Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
1
Replies

CUBE Security Assistance ...?

shamkumar
Level 1
Level 1

‎07-23-2013 11:36 AM - edited ‎03-16-2019 06:30 PM

Hello Experts,

                     We are running our head office on CUBE with 100session sip calls with UCM environment..Recently discovered that there is no security at sip provider side and hackers are hitting lot of traffic on CUBE interface so I was wondering what is the best practice security configuration to prevent rest of traffic on interface other than SIP traffic.

Any sugguestions and sample configuration will be great help and appricatiated please.

We tested by telnet public IP and ports and it is quite very open though.

CUBE is not behind firewall.10Meg Internet straight from provider to CUBE.

Device details:

Model:Cisco CISCO3925

code:c3900-universalk9-mz.SPA.152-4.M1.bin

Interface:

interface GigabitEthernet0/2

description *** SIP Interface To Provider ***

ip address 2XX.XXX.XX.XX 255.255.255.XXX PUBLIC IP

ip flow ingress

ip flow egress

standby delay minimum 30 reload 60

standby version 2

standby 1 ip 2XX.XXX.XX.XX

standby 1 timers 2 6

standby 1 priority 50

standby 1 preempt

standby 1 track 1 decrement 10

ip traffic-export apply TAC size 5000000

duplex auto

speed auto

We have no access list configured.

Thank you.

Labels:
0 Helpful
1 Reply 1

yahsiel2004
Level 7
Level 7

‎07-23-2013 01:04 PM

You should atleast have configured an ACL, to allow traffic to the SIP provider and deny all other traffic. Eventually you will need to find out what ports to allow and disallow to the SIP provider.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

HTH

Regards,

Yosh

HTH Regards, Yosh
0 Helpful
Customers Also Viewed These Support Documents