cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
518
Views
0
Helpful
4
Replies

IPT hacking Prevention

waqas sardar
Level 1
Level 1

Dear Team,

 

We need to secure Cisco IPT setup, Please advise to security for 

-cisco cucm 11.x

-cisco unity 11.x

-cisco Presence 11.x

-cisco auto attendant 

- Sip voice gateway from call hacking 

 

Thanks

4 Replies 4

Start with SRND. This should be good start

Dennis Mink
VIP Alumni
VIP Alumni

A quick one can be to put a CSS on a SIP trunk for incoming calls to only allow calls to onnet partitions, so as not to allow offnet>>ofnet calls.

 

do the same on your VCS trunk if you have it, because VCS;s are even more prone to attacks

Please remember to rate useful posts, by clicking on the stars below.

Leonardo Santana
Spotlight
Spotlight

Hello,

 

Take look here, there is a lot of information:

 

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Collaboration/enterprise/11x/116/collbcvd/security.html#pgfId-1079752

 

Regards

 

Leonardo Santana

Regards
Leonardo Santana

*** Rate All Helpful Responses***

mikeleebrla
Level 1
Level 1

In addition to the suggestions mentioned by others, make sure that your SIP gateway only allows connections from trusted IPs (generally this would be your CUCM servers, and your ITSP's IPs.

 

This is done by the following commands:

voice service voip
 ip address trusted list
  ipv4 172.30.X.X
  ipv4 99.30.X.X

 

Also make sure that the Calling Search Space that your Unity voice mail ports use don't have access to the PSTN. Doing so prevents an attacker from accessing a user's weak voicemail PIN to access their voicemail box, and then changing their transfer rules to forward all calls do that number to an internatioinal number.  Unity *might* need access to the PSTN depending on your setup, but it's rare and usually not needed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: