Solved: Secure or limit access to TFTP Server on CUCM

Victor_Gonzalez · ‎04-22-2013

Hello

I want to know if there is a way to limit access to the TFTP server of the CUCM or apply security to deliver the files that the ip phones needs but only

to the ip phones or CIPC not to other type of device such as a computer.

Im asking this because a security network scan tool detected the following files from the TFTP on the CUCM :

gkdefault.cfg

RINGLIST.DAT

SEPDefault.cnf

SIPDefault.cnf

XMLDefault.cnf.xml

i will appreciate your recommendations

Regards!

Jaime Valencia · ‎04-22-2013

No way to limit TFTP access on the server itself, you can even download phone config files to your computer.

You would need to either use ACLs on your network, or if you want security on CUCM (authentication/encryption) enable that on CUCM.

You may follow the CUCM security guide for such task.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

Jaime Valencia · ‎04-22-2013

No way to limit TFTP access on the server itself, you can even download phone config files to your computer.

You would need to either use ACLs on your network, or if you want security on CUCM (authentication/encryption) enable that on CUCM.

You may follow the CUCM security guide for such task.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

Victor_Gonzalez · ‎04-22-2013

Hi Jaime V.

So, if i decide to implement security on CUCM, this will accomplish what i mentioned before? or either way i need to apply an ACL

The quickest way to do it would be using an ACL as you mentioned. I have a doubt about this, im pretending apply the ACL to permit tftp access only from the Voice Segments and deny the data segments but if i do this, it would be affected the CIPC's also, that utilize the data segment or am i wrong?

Regards