Security Architecture 24

    IP Telephony Security Assessment and Security Policy Development 24

    IP Telephony Network Security Implementation 26

        Physical Security 28

        Layer 2 Security 29

        Layer 3 Security 29

        Perimeter Security 30

    IP Telephony Application Security Implementation 31

Defining the IP Telephony Network Components That Should Be Secured 32

    IP Telephony Network Elements That Should Be Secured 32

Summary 34

Chapter 3 What Can You Secure and How Can You Secure It? 35

Layered Security Approach for IP Telephony Security 35

    IP Telephony Layered Security Approach 36

        Case Study 36

    Enabling IP Telephony Security: Layer upon Layer 37

Cisco IP Telephony Security Controls 40

    Discovering IP Telephony Security Controls 40

    Cisco IP Telephony Security Controls 41

        Cisco IP Telephony Network Security Controls 41

        Cisco IP Telephony Device Security Controls 43

        Cisco IP Telephony Application Security Controls 45

        Cisco IP Telephony Endpoint Security Controls 48

Cisco IP Telephony Security Overview 50

    Discovering End-to-End IP Telephony Security 50

    Understanding Each IP Telephony Component and its Relative Security Control 52

        XYZ Headquarters (Main Data Center) 52

        IP Telephony Data Center Security Insight 54

        IP Telephony Remote Data Center Security Insight 54

        IP Telephony Remote Site Security Insight 56

        Telecommuter Solution Security Insight 56

Summary 57

Chapter 4 Cisco IP Telephony Security Framework 59

Cisco IP Telephony Security Life Cycle 60

    Enabling IP Telephony Security 61

        Security and Risk Assessment 61

        IP Telephony Security Policy Development and Enforcement 62

        Planning and Designing 63

        IP Telephony Network and Application Security Deployment 63

        Operate and Manage 64

        Monitor 64

Developing an IP Telephony Security Policy 64

    Building an IP Telephony Security Policy/Strategy In line with Your Corporate Security Policy 64

