06-01-2013 07:53 AM - edited 03-16-2019 05:39 PM
Hello to everyone,
I have a customer who has a Cisco UCM7 and I would like to secure from internal and external vulnerabilities. I have already closed sip and skinny ports but I would like to know how can someone makes calls and compromise the system without make register? How can I be sure that system is secure?
Thank you very much!
06-01-2013 08:17 AM
Hi George,
I strongly recommend you read the following book by Akhil Behl:
Securing Cisco IP Telephony Networks
http://www.amazon.com/dp/1587142953
This book's coverage is both wide and deep making sure that a clear picture is formed on all aspects. This ensures that nothing is overlooked, enabling this book to be the definitive reference for Cisco IP Telephony Security
Also,
If you need to make sure you endpoints are secure I recomend you have a look at PhoneView from UnifiedFX.
Thanks
Stephen Welsh
CTO
06-01-2013 08:25 AM
Hi Geroge,
In addition to what Mr. Stephen has said, u can also refer the POST by Mr. Akhil Behl
regds,
aman
06-01-2013 11:55 PM
Thank you very much all.
I will take a look in these links.
06-02-2013 01:40 AM
After carefully consideration, I would like to know how can I implement these steps below:
Voice System Security
1. DISA port access (using inbound 0800 numbers) on the PBX will be protected by a secure password.
2. The maintenance port on the PBX will be protected with a secure password.
3. The default DISA and maintenance passwords on the PBX will be changed to user defined passwords.
4. Call accounting will be used to monitor access to the maintenance port, DISA ports and abnormal call patterns.
5. DISA ports will be turned off during non working hours.
6. Internal and external call forwarding privileges will be separated, to prevent inbound calls being forwarded to an outside line.
7. The operator will endeavour to ensure that an outside call is not transferred to an outside line.
8 Use will be made of multilevel passwords and access authentication where available on the PBX.
9. Voice mail accounts will use a password with a minimum length of six digits.
10. The voice mail password should never match the last six digits of the phone number.
11. The caller to a voice mail account will be locked out after three attempts at password validation.
12. Dialling calling party pays numbers will be prevented.
13. Telephone bills will be checked carefully to identify any misuse of the telephone system.
In which leves can I put passwords and how? (I mean user authentication during the registration process in Ephone-DN-s, Ephones, Call restrictions, someone need to give a password before to make a call. etc.)
Thank you very much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide