cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
303
Views
0
Helpful
4
Replies
waqas sardar
Beginner

IPT hacking Prevention

Dear Team,

 

We need to secure Cisco IPT setup, Please advise to security for 

-cisco cucm 11.x

-cisco unity 11.x

-cisco Presence 11.x

-cisco auto attendant 

- Sip voice gateway from call hacking 

 

Thanks

4 REPLIES 4
Mohammed al Baqari
VIP Advisor

Start with SRND. This should be good start
Dennis Mink
Advisor

A quick one can be to put a CSS on a SIP trunk for incoming calls to only allow calls to onnet partitions, so as not to allow offnet>>ofnet calls.

 

do the same on your VCS trunk if you have it, because VCS;s are even more prone to attacks

Please remember to rate useful posts, by clicking on the stars below.

Leonardo Tadeu
Collaborator

Hello,

 

Take look here, there is a lot of information:

 

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Collaboration/enterprise/11x/116/collbcvd/security.html#pgfId-1079752

 

Regards

 

Leonardo Santana

mikeleebrla
Beginner

In addition to the suggestions mentioned by others, make sure that your SIP gateway only allows connections from trusted IPs (generally this would be your CUCM servers, and your ITSP's IPs.

 

This is done by the following commands:

voice service voip
 ip address trusted list
  ipv4 172.30.X.X
  ipv4 99.30.X.X

 

Also make sure that the Calling Search Space that your Unity voice mail ports use don't have access to the PSTN. Doing so prevents an attacker from accessing a user's weak voicemail PIN to access their voicemail box, and then changing their transfer rules to forward all calls do that number to an internatioinal number.  Unity *might* need access to the PSTN depending on your setup, but it's rare and usually not needed.

Content for Community-Ad

Spotlight Awards 2021