    Risk Assessment 65

    Components of IP Telephony Security Policy 69

        IP Telephony Security Policy/Strategy 70

        Core IP Telephony Security Policies 72

    Physical Security of IP Telephony Equipment 74

    Physical Security Policy 75

    Local-Area Network Security Policy 76

    Wide-Area Network and Perimeter Security Policy 77

    IP Telephony Server Security Policy 78

    Voice Application Security Policy 79

    Endpoint Security Policy 79

    Conclusion 80

Evaluating Cost of Security–Cost Versus Risk 80

    Cost of Implementing IP Telephony Security 81

    Cost of a Security Breach 81

    How to Balance Between Cost and Risk 82

Determining the Level of Security for Your IP Telephony Network 84

    Case Study 84

        The Riddles Are Over 86

Putting Together All the Pieces 87

    IP Telephony Security Framework 87

Summary 92

Part II Cisco IP Telephony Network Security 93

Chapter 5 Cisco IP Telephony Physical Security 95

IP Telephony Physical Security 95

    What Is IP Telephony Physical Security All About? 96

Physical Security Issues 97

    Restricting Access to IP Telephony Facility 97

        Securing the IP Telephony Data Center Perimeter 98

        IP Telephony Data Center Internal Security 99

    Personnel Training 100

    Disaster Recovery and Survivability 100

Locking Down IP Telephony Equipment 101

Environmental Factors 102

Summary 103

Chapter 6 Cisco IP Telephony Layer 2 Security 105

Layer 2 Security Overview 105

    Cisco IP Telephony Layer 2 Topology Overview 106

    Why Bother with Layer 2 Security? 107

IP Telephony Layer 2 Security Issues and Mitigation 108

    VLAN Hopping Attack and Mitigation 109

        Attack Details 109

        Mitigation 111

    Spanning Tree Protocol (STP) Manipulation 112

        Attack Details 112

        Mitigation 112

    DHCP Spoofing 113

        Attack Details 113

        Mitigation 114

    ARP Spoofing 114

        Attack Details 115

        Mitigation 116

    MAC Address Spoofing Attack 116

        Attack Details 116

        Mitigation 117

    IP Spoofing Attack 119

        Attack Details 119

        Mitigation 120

    CAM Table Overflow and DHCP Starvation Attack 120

        Attack Details 121

        Mitigation 122

Dealing with Rogue Endpoints: 802.1x 123

    What Is 802.1x and How Does it Work? 123

    EAP Authentication Methods 125

    802.1x for IP Telephony 126

Layer 2 Security: Best Practices 131

Summary 133

Chapter 7 Cisco IP Telephony Layer 3 Security 135

Layer 3 Security Fundamentals: Securing Cisco IOS Routers 136

Cisco IOS Platform Security 136

Restricting Management Access 137

    Securing the Console Port 138

    Securing the Auxiliary Port 139

    Securing the VTY Ports 139

    Securing the HTTP Interface 140

Disabling Unnecessary IOS Services 142

    Small Services 142

    Finger Service 143

    BootP 143

    Cisco Discovery Protocol (CDP) 143

    Proxy ARP 145

    Directed Broadcast 146

    Source Routing 147

    Classless Routing 148

    Configuration Autoloading 148

    Securing TFTP 149

Securing Routing Protocols 150

    Routing Information Protocol v2 (RIPv2) 151

    Enhanced Interior Gateway Routing Protocol (EIGRP) 152

    Open Shortest Path First (OSPF) 152

    Border Gateway Protocol (BGP) 153

Securing Hot Standby Routing Protocol (HSRP) 153

Safeguarding Against ICMP Attacks 154

    ICMP Unreachables 154

    ICMP Mask Reply 154

    ICMP Redirects 154

    Constraining ICMP 155

Securing User Passwords 156

Controlling User Access and Privilege Levels 157

    Enabling Local Authentication and Authorization 157

    Enabling External Server-based Authentication, Authorization, and Accounting (AAA) 158

        Configuring Cisco TACACS+ Based Authentication 158

        Configuring Cisco TACACS+ Based Authorization 159

        Configuring Cisco TACACS+ Based Accounting 159

Antispoofing Measures 160

    RFC 2827 Filtering 161

    Unicast Reverse Packet Forwarding (uRPF) 162

Router Banner Messages 163

Securing Network Time Protocol (NTP) 164

Blocking Commonly Exploited Ports 165

Extending Enterprise Security Policy to Your Cisco Router 165

    Password Minimum Length 165

    Authentication Failure Rate 166

    Block Logins 166

    Disable Password Recovery 166

Layer 3 Traffic Protection–Encryption 168

Layer 3 Security–Best Practices 168

Summary 169

Chapter 8 Perimeter Security with Cisco Adaptive Security Appliance 171

IP Telephony Data Center’s Integral Element: Cisco Adaptive Security Appliance 172

    An Introduction to Cisco ASA Firewall 172

        Cisco ASA Firewall and OSI layers 174

    Cisco ASA Basics 175

        Cisco ASA: Stateful Firewall 175

        Cisco ASA Firewall: Interfaces 175

        Cisco ASA Firewall: Security Levels 177

        Cisco ASA: Firewall Modes 179

        Cisco ASA: Network Address Translation 180

        Cisco ASA: UTM Appliance 180

        Cisco ASA: IP Telephony Firewall 181

Securing IP Telephony Data Center with Cisco ASA 182

    Case Study: Perimeter Security with Cisco ASA 184

        Cisco ASA QoS Support 186

        Firewall Transiting for Endpoints 186

        Cisco ASA Firewall (ACL Port Usage) 188

    Introduction to Cisco ASA Proxy Features 201

Cisco ASA TLS Proxy 203

Cisco ASA Phone Proxy 212

Cisco VPN Phone 222

    Cisco VPN Phone Prerequisites 223

    Implementing VPN Phone 224

Remote Worker and Telecommuter Voice Security 227

Summary 231

Part III Cisco IP Telephony Application and Device Security 233

Chapter 9 Cisco Unified Communications Manager Security 235

Cisco Unified Communications Manager (CUCM) Platform Security 236

    CUCM Linux Platform Security 237

Certificate-Based Secure Signaling and Media: Certificate Authority Proxy Function 238

