cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
585
Views
0
Helpful
4
Replies

Securing Cisco Unified Communication Manager

George Taxidis
Level 1
Level 1

Hello to everyone,

I have a customer who has a Cisco UCM7 and I would like to secure from internal and external vulnerabilities. I have already closed sip and skinny ports but I would like to know how can someone makes calls and compromise the system without make register? How can I be sure that system is secure?

Thank you very much!

4 Replies 4

Stephen Welsh
Level 4
Level 4

Hi George,

I strongly recommend you read the following book by Akhil Behl:

Securing Cisco IP Telephony Networks

http://www.amazon.com/dp/1587142953

This book's coverage is both wide and deep making sure that a clear picture is formed on all aspects. This ensures that nothing is overlooked, enabling this book to be the definitive reference for Cisco IP Telephony Security

Also,

If you need to make sure you endpoints are secure I recomend you have a look at PhoneView from UnifiedFX.

Thanks

Stephen Welsh

CTO

http://www.unifiedfx.com

George Taxidis
Level 1
Level 1

Thank you very much all.

I will take a look in these links.

George Taxidis
Level 1
Level 1

After carefully consideration, I would like to know how can I implement these steps below:

Voice System Security

1. DISA port access (using inbound 0800 numbers) on the PBX will be protected by a secure password.

2. The maintenance port on the PBX will be protected with a secure password.

3. The default DISA and maintenance passwords on the PBX will be changed to user defined passwords.

4. Call accounting will be used to monitor access to the maintenance port, DISA ports and abnormal call patterns.

5. DISA ports will be turned off during non working hours.

6. Internal and external call forwarding privileges will be separated, to prevent inbound calls being forwarded to an outside line.

7. The operator will endeavour to ensure that an outside call is not transferred to an outside line.

8 Use will be made of multilevel passwords and access authentication where available on the PBX.

9. Voice mail accounts will use a password with a minimum length of six digits.

10. The voice mail password should never match the last six digits of the phone number.

11. The caller to a voice mail account will be locked out after three attempts at password validation.

12. Dialling calling party pays numbers will be prevented.

13. Telephone bills will be checked carefully to identify any misuse of the telephone system.

In which leves can I put passwords and how? (I mean user authentication during the registration process in Ephone-DN-s, Ephones, Call restrictions, someone need to give a password before to make a call. etc.)

Thank you very much