    Enabling CUCM Cluster Security: Mixed-Mode 240

Security by Default (SBD) 249

    TFTP Download Authentication 249

    TFTP Configuration File Encryption 250

    Trust Verification Service (Remote Certificate and Signature Verification) 251

Using External Certificate Authority (CA) with CAPF 253

Using External Certificate Authority (CA) with Cisco Tomcat 256

Enabling Secure LDAP (LDAPS) 258

    Enabling Secure LDAP Connection Between CUCM and Microsoft Active Directory 259

Securing IP Phone Conversation 261

    Securing Cisco IP Phones 262

    Identifying Encrypted and Authenticated Phone Calls 264

    Securing Third-Party SIP Phones 264

    Configuring Third-Party SIP Phone 267

Secure Tone 267

CUCM Trunk Security 271

    ICT and H.225 (Gatekeeper Controlled) Secure Trunks 271

    SIP Trunk Security 273

    Inter Cluster Trunk Security 275

    SME Trunk Security 275

Trusted Relay Point (TRP) 277

Preventing Toll Fraud 279

    Partitions and Calling Search Spaces 280

    Time of Day Routing 280

    Block Off-Net to Off-Net Transfers 281

    Conference Restrictions 281

    Calling Rights for Billing and Tracking 281

    Route Filters for Controlled Access 282

    Access Restriction for Protocols from User VRF 282

    Social Engineering 282

Securing CTI/JTAPI Connections 283

    JTAPI Client Config 285

Restricting Administrative Access (User Roles and Groups) 286

Fighting Spam Over Internet Telephony (SPIT) 288

CUCM Security Audit (Logs) 290

    Application Log 291

    Database Log 291

    Operating System Log 291

    Remote Support Accounting Log 292

        Enabling Audit Logs 292

        Collecting and Analyzing CUCM Audit Logs 294

    Analyzing Application Audit Logs 294

Single Sign-On (SSO) 295

    SSO Overview 296

    System Requirements for SSO 296

    Configuring OpenAM SSO Server 297

    Configuring Windows Desktop SSO Authentication Module Instance 300

    Configure J2EE Agent Profile on OpenSSO Server 301

    Configuring SSO on CUCM 303

    Configuring Client Machine Browsers for SSO 306

        Internet Explorer 306

        Mozilla Firefox 306

Summary 307

Chapter 10 Cisco Unity and Cisco Unity Connection Security 309

Cisco Unity/Unity Connection Platform Security 310

    Cisco Unity Windows Platform Security 311

        OS Upgrade and Patches 311

        Cisco Security Agent (CSA) 311

        Antivirus 312

        Server Hardening 312

    Cisco Unity Connection Linux Platform Security 313

Securing Cisco Unity/Unity Connection Web Services 313

    Securing Cisco Unity Web Services (SA, PCA, and Status Monitor) 313

    Securing Cisco Unity Connection Web Services (Web Administration, PCA, and IMAP) 317

Preventing Toll Fraud 317

Secure Voicemail Ports 318

    Cisco Unity: Secure Voicemail Ports with CUCM (SCCP) 319

    Cisco Unity: Authenticated Voicemail Ports with CUCM (SIP) 321

    Cisco Unity Connection: Secure Voicemail Ports with CUCM (SCCP) 323

    Cisco Unity Connection: Secure Voicemail Ports with CUCM (SIP) 324

Secure LDAP (LDAPS) for Cisco Unity Connection 327

Securing Cisco Unity/Unity Connection Accounts and Passwords 327

    Cisco Unity Account Policies 327

    Cisco Unity Authentication 329

    Cisco Unity Connection Account Polices 330

Cisco Unity/Unity Connection Class of Service 331

    Cisco Unity Class of Service (and Roles) 331

    Cisco Unity Connection Class of Service (and Roles) 331

Cisco Unity/Unity Connection Secure Messaging 332

Cisco Unity Secure Messaging 332

    Cisco Unity Connection Secure Messaging 334

    Cisco Unity/Unity Connection Security Audit (Logs) 335

Cisco Unity Security Audit 335

    Cisco Unity Connection Security Audit 337

Cisco Unity Connection Single Sign-On (SSO) 338

Summary 338

Chapter 11 Cisco Unified Presence Security 339

Securing Cisco Unified Presence Server Platform 339

    Application and OS Upgrades 340

    Cisco Security Agent (CSA) 340

    Server Hardening 340

Securing CUPS Integration with CUCM 341

Securing CUPS Integration with LDAP (LDAPS) 345

Securing Presence Federation (SIP and XMPP) 345

    CUPS SIP Federation Security 347

        Intra-Enterprise/Organization Presence SIP Federation 347

        Inter-Enterprise/Organization Presence SIP Federation 354

        CUPS XMPP Federation Security 364

Cisco Unified Personal Communicator Security 368

    Securing CUPC LDAP Connectivity 368

    Securing CUPC Connectivity with Cisco Unified Presence 370

    Securing CUPC Connectivity with CUCM 371

    Securing CUPC Connectivity with Voicemail (Cisco Unity/Unity Connection) 372

Summary 375

Chapter 12 Cisco Voice Gateway Security 377

Cisco Voice Gateway Platform Security 377

Preventing Toll Fraud on Cisco Voice Gateways 378

    Call Source Authentication 378

    Voice Gateway Toll Fraud Prevention by Default 379

    Class of Restriction (COR) 380

    Call Transfer and Forwarding 383

Securing Conference Resources 384

Securing Voice Conversations on Cisco Voice Gateways 390

    Configuring MGCP Support for SRTP 391

    Configuring H.323 Gateway to Support SRTP 394

    Configuring SIP Gateway to Support SRTP 396

Securing Survivable Remote Site Telephony (SRST) 399

Monitoring Cisco Voice Gateways 402

Summary 403

Chapter 13 Cisco Voice Gatekeeper and Cisco Unified Border Element Security 405

Physical and Logical Security of Cisco Gatekeeper and Cisco Unified Border Element 405

Gatekeeper Security–What Is It All About? 406

Securing Cisco Gatekeeper 406

    Restricted Subnet Registration 407

    Gatekeeper Accounting 407

    Gatekeeper Security Option 410

    Gatekeeper Intra-Domain Security 410

    Gatekeeper Inter-Domain Security 411

    Gatekeeper HSRP Security 413

Cisco Unified Border Element Security 414

    Filtering Traffic with Access Control List 416

    Signaling and Media Encryption 416

    Hostname Validation 417

    Firewalling CUBE 417

    CUBE Inherited SIP Security Features 418

Summary 420

Chapter 14 Cisco Unified Communications Manager Express and Cisco Unity

Express Security 421

Cisco Unified Communications Manager Express Platform Security 422

Preventing Toll Fraud on Cisco Unified Communications Manager Express 422

    After-Hours Calling Restrictions 422

    Call Transfer Restriction 423

    Call Forward Restriction 424

    Class of Restriction 425

Cisco Unified CME: AAA Command Accounting and Auditing 425

Cisco IOS Firewall for Cisco Unified CME 426

Cisco Unified CME: Securing GUI Access 426

Cisco Unified CME: Strict ephone Registration 427

Cisco Unified CME: Disable ephone Auto-Registration 428

Cisco Unified CME: Call Logging (CDR) 428

Cisco Unified CME: Securing Voice Traffic (TLS and SRTP) 429

Securing Cisco Unity Express Platform 435

Enabling AAA for Cisco Unity Express 437

Preventing Toll Fraud on Cisco Unity Express 438

Cisco Unity Express: Secure GUI Access 440

Summary 440

Chapter 15 Cisco IP Telephony Endpoint Security 441

Why Is Endpoint Security Important? 442

Cisco Unified IP Phone Security 443

    Wired IP Phone: Hardening 443

        Speakerphone 444

        PC Port 445

        Settings Access 445

        Gratuitous Address Resolution Protocol ARP (GARP) 445

        PC Voice VLAN Access 445

        Video Capabilities 446

        Web Access 446

        Span to PC Port 446

        Logging Display 447

        Peer Firmware Sharing 447

        Link Layer Discovery Protocol: Media Endpoint Discover (LLDP-MED) Switch Port 447

        Link Layer Discovery Protocol (LLDP) PC Port 447

    Configuring Unified IP Phone Hardening 447

    Wired IP Phone: Secure Network Admission 448

    Wired IP Phone: Voice Conversation Security 448

    Wired IP Phone: Secure TFTP Communication 449

Cisco Unified Wireless IP Phone Security 449

    Cisco Wireless LAN Controller (WLC) Security 450

    Cisco Wireless Unified IP Phone Security 454

    Hardening Cisco Wireless IP Phones 454

        Profile 455

        Admin Password 455

        FIPS Mode 456

    Securing a Cisco Wireless IP Phone 456

    Securing Cisco Wireless Endpoint Conversation 456

    Securing Cisco Wireless Endpoint Network Admission 457

        Using Third-Party Certificates for EAP-TLS 457

    Wireless IP Phone: Secure TFTP Communication 463

Securing Cisco IP Communicator 463

    Hardening the Cisco IP Communicator 464

    Encryption (Media and Signaling) 465

    Enable Extension Mobility for CIPC 466

    Lock Down MAC Address and Device Name Settings 467

    Network Access Control (NAC)-Based Secured Network Access 469

    VLAN Traversal for CIPC Voice Streams 469

Summary 470

Part IV Cisco IP Telephony Network Management Security 471

Chapter 16 Cisco IP Telephony: Network Management Security 473

Secure IP Telephony Network Management Design 473

    In-Band Network Management 474

        Securing In-Band Management Deployment 475

    Out-of-Band (OOB) Network Management 475

        Securing OOB Management Deployment 476

    Hybrid Network Management Design 477

        Securing a Hybrid Network Management Deployment 477

Securing Network Management Protocols 478

Secure Network Monitoring with SNMPv3 479

    Cisco IP Telephony Applications with SNMPv3 Support 480

    SNMP for Cisco IOS Routers and Switches 483

    SNMP Deployment Best Practices 485

Syslog 485

    Secure Syslog for IP Telephony Applications 486

    Configuring Syslog in Cisco Network Devices (Cisco IOS Devices and Cisco ASA) 488

        Cisco IOS Devices Syslog 488

        Cisco ASA Firewall Syslog 489

    Syslog Deployment Best Practices 490

Secure Shell (SSH) 491

    Configuring SSH on IOS Devices 492

    Enabling SSH Access on Cisco ASA 494

    SSH Deployment Best Practices 495

HTTP/HTTPS 495

    Enabling Cisco CP for Cisco IOS Routers 496

    Enabling Cisco ASA ASDM 498

    HTTPS Deployment Best Practices 500

Securing VNC Management Access 500

    VNC Deployment Best Practices 501

Securing Microsoft Remote Desktop Protocol 501

    Configuring IP Telephony Server for Accepting Secure RDP Connections 502

    Configuring RDP Client for Initiating Secure RDP Session 504

    RDP Deployment Best Practices 506

TFTP/SFTP/SCP 507

    TFTP/SFTP/SCP Deployment Best Practices 508

Managing Security Events 508

    The Problem 508

    The Solution 509

    Cisco Prime Unified Operations Manager (CUOM) 512

    Cisco Prime Unified Service Monitor (CUSM) 513

    Cisco Unified Service Statistics Manager (CUSSM) 514

    Cisco Prime Unified Provisioning Manager (CUPM) 515

Summary 515

Part V Cisco IP Telephony Security Essentials 517

Appendix A Cisco IP Telephony: Authentication and Encryption Essentials 519

Appendix B Cisco IP Telephony: Firewalling and Intrusion Prevention 551

Glossary 585

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020